The Cyber Resilience Act is no longer a distant project. The calendar is now set, and the first deadlines are fast approaching.

2024: Entry into Force

The regulation is officially adopted. Companies must start their Gap Analysis now to identify priority projects.

2026: Mandatory Vulnerability Reporting

From this date, any security incident or exploited vulnerability must be reported to ENISA within 24 hours. This obligation requires robust monitoring tools.

2027: Full Compliance and CE Marking

This is the final deadline. Any digital product placed on the European market must carry the cyber CE marking. Non-compliant products will be banned from sale.

Anticipation is key. A complete compliance process takes an average of 12 to 18 months.