FlagThis

Abstract

The 2026 CRA Awareness and Readiness Report assesses how the global software ecosystem is preparing for the European Cyber Resilience Act (CRA). Building on the 2025 study, Unaware and Uncertain: The Stark Realities of Cyber Resilience Act Readiness in Open Source, this years research incorporates a larger sample of 843 respondents, a 23% increase from the previous year, alongside a security analysis of over 12,000 open source projects. The findings show stagnating awareness and structural unreadiness as the December 2027 full compliance deadline draws near. The most significant finding of the 2026 survey is the lack of improvement in industry-wide awareness. Despite the CRA entering into force, the proportion of respondents who are either not familiar at all or only slightly familiar with the regulation rose to 66%. ... Ultimately, success will require moving beyond official regulatory channels to community-driven spaces, such as open source foundations, online discussions, and social media, where the majority of practitioners learn and collaborate.