Welcome. Here you will find the draft Standards for this vertical, as well as an issue tracker where you can submit comments, and discuss the standard.
## Caution
Exercising one of the **Principles of International Standardization – Openness –** and taking them to a different level, ETSI CYBER-EUSR conducted Open Consultations of the vertical standards in support of the Cyber-Resilience Act, at a much earlier stage than it is usual in the standardization world.
In this context, please keep in mind that the standard drafts under Open Consultation at https://docbox.etsi.org/CYBER/CYBER/Open and https://labs.etsi.org/rep/stan4cra are interim drafts, which expectably will be subject to substantial changes before their target publication date in the second semester of 2026.
> [!important]
> ETSI CRA vertical standards v1.1.1 are being finalized and undergoing Public Enquiry via the National Standardization Organizations (NSO). Therefore, **starting from 16 April 2026, ETSI CYBER-EUSR may only be able to address your comments in a future revision of the standard**. To enable ETSI CYBER-EUSR to address your comments before the first publication of the standards, you should cumulatively submit to your NSO any comments submitted here from 16 April 2026 onwards. If you don't know how to do this, email us at cybersupport@etsi.org and we will guide you in the process.
## Disclaimer
> [!caution]
> Exercising one of the Principles of international standardization – Openness – and taking it to a different level, ETSI is piloting informal public consultations of the vertical standards in support of the Cyber Resilience Act at a much earlier stage than it is usual in the standardization world. In this context, please keep in mind that the standard draft herein is an INTERIM DRAFT, which expectably will be subject to substantial changes before its target publication date in the second semester of 2026. This INTERIM DRAFT document is provided for information and is for future development work within the ETSI Technical Committee CYBER EUSR Working Group (CYBER-EUSR) only. ETSI and its Members accept no liability for any further use/implementation of this Specification. Approved and published specifications and reports shall be obtained exclusively via the ETSI Documentation Service at http://www.etsi.org/standards-search
The INTERIM DRAFTS available for download in this page are provided for information and are for future development work within the ETSI Technical Committee CYBER EUSR Working Group (CYBER-EUSR) only. ETSI and its Members accept no liability for any further use/implementation of these specifications. Approved and published specifications and reports shall be obtained exclusively via the ETSI Documentation Service at http://www.etsi.org/standards-search
## Use of Artificial Intelligence (AI)
Please do not use large language models to generate your comments. Inclusion of language generated by “AI” creates a potential for intellectual property conflicts and liability for ETSI, which is not acceptable.
## Commenting guidelines
Your comments to improve this early draft are very welcomed. To ensure the effectiveness of your contribution, please make sure to include the following elements in your comment:
Your comments to improve this interim draft are very welcomed. To ensure the effectiveness of your contribution, please make sure to include the following elements in your comment:
1. Clear identification of the section of the draft your comment is referring to.
2. Objective proposal to delete content, add content or substitute content.
3. Concrete contribution (exact content you suggest including in the draft as an addition to, or in substitution of, existing content).
4. Brief rationale to justify the proposal (e.g. why the suggested content should be added an/or the existing content should be deleted or substituted).
Please note that comments without concrete contributions will be noted but not acted upon by ETSI CYBER-EUSR. We trust and value your expertise and therefore expect you to take this opportunity to proactively contribute to solving the issues you find while analysing this early draft.
1. Objective proposal to delete content, add content or substitute content.
1. Concrete contribution (exact content you suggest including in the draft as an addition to, or in substitution of, existing content).
1. Brief rationale to justify the proposal (e.g. why the suggested content should be added an/or the existing content should be deleted or substituted).
Please note that comments without concrete contributions will be noted but not acted upon by ETSI CYBER-EUSR. We trust and value your expertise and therefore expect you to take this opportunity to proactively contribute to solving the issues you find while analysing this interim draft.
