Responsiveness is the new legal standard. The CRA requires manufacturers to notify ENISA of any exploited vulnerability within 24 hours of detection.

An Unprecedented Deadline

This extremely short timeframe leaves no room for improvisation. Your company must have pre-established communication channels and a team ready to act at all times.

Automate to Avoid Failure

Detection and triage of vulnerabilities must be automated to allow rapid submission of reports that meet ENISA requirements. Delay can lead to fines of up to €10M.

24h reporting is the major operational challenge of the CRA. Don't risk a fine for late notification.