This document is under active development and has not been finalised.
CRA Compliance

English

Deutsch
简体中文

English

Deutsch
简体中文

Appearance

Appendix: Forms & Templates

Overview

This appendix contains ready-to-use templates for the regulatory obligations under the CRA. The templates cover three areas:

  1. ENISA Reporting Obligations (Art. 14 CRA) -- Time-bound notifications to ENISA / CSIRT
  2. Incident Documentation -- Internal and external Incident Reports
  3. Compliance Documentation -- Risk Assessment, Declaration of Conformity, Product Security Information

APPLICATION NOTE

All templates must be completed on a product-specific basis. Placeholders in square brackets [...] shall be replaced with the actual values. Completed templates are archived in the respective incident ticket or in the product directory (docs/products/<product-name>/).

The ENISA notification templates are to be used operationally from 11 September 2026 onwards (-> 5.3 ENISA Reporting Process).

ENISA Notification Templates (Art. 14 CRA)

TemplateDeadlineCRA ReferenceUsage
ENISA Early Warning24 hoursArt. 14(2)(a)Initial notification in case of an actively exploited vulnerability / severe incident
ENISA Notification72 hoursArt. 14(2)(b)Detailed vulnerability notification with technical details
ENISA Final Report14 daysArt. 14(2)(c)Final analysis, Root Cause, Lessons Learned

Incident Templates

TemplateUsageTrigger
Incident Report (Internal)Internal documentation of a security incidentEvery SEV-1 to SEV-4 incident
Vulnerability Report (External)User notification regarding a vulnerabilityArt. 14(8): Without undue delay for ENISA-reportable events

Compliance Templates

TemplateCRA ReferenceUsageFrequency
Risk AssessmentArt. 10(2), Annex VII No. 2Cybersecurity Risk Assessment per productBefore placing on the market + upon substantial changes
EU Declaration of ConformityArt. 28, Annex VFormal Declaration of Conformity per productBefore placing on the market + upon new versions
Product Security InformationAnnex IISecurity information for end usersPer product, updated upon version changes

Templates in the Technical Documentation

In addition to the templates listed here, the 7.1 Product Description (Template) serves as a template for the product-specific technical documentation pursuant to Annex VII CRA.

Documentation licensed under CC BY-NC 4.0 · Code licensed under MIT

© 2026 BAUER GROUP. Commercial use of the documentation is not permitted.

Documentation licensed under CC BY-NC 4.0 · Code licensed under MIT

© 2026 BAUER GROUP. Commercial use of the documentation is not permitted.