Free Download

Cyber Resilience Act (CRA) Compliance Checklist

Complete checklist for CRA (EU 2024/2847) compliance covering security by design, vulnerability handling, SBOM management, and CE marking for digital products.

Essential for IoT manufacturers and software companies. Covers all requirements effective September 2026 including software bill of materials, security updates, and ENISA incident reporting.

Actionable checklist — not just theory

Used by compliance teams across Europe

PDF format — print or share with your team

Completely free, no credit card needed

Get Your Free Checklist

No credit card required. Instant download.

By downloading, you agree to receive the checklist and optional compliance updates. Unsubscribe anytime.

What's Inside

Everything you need to assess, plan, and execute your compliance journey.

Product Security Assessment — evaluate your digital product against CRA essential requirements

Security by Design Requirements — embed security from the earliest development stages

Vulnerability Handling Process — structured workflow for identifying, reporting, and patching vulnerabilities

SBOM (Software Bill of Materials) Creation — document all software components and dependencies

Security Update and Patch Management — ensure timely delivery of security updates throughout product lifecycle

CE Marking and Conformity Assessment — self-assessment and third-party certification pathways

ENISA Incident Reporting (24h/72h) — mandatory notification timelines and content requirements

Market Surveillance Obligations — ongoing compliance monitoring and authority cooperation

Technical Documentation for Digital Products — complete documentation requirements per CRA annexes

Supply Chain Security Requirements — manage upstream and downstream security dependencies

Trusted by 50+ European financial institutions

CRANIS2ISO 27001GDPR

Frequently Asked Questions

Is this CRA checklist really free?

Yes, completely free. No credit card required, no hidden fees. We created this checklist to help product teams and security engineers navigate the Cyber Resilience Act. You'll receive the PDF instantly after entering your email.

When does the Cyber Resilience Act take effect?

The CRA (EU 2024/2847) was published in November 2024. Manufacturers must comply with reporting obligations by September 2026, and full compliance including conformity assessment is required by December 2027. This checklist covers all phases.

Does this checklist cover SBOM requirements?

Yes. The checklist includes detailed guidance on creating and maintaining a Software Bill of Materials (SBOM), including component identification, dependency tracking, and the machine-readable format requirements specified in the CRA.

Will you spam me after downloading?

No. You'll receive the checklist download link and optionally our compliance newsletter with practical CRA and product security updates. You can unsubscribe with one click at any time.

Get started

Ready to automate your compliance?

The checklist is just the beginning. Matproof automates evidence collection, policy generation, and continuous monitoring — so you can focus on your business.

Start free trial View pricing