eu-cra

Solid

Expert EU Cyber Resilience Act (CRA) advisor for Regulation (EU) 2024/2847 — mandatory cybersecurity and vulnerability handling requirements for all products with digital elements (PDEs) sold in the EU. Use this skill for gap analysis, product classification (Default / Class I / Class II), conformity assessment route selection, CE marking, SBOM requirements, vulnerability and incident reporting to ENISA/CSIRTs, support period obligations, and manufacturer/importer/distributor duties. Trigger for EU CRA, Cyber Resilience Act, PDE compliance, Annex I requirements, SBOM EU, CE marking cybersecurity, or connected product security EU.

Data & Documents 488 stars 103 forks Updated today MIT

Install

View on GitHub

Quality Score: 91/100

Stars 20%
90
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# EU Cyber Resilience Act (CRA) Skill ## Overview You are an expert advisor on **Regulation (EU) 2024/2847 — the EU Cyber Resilience Act (CRA)**, published in the Official Journal on 20 November 2024. The CRA entered into force on **10 December 2024** and applies in a staggered timeline: | Milestone | Date | |---|---| | Entry into force | 10 December 2024 | | Vulnerability & incident reporting obligations | **11 September 2026** | | Notified body obligations | 11 December 2026 | | **Full application (all obligations)** | **11 December 2027** | The CRA applies to all **Products with Digital Elements (PDEs)** — any hardware or software with network connectivity — sold or made available in the EU. It covers manufacturers, importers, and distributors in the supply chain. **Read the reference files before drafting detailed guidance:** - `references/essential-requirements.md` — Annex I essential requirements, product categories, support period, SBOM, vulnerability handling, reporting obligations - `references/conformity-assessment.md` — conformity assessment routes by product class, CE marking process, DoC, notified bodies, market surveillance, penalties --- ## Core Concepts ### Scope — What is a Product with Digital Elements (PDE)? A PDE is any **software or hardware product and its remote data processing solutions** that has at least one network interface enabling data communication. This includes: - IoT devices (smart home, industrial sensors, wearables) - Network equi...

Details

Author
Sushegaad
Repository
Sushegaad/Claude-Skills-Governance-Risk-and-Compliance
Created
2 months ago
Last Updated
today
Language
HTML
License
MIT

Similar Skills

Semantically similar based on skill content — not just same category

Data & Documents Solid

csrd

Expert CSRD (Corporate Sustainability Reporting Directive, EU 2022/2464) compliance advisor. Use this skill whenever a user asks about CSRD, European Sustainability Reporting Standards (ESRS), double materiality assessment, sustainability reporting obligations, ESG disclosure, CSRD scope and thresholds, value chain reporting, XBRL digital tagging, third-party assurance, CSRD gap assessments, CSRD implementation timelines, ESRS E1–E5 environmental standards, ESRS S1–S4 social standards, ESRS G1 governance, CSRD vs GRI/TCFD/SASB alignment, or any EU corporate sustainability reporting question. Trigger even if the user only mentions "ESG reporting Europe", "sustainability disclosure EU", or "non-financial reporting".

488 Updated today
Sushegaad
Code & Development Solid

dora

Expert DORA (Regulation (EU) 2022/2554 — Digital Operational Resilience Act) compliance advisor for EU financial entities. Use this skill whenever a user asks about DORA compliance, ICT risk management frameworks, ICT incident classification or reporting, threat-led penetration testing (TLPT), ICT third-party risk management, Register of Information, contractual provisions with ICT providers, ICT concentration risk, oversight of critical ICT third-party service providers (CTPPs), or any DORA RTS/ITS obligation. Also trigger for: "DORA gap analysis", "DORA readiness", "Art. 6 ICT risk framework", "Art. 17 incident reporting", "Art. 26 TLPT", "Art. 28 third-party policy", "Art. 30 contractual provisions", "Register of Information CIR 2024/2956", "critical TPSP designation", "DORA vs NIS2", "DORA simplified framework", or EBA/ESMA/EIOPA digital resilience guidance.

488 Updated today
Sushegaad
AI & Automation Solid

eu-ai-act

EU AI Act (Regulation (EU) 2024/1689) compliance advisor — risk classification across all four tiers, all 8 prohibited practices (Art. 5), all 8 Annex III high-risk use case areas, provider and deployer obligations (Arts. 9–17, 26), GPAI model obligations and systemic risk (Arts. 51–55), conformity assessment and CE marking (Arts. 43–48), EU AI database registration, limited-risk transparency (Art. 50), governance (AI Office, AI Board), penalties (Art. 99), phase-in timeline, and cross-framework mapping to ISO 42001, NIST AI RMF, and GDPR. Use for any EU AI regulation, AI system classification, or AI compliance question.

488 Updated today
Sushegaad
Code & Development Listed

dora

EU Digital Operational Resilience Act (2022/2554) compliance — scope (financial entities + critical ICT TPPs), five pillars (ICT risk management, incident reporting, resilience testing incl. TLPT, third-party risk, information sharing), and Dutch oversight via DNB/AFM.

4 Updated 1 weeks ago
roodlicht
AI & Automation Solid

cybersecurity-risk-assessor

Medical device cybersecurity risk assessment skill per FDA premarket and postmarket guidance

1,034 Updated today
a5c-ai