CRA ARTICLE 14 PREPARATION

From awareness time to a structured reporting evidence pack.

Prepare, review and preserve the information needed for actively exploited vulnerability and severe security incident reporting—without pretending that software replaces legal judgement or official submission.

Demo uses fictional data and produces watermarked sample exports.

Early warning24 hours
Notification72 hours
Vulnerability final report14 days after measure
Incident final report1 month after notification
WORKFLOW

One controlled workspace, five outputs

01

Intake

Capture product, manufacturer, awareness time, affected markets, technical facts and mitigation.

02

Validate

Identify missing preparation fields and calculate statutory preparation clocks from confirmed timestamps.

03

Review

Record reviewer identity, decision, notes and approval time before releasing a clean pack.

04

Evidence

Attach supporting files, calculate SHA-256 hashes and maintain an immutable-looking audit trail.

05

Export

Generate PDF, DOCX, JSON, CSV and a ZIP evidence pack with a cryptographic manifest.

DESIGNED FOR

Manufacturers, PSIRTs, product-security teams and CRA advisers.

  • Actively exploited vulnerability preparation
  • Severe product-security incident preparation
  • Multi-format internal and adviser review
  • Self-hosted deployment and controlled evidence storage