OFFICIAL VULNERABILITY REPORTING TO EU AUTHORITIES FROM: 11 SEPTEMBER 2026 (102 DAYS)

The Cyber Resilience Act explained

From hearsay to a clear, pragmatic software strategy. Join our CRA Survival Challenge — four weeks, one live webinar each week — and become the indispensable CRA expert in the boardroom.

CRA Quickscan START THE 4-WEEK CHALLENGE
450+
450+ IT leaders already went before you.
Einde van het MVP-tijdperk
Our Approach

Our Training Pillars

No theoretical waffle. We translate the European legal text into a rock-solid, pragmatic roadmap for your development and security teams.

01

Security-by-Design

Design demonstrably secure with threat modeling and ship Secure-by-Default — security is no longer an afterthought.

02

Transparency & SBOM

Automate your Software Bill of Materials (CycloneDX/SPDX) directly and transparently in the CI/CD pipeline.

03

24-Hour Reporting Obligation

Set up the process to report actively exploited vulnerabilities to ENISA within 24 hours as an 'Early Warning'.

04

Multi-Year Patch Obligation

Keep software secure free of charge throughout its expected lifetime (guideline: at least 5 years) with VEX-driven vulnerability management.

05

Burden of Proof & CE Marking

Build the mandatory technical file (Docs-as-Code) robustly for the EU Declaration of Conformity and CE marking.

Editorial Guide

The Rumours
Debunked

There is a lot of confusion about looming deadlines and mandatory certifications. We separate the water-cooler myths from the hard facts in the legal text.

01
The Myth

"The CRA only applies to big tech giants and critical infrastructure."

The RealityAlmost every software product offered commercially on the European market — including updates, mobile apps and SaaS with local components — must comply.
02
The Myth

"We have until the end of 2027 to take action."

The RealityThe formal CE marking starts at the end of 2027, but the demanding 24-hour vulnerability reporting obligation already takes effect on 11 September 2026. That is the real deadline.
03
The Myth

"Compliance makes our development team extremely slow and sluggish."

The RealityOnly if you try to fix it manually after the fact. By automating scanners and SBOM exports 'shift-left' in your CI/CD pipeline, your team keeps building at full speed.
Your Trainers

Your Compliance Experts

Our training is delivered by a unique combination of strategic boardroom compliance and hands-on CISO experience.

WJ
CRA Author & Advisor

William Janssen

Strategy & Boardroom Compliance

Author of 'The End of the MVP Era'. Guides boards, CISOs and legal teams in setting up governance, product liability (PLD) and the strategic transition to the MVSP framework.

WT
Co-Trainer & Deal Accelerator

Willem Tibosch (MA)

Fractional CISO, Keynote Speaker & CISO Mentor

Former CISO of OneWelcome (€100M exit) and Thales Director of Risk & Compliance. Specialist in unblocking multimillion-euro contracts by separating compliance theatre from what enterprise buyers really verify.

Ready to get ahead of the CRA?

Test where you stand in two minutes with the free Quickscan, or go deeper with the 4-week Survival Challenge. Every month counts.

CRA Quickscan START THE 4-WEEK CHALLENGE