A date-backed watchlist for software builders, AI-assisted product teams, connected-product makers, platform operators, and regulated-sector vendors.
Distance contracts concluded through websites or apps where EU consumers have a statutory withdrawal right.
Design a clear withdrawal function, confirmation step, durable acknowledgement, and support records before launch.
Products with digital elements where actively exploited vulnerabilities or severe incidents may need reporting.
Set up vulnerability intake, severity triage, exploitation checks, incident ownership, and durable evidence records.
Software, AI, updates, or connected-product components placed on the EU market or put into service after the cutover.
Document release decisions, update behavior, defect handling, dependency provenance, and post-market security fixes.
Commercial software, hardware, components, and products with digital elements made available on the EU market.
Turn secure-by-design, support-period disclosure, technical documentation, vulnerability handling, and CE evidence into release gates.
Manufacturers and product teams depending on notified bodies for CRA conformity assessment.
Map whether your product category needs self-assessment, third-party assessment, or deeper legal review.
Connected-product data, user data access, third-party data sharing, and data-processing service switching.
Review product data architecture, export/access paths, contract terms, switching support, and user-facing data flows.
Covered financial-in-nature products with notification events involving customer information.
Make incident detection, customer-information scoping, FTC notice timing, and evidence retention explicit in the security program.
Consumer smart devices, connected hardware, and related apps sold into the UK.
Check default credentials, vulnerability reporting, security update transparency, and supply-chain role duties.
Hosting, marketplace, app store, social, search, and other user-content or intermediary services serving EU users.
Check notice-and-action, moderation transparency, complaint handling, trader traceability, and advertising transparency.