← All tools
Free Tool

Article 14 Deadline Calculator

Enter the date and time you became aware of an actively exploited vulnerability or severe security incident. Get your exact Article 14 notification deadlines for ENISA reporting.

The clock starts at the moment your organisation becomes aware — not when the reporter submitted.

+24hEarly WarningArt. 14(2)
Fri, 3 Apr 2026, 08:44 UTC
23h 59m remaining

Initial notification to ENISA / national CSIRT. Include: product name, brief description, evidence of exploitation.

+72hFull NotificationArt. 14(3)
Sun, 5 Apr 2026, 08:44 UTC
2d 23h remaining

Full notification with CVSS score, preliminary root cause, remediation timeline, and user notification plan.

+14 daysFinal ReportArt. 14(4)
Thu, 16 Apr 2026, 08:44 UTC
13d 23h remaining

Final report with confirmed root cause, completed mitigation, and lessons learned.

Note: Article 14 applies only when a vulnerability is actively exploited or constitutes a severe security incident. Non-exploited vulnerabilities follow your standard CVD process.

Frequently asked

When does the Article 14 clock start?
The clock starts when your organisation becomes aware of the actively exploited vulnerability or severe security incident — not when the vulnerability was first reported to you by a researcher. Document the exact time you became aware internally.
What counts as 'actively exploited'?
A vulnerability is actively exploited when there is evidence of it being used in real attacks — threat intelligence reports, customer incident reports, honeypot detections, or exploit code observed in the wild. Proof-of-concept code alone does not typically qualify.
What if I miss a deadline?
Notify ENISA as soon as possible and document why the delay occurred. The CRA does not specify per-incident penalties, but persistent non-compliance can lead to market surveillance action.
Do I notify ENISA directly?
Notifications go to ENISA via the Single Reporting Platform (SRP), or to your national CSIRT. CVD Portal's Enterprise plan automates Article 14 submissions.

Ready to automate your CVD programme?

CVD Portal integrates all these tools and handles your Article 13 and 14 obligations automatically.

Start your free portal →