PortaRegulus CRA app — getting started
The PortaRegulus CRA app (app.cra.portaregulus.com) helps manufacturers work through EU Cyber Resilience Act compliance for their products, from risk assessment to conformity documentation.
Signing in
Sign-in is passwordless. Enter your email address on the login page and you receive a magic link by email. Clicking the link signs you in, and the session lasts one hour before it needs a refresh.
Access may be gated to invited testers during the closed development phase. While the gate is on, entering an email that is not on the invite list adds you to the waitlist instead of sending a link, and the PortaRegulus team reviews requests. Once self-serve signup is open, any valid email receives a magic link straight away.
Trying the demo without an account
You can explore a populated demo workspace without signing in. Open https://app.cra.portaregulus.com/?seed=demo and the app loads with two sample products and their assessments so you can look around. The demo is read-only. Changes are not saved, and a banner at the top gives a link to request access when you are ready to start your own assessment.
First steps
When you first sign in, the Dashboard shows an upload area and a short preview of what happens next. After you add a product, a Getting Started guide appears at the top of the Dashboard with five steps.
- Add your product. Upload a product manual on the Dashboard, or create a product manually on the Products page. The AI extracts the product details it needs.
- Review what the AI found. Check the extracted product details in section 6.2 and answer any clarification questions.
- Approve the 6.2 inputs. Confirm each input document is correct. Approval unlocks the next stage.
- Generate and approve the Product Context. The AI writes a summary of your product from the approved inputs. Read it and sign it off.
- Work through the requirements. Complete the remaining risk management and engineering sections. The guide and the Recommended Next Steps widget point to the next section to work on.
The guide tracks your progress automatically and disappears when all steps are done. You can hide it with the Hide guide button and bring it back with Show guide in the Dashboard header, or restart it from the Customize panel.
The Dashboard
A new workspace shows three widgets: Compliance Overview, Compliance Workflow, and Recommended Next Steps. Six more widgets (Artifact Status, Risk Summary, Threat Coverage, Clause Progress, Open Issues, Recent Activity) are available through the Customize button in the Dashboard header, where you can show, hide, and reorder all widgets.
The sidebar keeps the Risk Management and Engineering sections collapsed until your work reaches them. Risk Management opens once your 6.2 product inputs are approved, and Engineering opens once the Product Context is approved. You can open either section manually at any time by clicking its heading.
Where to find things
- Dashboard (https://app.cra.portaregulus.com/). Overview of your compliance progress.
- Products (https://app.cra.portaregulus.com/products). Create and manage the products you are assessing.
- Executive Report (https://app.cra.portaregulus.com/report). A management-level summary of compliance status.
- Compliance & Conformity (https://app.cra.portaregulus.com/compliance). Clause-by-clause compliance status.
- Classification & Route (https://app.cra.portaregulus.com/compliance#classification). Determine the product class (Annex III/IV) and the Article 32 conformity procedure, and generate the EU Declaration of Conformity and Annex VII technical documentation index.
- Risk Management. Product context (https://app.cra.portaregulus.com/clause/6.2), assets (https://app.cra.portaregulus.com/assets), risk criteria (https://app.cra.portaregulus.com/risk-criteria), threat model / STRIDE (https://app.cra.portaregulus.com/stride), and risk assessment (https://app.cra.portaregulus.com/risks).
- All Documents (Artifact Registry) (https://app.cra.portaregulus.com/artifacts). All generated and uploaded compliance documents.
- Incident Reporting (ENISA) (https://app.cra.portaregulus.com/issues). Track reportable issues (actively exploited vulnerabilities, severe incidents) in line with CRA Article 14.
- Vulnerability Disclosure (https://app.cra.portaregulus.com/cvd). Integration with CVD Portal for coordinated vulnerability disclosure.
- Export & Declaration (Conformity Export) (https://app.cra.portaregulus.com/export). Export your conformity documentation package.
- Collaboration (https://app.cra.portaregulus.com/collaboration). Invite collaborators to work on assessments.
- Knowledge Graph (https://app.cra.portaregulus.com/graph). Explore the CRA knowledge graph linking requirements, risks, and evidence.
- Audit Trail (https://app.cra.portaregulus.com/audit). A log of actions taken in your workspace.
- Feedback & Support (in the sidebar, opens a form). Send feedback or a support request to the team, or ask the AI support assistant.
Where to do X in the app
- Add or manage a product: Products (https://app.cra.portaregulus.com/products), or upload a product manual on the Dashboard (https://app.cra.portaregulus.com/).
- Run the cybersecurity risk assessment (CRA Article 13): work through Product Context (https://app.cra.portaregulus.com/clause/6.2), Risk Criteria (https://app.cra.portaregulus.com/risk-criteria), the STRIDE threat model (https://app.cra.portaregulus.com/stride), and Risk Assessment (https://app.cra.portaregulus.com/risks).
- Determine product class and conformity route, or generate the Declaration of Conformity: Classification & Route (https://app.cra.portaregulus.com/compliance#classification).
- Track an incident or actively exploited vulnerability that may be reportable under Article 14: Incident Reporting (https://app.cra.portaregulus.com/issues).
- Set up coordinated vulnerability disclosure or see reports researchers filed against a product: Vulnerability Disclosure (https://app.cra.portaregulus.com/cvd).
- Manage SBOMs: SBOM Manager (https://app.cra.portaregulus.com/sbom).
- Track third-party and open-source components: Third-Party Management (https://app.cra.portaregulus.com/third-party).
- Export the technical documentation package: Export & Declaration (https://app.cra.portaregulus.com/export).
- See every compliance document in one place: All Documents (https://app.cra.portaregulus.com/artifacts).
- Check who changed what: Audit Trail (https://app.cra.portaregulus.com/audit).