Cyber Resilience Act (CRA)

The Cyber Resilience Act (CRA) is a European regulation that establishes cybersecurity requirements for products with digital elements placed on the EU market. It aims to ensure that hardware and software products are designed, developed, and maintained with adequate cybersecurity throughout their lifecycle.

This will be expanded over time.

Target Audience & Content

This page serves as a central hub for

to find all information mandated by the CRA in a single and central place.

Stackable Data Platform (SDP) classification

The CRA defines multiple product categories that determine the conformity assessment procedure. We consider the Stackable Data Platform to be a default product (not Important or Critical). This means we perform a self-assessment of conformity rather than requiring third-party certification.

Annex II: Information and instructions to the user

Annex II of the CRA specifies information that manufacturers must provide to users. The following items correspond to the numbered requirements in Annex II:

  1. Contact Information: You can find all our contact information on our homepage in the imprint section.

  2. Vulnerability Disclosure: Please see our Vulnerability Disclosure Policy for all information on how to report vulnerabilities in a coordinated way.

  3. Product Identification: The Stackable Data Platform (SDP) is a Kubernetes-based data platform for operating data applications. All our images are tagged and contain annotations to identify the product versions. Additional documentation will follow.

  4. Intended Purpose and Security Properties: Information about the intended purpose of SDP, the security environment, essential functionalities, and security properties will be documented here.

  5. Known Cybersecurity Risks: Information about known or foreseeable circumstances that may lead to significant cybersecurity risks will be documented here.

  6. EU Declaration of Conformity: The internet address at which the EU declaration of conformity can be accessed will be provided here when available.

  7. Security Support and Support Period: Please see our Lifecycle policies for information on the type of security support offered and the support duration, including the period during which vulnerabilities will be handled and security updates provided for the Stackable Data Platform and the included products.

  8. Security Instructions: Detailed instructions on the following topics will be documented here:

    • Necessary measures during initial commissioning and throughout the product lifetime to ensure secure use

    • How changes to the product can affect data security

    • How to install security-relevant updates

    • Secure decommissioning of the product and secure removal of user data

    • How to manage automatic security update settings

    • Information for integrators on cybersecurity requirements (where applicable)

  9. Software Bill of Materials (SBOM): We provide SBOMs for all container images in the Stackable Data Platform. Please see our SBOM documentation for information on how to access, view, and verify SBOMs.