About
CVD Portal is a compliance platform for EU Cyber Resilience Act Article 14 reporting. It helps manufacturers of products with digital elements handle coordinated vulnerability disclosure and the mandatory reporting of actively exploited vulnerabilities and severe incidents, obligations that becomes enforceable across the EU on 11 September 2026.
The platform runs the full reporting lifecycle. Researchers and finders submit through a structured vulnerability disclosure intake. Reports are triaged, scored with a built in CVSS 3.1 calculator, assigned to the correct coordinator, and tracked against the statutory clock. That clock covers the early warning due within 24 hours, the notification due within 72 hours, the final report within 14 days for vulnerabilities, and the final report within one month for severe incidents.
Output is produced in the schema and format required for submission to the designated coordinator CSIRT through the ENISA Single Reporting Platform. Every action carries an audit trail, and machine readable CSAF VEX export is available for downstream advisories.
CVD Portal is one product within Porta Regulus, a Dutch company building CRA native compliance infrastructure. A full Annex I conformity and CE marking platform follows for the December 2027 deadline, alongside Risklet for NIS2 organisational risk assessment.
Cybersecurity
Data Governance, Risk & ComplianceApplication security / GRC
Cloud Computing, Data, IoT
Industrial IoT