CRA FAQ

Security attestations in the CRA are an optional extension that do not exist yet. They may exist in the future, should the European Commission choose to establish them, with a legislative process called a “delegated act”. Until such time, any resemblence with concepts elsewhere by the name of “attestation” is coincidental and should not restrict their future design in the CRA. For example, the “Secure Software Development Attestation” as a concept in the US is unrelated to the CRA.