EU Cyber Resilience Act (CRA) AI Compliance Deadline

A European Union regulation requiring manufacturers of software (including AI systems) to report vulnerabilities to authorities within 24 hours and notify customers within 72 hours. September 2026 marks the hard deadline for compliance.

The CRA shifts AI security from optional best practice to mandatory disclosure; organizations selling to EU customers must operationalize rapid detection and notification, or face enforcement and penalties.