CRA Article 14 — September 2026 Attestation
- ▸Branded CVD submission portal — live and publicly accessible
- ▸Machine-readable security.txt at /.well-known/security.txt
- ▸Published CVD policy (scope, safe-harbour, SLAs, contact)
- ▸48-hour SLA tracking with coordinator assignment and breach alerts
- ▸One-click ENISA Article 14 notification (24h early warning, 72h full notification, 14-day final report)
- ▸Vulnerability Handling Procedure — documented and on file
- ▸Immutable append-only audit log (actor, timestamp, IP, country, action)
- ▸Per-submission communication log with all researcher and stakeholder interactions
- ▸ENISA report export (markdown + JSON payload) and CSAF 2.0 advisory generation
This attestation certifies that Portaregulus has operational CVD infrastructure managed via CVD Portal, satisfying the three artifact groups required under CRA Article 14 and EN 40000-1-3:2024 for the September 11, 2026 enforcement date. CVD Portal provides the public intake channel, SLA-tracked triage workflow, ENISA Article 14 reporting tooling, and immutable audit trail forming the basis of this attestation.
Generated: 5 June 2026 · Reference: CVD-ATTEST-PORTAREGULUS-202606 · Verify: cvdportal.com/verify/portaregulus
This document is generated automatically from live CVD Portal infrastructure data and reflects the organisation's compliance status at the time of generation. It does not constitute legal advice. Retain with technical documentation under CRA Article 23.