Is your company exposed under the EU Cyber Resilience Act?
Run a free scan to see whether your domain meets Article 13 baseline disclosure requirements. Results in 5 seconds. No signup.
Probes /.well-known/security.txt + 5 CVD policy paths. No data is shared with third parties. Up to 5 scans per hour.
Two checks. RFC 9116 plus the CRA disclosure expectation.
/.well-known/security.txt
We fetch the file and parse it for an RFC 9116 Contact field and a non-expired Expires field. A working security.txt is the public signal that researchers and CSIRTs use to report vulnerabilities to you.
Discoverable CVD policy
We follow the Policy field in your security.txt, then probe five common policy paths (security, disclosure, vulnerability-disclosure-policy, etc.). EU CRA Article 13 expects buyers and researchers to be able to find this.
Compliance is the new sales multiplier.
Companies that demonstrate CRA compliance win bigger deals and shorter procurement cycles. Companies without it lose access to the EU market.
- Win more EU enterprise RFPs.
CVD policy plus security.txt is now a checkbox on every serious procurement questionnaire. Show it before the buyer asks.
- Shorten your security review cycle.
A one-line link to your published CVD process replaces a 40-question vendor security questionnaire round-trip.
- Justify a price premium.
Verifiable CRA compliance signals operational maturity, the same way SOC 2 did for the US market a decade ago.
- Stay on the shelf.
Non-compliant products can be ordered withdrawn from EU sale by national market surveillance authorities under Article 47. Compliance is the price of continued market access.
- Sell CRA-readiness as a service.
White-label CVD Portal under your brand and bill recurring compliance fees.
- De-risk your client portfolio.
Every connected-product client you ship needs this by September 2026. Clients caught flat-footed face product withdrawal under Article 47 from December 2027.
- Stop losing deals to compliance gaps.
A scanned, badged, and documented portal closes the procurement loop your prospect cannot close on their own.
“Organisations increasingly recognise that software development nowadays requires an active, positive response to vulnerability reports, which strengthens security and is becoming a strong selling point when handled properly.”