Article 14 of the Cyber Resilience Act (CRA) imposes stringent reporting obligations on manufacturers concerning actively exploited vulnerabilities and severe security incidents. Compliance requires rapid identification, assessment, and notification to relevant national authorities and ENISA. The CVD Portal provides dedicated workflows specifically designed to automate and manage the demanding requirements of Article 14.
The portal includes automated triggers that escalate vulnerabilities identified as 'actively exploited' directly into the Article 14 workflow. This initiates aggressive, specialized SLA timers, ensuring that the mandatory 24-hour "early warning" and 72-hour comprehensive notifications are prepared and dispatched on time. The workflow includes pre-formatted templates aligned with ENISA reporting standards, guiding your compliance officers through the necessary data collection and submission processes.
Failure to comply with Article 14 reporting timelines can result in significant regulatory penalties. The portal's robust tracking and automated escalation mechanisms significantly reduce this risk, providing a structured, auditable path for handling the most critical security incidents and ensuring full transparency with European cybersecurity authorities.