Skip to content
CRA Direct
  • CRA Mandate
  • Compliance Solutions
  • CRA News
  • EN
    Français English
Free Demo →
FR EN
CRA Mandate Compliance Solutions CRA News
Free Demo →
Terms of Use

Terms of Use

Contractual framework for CRA-Direct.fr on-premises platform services

Last updated: March 31, 2026

Contents

  • 1. Legal Notice
  • 2. Object & Enforceability
  • 3. Access & Account
  • 4. Services & Modules
  • 5. Financial Terms
  • 6. Intellectual Property
  • 7. Obligations
  • 8. Liability & Disclaimer
  • 9. Term & Termination
  • 10. Governing Law

These Terms and Conditions of Use and Sale govern all contractual relations between CRA Direct and its professional clients in connection with access to the Cyber Resilience Act compliance modules.

1. Legal Notice

Under Article 6 of French Law No. 2004-575 of 21 June 2004 for confidence in the digital economy (LCEN):

  • Publisher: The Platform is published by CRA Direct, a French SAS in the process of registration with the Paris Trade and Companies Register (RCS), having its registered office in France. Email: contact@cra-direct.fr.
  • Director of Publication: The CEO of CRA Direct (contact via the Publisher's email).
  • Hosting: The Platform is hosted within the European Union by OVH SAS, 2 rue Kellermann, 59100 Roubaix, France.

2. Object and Enforceability

These General Terms and Conditions (the "Terms") govern all access to and use of the Platform at https://cra-direct.fr by a professional client ("Client"). Access and subscription imply full and unconditional acceptance of these Terms. CRA Direct reserves the right to modify these Terms at any time; the applicable version is that in effect on the subscription or renewal date.

3. Access to Services and Account Creation

Services are exclusively intended for professionals (B2B). Access requires prior online account creation. The Client agrees to provide accurate, complete, and up-to-date identification information. Login credentials are strictly personal and confidential. The Client is solely responsible for any use of the Platform made under their credentials. In case of loss, theft, or fraudulent use, the Client must immediately notify CRA Direct at contact@cra-direct.fr.

4. Services and Platform Modules

CRA Direct provides an integrated on-premises or private cloud software suite designed to support manufacturers, importers, and distributors in their compliance with the EU Cyber Resilience Act (CRA):

  • CRA Direct Assess: Regulatory maturity assessment module including economic operator role mapping, product classification (standard, important class I or II, or critical), gap analysis against Annex I essential requirements, Annex VII technical documentation verification, and draft EU Declaration of Conformity generation.
  • CRA Direct Operate: Operational module providing continuous SBOM ingestion, CVE vulnerability monitoring, automated and manual VEX triage, support for mandatory 24-hour serious incident reporting, and audit trail compilation required by national supervisory authorities.

5. Financial Terms and Payment

A. Pricing

Subscription and diagnostic fees are listed on the site in Euros, excluding tax (HT). They will be increased by the applicable French VAT (currently 20%) at the time of invoicing.

B. Payment Terms

Payment is by credit card, SEPA direct debit, or bank transfer. Subscriptions are invoiced and payable in advance (monthly or annually).

C. Late Payment

Any late payment will automatically trigger: (i) late penalties at three times the French statutory interest rate, (ii) a fixed recovery indemnity of €40 HT, and (iii) CRA Direct's right to suspend Platform access after a 10-day email notice.

6. Intellectual Property

A. Platform Ownership

CRA Direct retains exclusive ownership of all intellectual property rights in the Platform, including source code, graphic design, trademarks, logos, regulatory diagnostic databases, triage algorithms, and explanatory texts. The Client receives a personal, temporary, non-exclusive, non-transferable right to use the Platform services for the subscription duration.

B. Client Data Ownership

The Client retains full and exclusive ownership of all data, SBOMs, documents, and information uploaded or generated in their workspace. The Client grants CRA Direct a limited license to host, process, and reproduce this data solely to the extent necessary for performing the Platform services.

7. Obligations of the Parties

A. Client Obligations

The Client agrees to use the Platform in accordance with applicable regulations and these Terms, including: not uploading counterfeit or malicious data, providing authentic SBOMs and accurate information, and not attempting to compromise Platform security.

B. CRA Direct Obligations

CRA Direct undertakes to exercise all due care in providing high-quality services under a best-efforts obligation (moyens). We implement industry-leading security standards with a target availability of 99.9% per year, excluding scheduled maintenance.

8. Non-Legal Advice Clause and Limitation of Liability

IMPORTANT — REGULATORY WARNING AND NON-ADVICE CLAUSE: CRA Direct provides software tools for self-assessment, SBOM management, and administrative preparation of incident report forms. Under no circumstances do the content, diagnostics, compliance scores, exported reports, or alerts produced by CRA Direct constitute legal advice, attorney consultation, or definitive regulatory compliance certification. The Client remains solely legally responsible for final validation of technical documentation, CE marking, and the accuracy and timely submission of vulnerability reports to ENISA and national CSIRTs within the 24-hour legal deadline.

CRA Direct shall not be liable for: damages resulting from inaccurate information entered by the Client, internet network interruptions, or indirect damages (loss of revenue, customers, goodwill, or administrative fines). Liability cap: Any indemnity shall not exceed the total amounts paid by the Client in the 12 months preceding the event giving rise to the dispute.

9. Term, Termination, and Data Reversibility

A. Term

The contract is for the duration chosen by the Client (monthly or annually), automatically renewed unless notice of termination is given by either party.

B. Termination for Convenience

Monthly subscriptions: at least 15 days before renewal. Annual subscriptions: at least 30 days before the annual renewal date.

C. Termination for Breach

In case of serious or repeated breach (notably non-payment or intellectual property infringement), CRA Direct may terminate the contract 15 days after an unsuccessful email notice.

D. Data Reversibility

Within 30 days following the termination effective date, the Client may export all data (SBOMs, diagnostic history) in standard structured formats (JSON, CSV, SPDX). After 30 days, CRA Direct will permanently delete all Client data from production servers.

10. Governing Law and Jurisdiction

These Terms are governed by French law. EXCLUSIVE JURISDICTION: Any dispute arising between CRA Direct and a professional client relating to the formation, interpretation, performance, or termination of this contract shall be submitted to the exclusive jurisdiction of the Paris Commercial Court (Tribunal de Commerce de Paris), notwithstanding multiple defendants or third-party claims.

CRA Direct

The CRA compliance control room for manufacturers preparing for the Cyber Resilience Act. Scope assessment, Annex I controls, technical documentation, SBOM evidence, Article 14 workflows, human review, and audit trails — deployable on your own infrastructure.

On-Premises & Private Cloud Deployment

Navigation

  • CRA Mandate
  • Compliance Solutions
  • CRA News
  • Capabilities
  • Regulatory FAQ
  • Contact

Resources

  • Portail officiel CRA UE ↗
  • ENISA ↗
  • CNIL ↗
  • CRA News

© 2026 CRA-Direct.fr. All rights reserved. — 100% data sovereignty for your compliance evidence.

Privacy Policy Terms of Use Cookies

We use cookies to optimize your experience and analyze traffic securely, in accordance with GDPR. See our Cookie Policy.