cc3976fb7f
- Split competitive-analysis-2026-05.org → TOC + 9 competitor files in ideas/competitors/. Dropped date from filename. All competitor UUIDs generated, TOC keeps original UUID for backlink continuity. - Deleted passepartout-economics.org archive (replaced by 27-node KB). - Inlined 5 'See also' blocks into natural prose (compliance-index, first-mover-window, revenue-table, orders-of-magnitude-time, native-org-knowledge-base). - Linked 7 orphan compliance pages back to compliance index + finished truncated sentences. - Linked all 14 Agora requirement docs from topic-relevant pages (identity→lisp-machine-security, infrastructure→compute-marketplace, social-space→growth-strategy, exchange→agora-contracts, etc.). - Linked ai-industry-impact from investment-thesis, sufficiency-flip, verification-appliance, effects-growth-flywheel (up from 1 to 10+ pages). - Fixed CREATED timestamps to use git commit dates instead of today. - Made all links absolute from root (no port inheritance). - Removed stale agora/docs/ duplicate content.
34 lines
1.6 KiB
Org Mode
34 lines
1.6 KiB
Org Mode
:PROPERTIES:
|
|
:ID: ce81fefc-b7a8-4be5-912f-55fd30970b6e
|
|
:ID: auto-cra
|
|
:CREATED: [2026-05-23 Sat]
|
|
:END:
|
|
#+title: CRA (EU Cyber Resilience Act)
|
|
#+filetags: :passepartout:compliance:framework:cra:
|
|
|
|
transaction." First-mover advantage: wallets are being built now; the provider
|
|
that integrates with the wallet standard first locks in the identity gate
|
|
integration.
|
|
|
|
** CRA (Cyber Resilience Act)
|
|
|
|
EU regulation (effective 2025-2027 phased). Mandates cybersecurity requirements
|
|
for products with digital elements (hardware and software). Requires: secure-bydesign, vulnerability handling, security updates for minimum 5 years, SBOM
|
|
(software bill of materials) disclosure, CE marking for cybersecurity.
|
|
|
|
Who must comply: Manufacturers, importers, and distributors of connected products
|
|
sold in the EU. Categories: default (self-declaration), Class I (third-party
|
|
audit), Class II (notified body assessment).
|
|
|
|
Penalties: Up to 15M EUR or 2.5% of global turnover for non-compliance with
|
|
reporting obligations.
|
|
|
|
Why it matters: CRA's CE marking requirement creates a certification pipeline
|
|
that the [[id:84a537b4-4256-50c8-91f5-dd5b4538418f][verification appliance]] can supply. If [[id:28c46769-c14b-42aa-ac7a-69d310157f8f][Passepartout]]'s gate stack is
|
|
itself CRA-compliant (verified by the [[id:45258a2d-1675-562c-9024-5d1eb2f1ea56][evaluation harness]]), it becomes the
|
|
compliance infrastructure for any product built on it. First-mover advantage:
|
|
Class II products require notified body assessment — the bottleneck is notified
|
|
body capacity. The gate stack's automated evidence pipeline bypasses the
|
|
bottleneck.
|
|
|