0a8e77e949
- Moved everything from ideas/passepartout/ to projects/passepartout/ - Moved legal structures to projects/flags/ - Created missing _index.org files for all subdirectories - Stripped redundant passepartout- prefix from filenames - Rewrote root _index.org as generalized brain index (projects + concepts) - Updated Hugo nav to Projects/Concepts - Updated build script section descriptions - Deleted stale ideas/passepartout-economics.md orphan
1.6 KiB
CRA (EU Cyber Resilience Act)
transaction." First-mover advantage: wallets are being built now; the provider that integrates with the wallet standard first locks in the identity gate integration.
CRA (Cyber Resilience Act)
EU regulation (effective 2025-2027 phased). Mandates cybersecurity requirements for products with digital elements (hardware and software). Requires: secure-bydesign, vulnerability handling, security updates for minimum 5 years, SBOM (software bill of materials) disclosure, CE marking for cybersecurity.
Who must comply: Manufacturers, importers, and distributors of connected products sold in the EU. Categories: default (self-declaration), Class I (third-party audit), Class II (notified body assessment).
Penalties: Up to 15M EUR or 2.5% of global turnover for non-compliance with reporting obligations.
Why it matters: CRA's CE marking requirement creates a certification pipeline that the verification appliance can supply. If Passepartout's gate stack is itself CRA-compliant (verified by the evaluation harness), it becomes the compliance infrastructure for any product built on it. First-mover advantage: Class II products require notified body assessment — the bottleneck is notified body capacity. The gate stack's automated evidence pipeline bypasses the bottleneck.