Countdown

EU Cyber Resilience Act — Full Application

Saturday, December 11, 2027 · 549 days away

Europe Regulatoryscheduled

Countdown

552

Days

Hours

Min

Sec

Reminders

Discord

Event overview

Full application of the EU Cyber Resilience Act; mandatory cybersecurity requirements for products with digital elements; fines up to €15M or 2.5% of global turnover.

Date: 2027-12-11
Country / jurisdiction: EU
Region: Europe
Category: Regulatory
Status: scheduled

Confirmation checklist

Before you act on this countdown

Use the timer for orientation, then run through these checks before booking, publishing, buying tickets, scheduling alerts, or moving operations around this date.

Date signal

The date is suitable for countdown use, with the source still owning late changes.

Local time

No reliable start time is attached yet, so this page stays date-first instead of implying midnight.

Calendar action

Add it to a calendar after checking the source for time, venue, or access changes.

Next useful path

Use Regulatory, 2027, or Europe paths below to compare related countdowns before deciding what to watch next.

Source trail

Source trail for EU Cyber Resilience Act — Full Application

Verify source

Primary source

digital-strategy.ec.europa.eu

Last reviewed

2026-04-30

Tracker status

scheduled

Date precision

Single-date event without a reliable public start time; date-first countdown only.

Schema posture

Event structured data is emitted because the record is single-date and scheduled or confirmed.

This is an expected date. Use reminders and monitoring, but verify the source before making travel, purchase, publication, or staffing decisions.

Primary citation

The current date signal points to digital-strategy.ec.europa.eu. The source URL is shown visibly on the page so readers can verify late changes instead of relying only on the timer.

Freshness and review

Source policy was reviewed on 2026-04-30. Live countdown values are render-time snapshots; editorial source fields update when the tracked event dataset changes.

Operational detail

The record does not carry a reliable public start time yet, so the page avoids implying a midnight or all-day start.

Weak-date handling

The page can support calendar actions and Event schema, while still telling readers to check the source for operational changes.

What this countdown tracks

The clock above counts down to the full application date of the EU Cyber Resilience Act (CRA) on Saturday, December 11, 2027. From this date, mandatory cybersecurity essential requirements, conformity-assessment obligations, and incident-reporting duties bind manufacturers, importers, and distributors of products with digital elements placed on the EU market — with fines up to €15 million or 2.5% of worldwide turnover.

About this regulation

The Cyber Resilience Act, formally Regulation (EU) 2024/2847, was adopted on 23 October 2024 and entered into force on 11 December 2024. Its full application begins three years later — December 11, 2027 — except for incident-reporting duties (which kick in earlier, on 11 September 2026) and a few specific provisions. The regulation covers any product with digital elements (PDE) — hardware or software — that connects directly or indirectly to a device or network.

The CRA establishes essential cybersecurity requirements across the product lifecycle: secure-by-design and secure-by-default development, vulnerability handling, automatic security updates by default, and a 24-month minimum security-update support period (with sectoral exceptions). For "important" and "critical" PDE classes, third-party conformity assessment is required. Manufacturers must produce a CE mark indicating conformity. The European Commission's CRA Expert Group, ENISA, and CEN/CENELEC are operationalizing technical standards under the Joint Technical Specification process.

What changes

From December 11, 2027:

All in-scope products require CE marking with cybersecurity assessment.
Manufacturers must publish a Software Bill of Materials (SBOM) covering top-level dependencies.
Free and open-source software stewards face new obligations under the open-source-steward category.
Mandatory disclosure to ENISA and the relevant CSIRT within 24 hours of awareness for actively-exploited vulnerabilities.
Market-surveillance authorities can order recalls or withdrawals.

Past milestones

December 11, 2024: CRA enters into force after Council adoption.
October 2024: Council formally adopts the regulation after EP vote.
March 2024: European Parliament adopts the trilogue text in plenary.
November 2023: Trilogue political agreement on open-source carve-out.
September 2022: Commission publishes the original CRA proposal.

How to follow

Official text and guidance publish at digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act and on the ENISA website (enisa.europa.eu). Implementing acts are tracked via the EUR-Lex CRA portal. Industry coverage from Politico Pro, MLex, Euractiv, and the Linux Foundation's CRA dashboard.

Pair this with peer EU regulatory pages: EU AI Act enforcement 2026, EU AI Act phase 2 2027, EU Pay Transparency 2026, EU Data Act design obligations 2026, EU EUDR application 2026, and EU MiCA transitional period end 2026.

FAQ

When does the CRA become fully applicable? December 11, 2027. Where does it apply? Any product with digital elements placed on the EU single market, regardless of where the manufacturer is established. Why does the CRA matter? It is the first horizontal cybersecurity law for connected products globally and sets a de facto worldwide standard via the "Brussels effect." What about open-source software? The CRA includes carve-outs for non-commercial open-source software; commercial OSS faces tailored obligations through the open-source-steward category.

Date confidence

Scheduled date

EU Cyber Resilience Act — Full Application is tracked as a scheduled event. The date is suitable for countdown and calendar use, while final logistics should still be checked against the linked source.

Source

https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act

Source host: digital-strategy.ec.europa.eu
Date precision: Single scheduled date from the linked source
Schema posture: Event startDate emitted because the record is single-date and scheduled/confirmed
Planning boundary: Use as a monitoring aid until the source trail is stronger

Structured data posture

This page emits Event structured data because the tracked record has a single scheduled or confirmed date. The linked source remains the final reference for time, venue, and operational changes.

Countdown evidence

Retention class

Date-first scheduled countdown

Evidence score

5/10 record signals

City-page readiness

Held to date-first

Evidence score5/10 signals present: primary source URL; tracked date; schema-safe date; place context; related event cluster
Date and schemaSchema-safe single date: Single-date event without a reliable public start time; date-first countdown only. Event structured data is emitted because the record is single-date and scheduled or confirmed.
Local-time readinessDate-first only: The record is not used as a city-local event page until it has a reliable time, timezone, and non-windowed date.
Record completeness1 concrete fields: country EU
Weak-field watchlist4 fields to improve: verified public start time; venue; manual official-source note; historical sequence
Source freshnessdigital-strategy.ec.europa.eu; reviewed 2026-04-30: Related crawl path: Italian General Election 2027, G20 UK Leaders' Summit 2027, EU CSRD Wave 2 — First Sustainability Reports, EU ETS 2 Launch (Buildings & Transport Carbon Pricing).

Planning notes

How to use this EU Cyber Resilience Act — Full Application countdown

Countdown pages are useful when they are honest about what is known, what is merely expected, and what still needs checking. This page keeps the live timer separate from the source confidence and structured-data posture.

Date confidence

EU Cyber Resilience Act — Full Application is tracked as scheduled for Saturday, December 11, 2027; the countdown can support reminders while final logistics still belong to digital-strategy.ec.europa.eu. The page can emit precise Event structured data because the tracked record has a single scheduled or confirmed date.

What could change

Watch for date shifts, venue or access updates, broadcast windows, registration rules, and source corrections. The current precision is: Single-date event without a reliable public start time; date-first countdown only..

Local-time usefulness

No reliable source start time is attached yet, so the page stays date-first and avoids implying a midnight start. 549 days remain at render time.

Category context

EU Cyber Resilience Act — Full Application sits in Regulatory with country EU. Related countdown links should help users compare similar events, not create unverified event-city pages.

Catalog-specific details

No creator, platform, league, brand, fixture, family, or alternate-name detail is attached to this event record.

Series and expectation notes

No series history, end date, or what-to-expect field is attached.

Priority note

This page is kept specific through source confidence, category, region, date precision, and update notes rather than generic countdown filler.

Verification trail

source URL https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act. trust checks: Source host: digital-strategy.ec.europa.eu, Date precision: Single scheduled date from the linked source, Schema posture: Event startDate emitted because the record is single-date and scheduled/confirmed, and Planning boundary: Use as a monitoring aid until the source trail is stronger. no manual editorial context is attached yet.

Record completeness

present fields: country EU. missing or weak fields: verified public start time, venue, manual official-source note, and historical sequence

Related crawl path

Nearby retained events: Italian General Election 2027, G20 UK Leaders' Summit 2027, EU CSRD Wave 2 — First Sustainability Reports, EU ETS 2 Launch (Buildings & Transport Carbon Pricing), and UK National Archives Cabinet Papers Release (1997/98). These links should support topical discovery without creating unverified event-city pages.

Review boundary: this page tracks the public date signal, source link, category, region, and calendar posture. It does not replace official ticketing, exchange, broadcaster, organizer, court, regulator, or government notices.

Source reviewed Apr 30, 2026. The countdown record is intentionally labeled as scheduled or expected; use the source link and any range notes before treating the date as final.

Live values rendered at Jun 6, 5:46 AM UTC.

Related planning pages

Countdown hubAll currently tracked countdowns.Regulatory countdownsRelated events in this category.2027 countdownsEvents tracked for the same calendar year.Europe countdownsRegion-specific countdown pages.SourcesHow we cite and review date sources.Speculative datesHow expected and windowed dates are labeled.

Related countdowns

Explore nearby events

Europeregulatory

EU CSRD Wave 2 — First Sustainability Reports

Saturday, January 1, 2028570 days away

Europeregulatory

EU ETS 2 Launch (Buildings & Transport Carbon Pricing)

Saturday, January 1, 2028570 days away

Europeelection

Italian General Election 2027

Wednesday, December 22, 2027560 days away

Europepolitical

G20 UK Leaders' Summit 2027

Saturday, November 20, 2027528 days away

Indiaelection

Gujarat Legislative Assembly Election 2027

Wednesday, December 8, 2027546 days away

Globalrelease-movie

Avengers: Secret Wars — Theatrical Release

Friday, December 17, 2027555 days away

Date signal

The date is suitable for countdown use, with the source still owning late changes.

Local time

No reliable start time is attached yet, so this page stays date-first instead of implying midnight.

Calendar action

Add it to a calendar after checking the source for time, venue, or access changes.

Next useful path

Use Regulatory, 2027, or Europe paths below to compare related countdowns before deciding what to watch next.

What this countdown tracks

About this regulation

What changes

From December 11, 2027:

All in-scope products require CE marking with cybersecurity assessment.

Manufacturers must publish a Software Bill of Materials (SBOM) covering top-level dependencies.

Free and open-source software stewards face new obligations under the open-source-steward category.

Mandatory disclosure to ENISA and the relevant CSIRT within 24 hours of awareness for actively-exploited vulnerabilities.

Market-surveillance authorities can order recalls or withdrawals.

Past milestones

December 11, 2024: CRA enters into force after Council adoption.

October 2024: Council formally adopts the regulation after EP vote.

March 2024: European Parliament adopts the trilogue text in plenary.

November 2023: Trilogue political agreement on open-source carve-out.

September 2022: Commission publishes the original CRA proposal.

FAQ

How to use this EU Cyber Resilience Act — Full Application countdown

Date confidence

What could change

Local-time usefulness

No reliable source start time is attached yet, so the page stays date-first and avoids implying a midnight start. 549 days remain at render time.

Category context

EU Cyber Resilience Act — Full Application sits in Regulatory with country EU. Related countdown links should help users compare similar events, not create unverified event-city pages.

Catalog-specific details

No creator, platform, league, brand, fixture, family, or alternate-name detail is attached to this event record.

Series and expectation notes

No series history, end date, or what-to-expect field is attached.

Priority note

This page is kept specific through source confidence, category, region, date precision, and update notes rather than generic countdown filler.

Verification trail

Record completeness

present fields: country EU. missing or weak fields: verified public start time, venue, manual official-source note, and historical sequence

EU Cyber Resilience Act — Full Application

Before you act on this countdown

Date signal

Local time

Calendar action

Next useful path

Source trail for EU Cyber Resilience Act — Full Application

What this countdown tracks

About this regulation

What changes

Past milestones

How to follow

Related countdowns

FAQ

Scheduled date

How to use this EU Cyber Resilience Act — Full Application countdown

Date confidence

What could change

Local-time usefulness

Category context

Catalog-specific details

Series and expectation notes

Priority note

Verification trail

Record completeness

Related crawl path

Explore nearby events

Never miss a launch, finale, or eclipse.

EU Cyber Resilience Act — Full Application

Before you act on this countdown

Date signal

Local time

Calendar action

Next useful path

Source trail for EU Cyber Resilience Act — Full Application

What this countdown tracks

About this regulation

What changes

Past milestones

How to follow

Related countdowns

FAQ

Scheduled date

How to use this EU Cyber Resilience Act — Full Application countdown

Date confidence

What could change

Local-time usefulness

Category context

Catalog-specific details

Series and expectation notes

Priority note

Verification trail

Record completeness

Related crawl path

Explore nearby events