CRA Evidence is the EU Cyber Resilience Act compliance platform for manufacturers, importers, and distributors.
The CRA enters full application in December 2027. Products with digital elements placed on the EU market will require a technical file under Annex VII, an EU Declaration of Conformity, ten years of documentation under Article 13, and incident reporting to ENISA under Article 14. Non-compliance carries fines of up to €15M or 2.5% of global turnover.
🔹 SBOM Management. Ingest CycloneDX 1.4+ and SPDX 2.3+, scored against BSI TR-03183, with HBOM support for embedded systems.
🔹 Vulnerability Knowledge Base. Own VKB synced every 15 minutes from NVD, OSV.dev, GitHub Advisories, and CISA KEV, with an independent scanner as a second detection layer.
🔹 Exploit-Driven Prioritization. Findings enriched with EPSS from FIRST.org and CISA KEV, so remediation follows real-world exploitation likelihood, not raw CVSS.
🔹 VEX Automation. VEX statements generated per finding, so non-exploitable CVEs are documented and shared with downstream consumers in machine-readable form.
🔹 Technical File Generation. Annex VII packages, EU Declaration of Conformity, Annex II Security Data Sheets, and CE marking records produced as signed PDFs.
🔹 ENISA Reporting Workflow. Structured 24h/72h/14d notification timelines with deadline tracking and submission receipts.
🔹 Supplier & Importer Portal. Collect SBOMs and conformity declarations from upstream suppliers, so importers and distributors verify compliance before placing products on the EU market.
🔹 CI/CD Integration. Open-source CLI publishes SBOMs and release metadata directly from your build pipeline.
🔹 Digital Product Passports. QR-linked passports for physical product labelling.
Trusted by manufacturers, importers, and distributors to meet CRA obligations and stay aligned with NIS2, RED, and the Machinery Regulation.
CRA Evidence at a Glance
Who Founded CRA Evidence?
How many projects a year does CRA Evidence deliver?
What is CRA Evidence average cost per project?
What are CRA Evidence company values?
Profile strength: Average
Average is better than “below average”, but not “good”, at least not on TechBehemoths. CRA Evidence is one of those companies that might deliver some projects, but are not convincing enough. For this reason, their profile strength is average. Advice: get in touch with CRA Evidence if you have a great intuition. Otherwise, go the extra mile and find a slightly better ranking company. We have 5,000 strong and excellent ones from a total of 43,000+.
Locations
HEADQUARTERS
Calle Melquiades Alvarez 20
Asturias 33003
Spain +34711212204
Speciality
- Cybersecurity
- IT Consulting
Focuses & Technologies
Client Focus
Industry Focus
- Manufacturing
- Information technology
CRA Evidence Stats ! You can learn more about company stats on TechBehemoths in this article.
How CRA Evidence compares to other companies based on profile strength?
See how CRA Evidence is positioned among 734 companies from Spain based on profile strength. An average rate is fine, but could definitely be better for a bit more credibility.
How much does CRA Evidence charge for their services compared to other companies in Spain and Asturias?
CRA Evidence is one of those companies that decided to not disclose their pricing. We do not know the exact reason, but we assume their price range can be pretty flexible, depending on each project and client, that is why. Rise this topic once you will discuss it with them.
How many services does CRA Evidence provide compared to other companies?
CRA Evidence covers 1 services in their current region or area. This means that the company offers a limited range of services compared to their competitors. This is not necessarily a bad thing. It can be that the company is rather focused on a few things and does it well, instead of spreading too much.
When was CRA Evidence founded?
CRA Evidence was founded in 2026. According to TechBehemoths data, 4 companies were founded in Spain in that year. Compared to other companies, CRA Evidence is new in the market. Surely newly formed companies don't have the experience of the veterans, but, their eagerness and extra mile to prove is definitely worth taking into consideration.
Portfolio
Having no reviews yet might be ok to trust, but having no portfolio...it's a little risky. We highly advice to look for another company. Better safe than sorry.
Reviews
Write a ReviewEvery company has its start. These guys don't have any reviews yet, but you may give them a chance. They could excel, to make you a happy client. But, you may also consider other companies, with a proven track record too. To be safe.