About

Why we exist

CVD Portal is built by Porta Regulus B.V., a Dutch company. The Cyber Resilience Act's September 2026 reporting obligations land hardest on the SMEs that cannot build disclosure infrastructure themselves. We built the infrastructure so they do not have to.

The business model

How we make money

CVD Portal is free for the September 2026 Article 14 deadline because we want to be the disclosure layer for thousands of EU manufacturers. We make money when companies upgrade for the full CRA workflow: their own domain, audit-ready evidence exports, and automated authority reporting. That's the entire model. We don't sell data, run ads, or harvest vulnerability reports.

Company facts

Who operates this platform

Legal entity

Porta Regulus B.V.

Country

Netherlands

Founded

2026

Data hosting

Hetzner, EU region

KvK number

42062307

VAT

NL869534208B01

How we handle your data, where it lives, and how we test our own security is documented on the Trust and Security page.

Set up your portal

A branded vulnerability disclosure portal for the Cyber Resilience Act. Free for the Article 14 deadline.