Get started in 5 minutes
Setting up your CVD portal is a critical step towards CRA compliance. Here's how our framework simplifies the process from registration to managing your first vulnerability report.
Create your account
Sign up with your work email. Your branded portal will be instantly created.
- Derived from your email domain (e.g., yourcompany.cvdportal.com)
- Verify your email address
Customize your portal
Add your branding and CVD policy. Customize the submission form fields.
- Upload your logo and set brand colors
- Edit your CVD policy from our template
- Add your PGP key for encrypted submissions
- Configure email notifications
Share your portal
Publish your security contact page link for researchers to submit reports.
- Add link to your website footer
- Include in security.txt file
- Share with security researchers
Manage submissions
Review and respond to vulnerability reports through your dashboard.
- Receive instant email notifications
- Acknowledge within 48 hours, CVD best practice (ISO/IEC 29147, Art. 13)
- Track status and communicate
- Generate compliance reports
Meet Art. 14 reporting obligations
For actively exploited vulnerabilities and significant incidents, the CRA mandates three reporting milestones to ENISA and your national CSIRT via the Single Reporting Platform.
- 24h early warning, notify ENISA/CSIRT upon becoming aware
- 72h detailed report, full technical notification
- Final report +14 days (exploited) or +1 month (incidents), with remediation details
- Enterprise gets automated pre-filled ENISA reports. Free and Pro use the guided manual workflow.
Why CVD Portal?
The EU Cyber Resilience Act requires all manufacturers of connected devices to have a vulnerability disclosure process. We make it easy for small and medium enterprises to comply without the overhead of building their own infrastructure.