CRA
The Cyber Resilience Act (CRA) is EU legislation requiring all software products to meet cybersecurity requirements, including vulnerability handling and security documentation.
How it works
The CRA requires software publishers to conduct security assessments, maintain vulnerability disclosure policies, and provide security documentation for 10+ years. The reporting obligations start September 11, 2026, with full compliance required by December 11, 2027.
In WordPress
WP HealthKit's Agency plan includes a CRA Compliance Kit that auto-generates SECURITY.md, a Vulnerability Disclosure Policy, and assessment evidence documentation from your audit results.
WP HealthKit checks for CRA-related vulnerabilities automatically
Run a Free Audit