Operational evidence, not legal advice
CRA Ledger helps organize readiness evidence and workflow history. It does not provide legal advice or determine legal obligations.
ABOUT CRA LEDGER
CRA Ledger helps software teams keep SBOMs, vulnerability reviews, remediation context, audit activity, and readiness evidence connected to the product versions they belong to.
Why it exists
CRA readiness is not just a documentation exercise. Software teams already generate security evidence through SBOM intake, vulnerability review, remediation work, release discussions, audit activity, and customer assurance requests. The problem is that this evidence often becomes scattered across scanner exports, ticket trackers, spreadsheets, approvals, and notes.
CRA Ledger is designed to make that operational work reviewable by keeping product-version records, evidence artifacts, decisions, remediation context, and activity history connected in one workflow.
Practical engineering focus
CRA Ledger is an independent product built near Munich, Germany, with a practical engineering focus on product-security evidence workflows for Cyber Resilience Act readiness.
The product favors utility over theater: clear intake, reviewable decisions, retained evidence history, and operational status that product-security, compliance, and engineering teams can use during readiness planning.
Clear scope
CRA Ledger is positioned as operational software for evidence workflows. It supports readiness preparation, but it does not make legal determinations, provide certification, or claim formal audit status.
CRA Ledger helps organize readiness evidence and workflow history. It does not provide legal advice or determine legal obligations.
The product does not provide CRA certification, notified body approval, or a guarantee of compliance.
Capabilities are presented honestly as available, partial, or planned so buyers can separate current product behavior from roadmap direction.
Next step
For product questions or early access, use the contact page. For security questions or responsible disclosure coordination, use the security contact page.