European Commission updates CRA implementation factpage with timeline milestones and links to secondary acts relevant to operationalizing essential requirements

The European Commission updated its CRA implementation factpage (last update shown: 20 February 2026). The page summarizes staged application milestones that drive readiness planning for Annex I essential requirements (baseline cybersecurity and vulnerability-handling requirements) and points to related secondary measures (including the implementing act on technical descriptions for important/critical product categories and a delegated act related to CSIRT withholding/delayed dissemination via the reporting ecosystem). While this does not amend Annex I text, it is an authoritative implementation update used for compliance program planning (e.g., resourcing, conformity assessment strategy, and reporting preparedness aligned with Annex I obligations).