CRAdarCheck

Art. 14 reporting deadline calculator

From 11 September 2026, an actively exploited vulnerability or severe incident starts a 24-hour clock. Enter when you became aware; get every deadline and a draft for each submission.

Optional: fill in details for the report drafts
Early warning draft (24h)
EARLY WARNING — Art. 14 CRA (submit within 24h of awareness)

Manufacturer: [your company]
Contact: [security contact email]
Product: [product name + version]

We are reporting an actively exploited vulnerability in the product named above.

Initial assessment: [one-paragraph initial assessment]

Member States where the product is made available: [list]
Requesting support: [yes/no]

A full notification will follow within 72 hours as required by Art. 14.
Notification draft (72h)
NOTIFICATION — Art. 14 CRA (submit within 72h of awareness)

Manufacturer: [your company]
Contact: [security contact email]
Product: [product name + version]

General information: [one-paragraph initial assessment]

Nature of the vulnerability (CVE/CWE if assigned): [describe]
Severity and impact: [describe]
Affected versions: [list]
Corrective or mitigating measures taken: [describe]
Corrective or mitigating measures users can take: [describe]
Indicators of compromise (if any): [list]

Deadlines per Art. 14, Regulation (EU) 2024/2847, applicable from 11 September 2026. This is planning guidance, not legal advice — involve counsel for a real incident.