Description: A massive legislative shift. As of September 2026, manufacturers are legally required to report actively exploited vulnerabilities to ENISA within 24 hours of discovery.
Subcategory: Global Regulation
License: public-domain
URL: EU Cyber Resilience Act (CRA)
