European Commission CRA implementation factpage updated, linking to draft Commission guidance consultation relevant to Annex I interpretation

The European Commission updated its official Cyber Resilience Act (CRA) implementation factpage (last update shown as 4 March 2026). The page points stakeholders to a Better Regulation “Have your say” initiative for draft Commission guidance on the CRA. While this does not amend Annex I text, the consultation and resulting guidance may materially affect how manufacturers interpret and operationalise the Annex I essential (baseline) cybersecurity requirements (e.g., evidence expectations for risk assessment, secure-by-default practices, and vulnerability handling processes). Compliance teams should monitor the consultation and be prepared to adjust Annex I conformity arguments and documentation once guidance is finalised.