EU Cyber Resilience Act Scenario — Zero Day

What you'll practise

24-Hour ENISA Notification

A critical vulnerability in your connected product is being actively exploited. The CRA requires ENISA notification within 24 hours. Your DevOps lead wants to patch silently first.

User Notification Obligations

72 hours to notify affected users. Marketing wants to control the message. Legal wants to wait. The regulation doesn't care what they want.

CE Marking & Conformity

Your product carries a CE mark. The vulnerability changes its conformity status. Understand what the CRA requires before you can ship the next version.

Supply Chain Disclosure

The vulnerability originated in an open-source component two levels deep. The CRA makes you responsible. Navigate coordinated vulnerability disclosure across your supply chain.

Built for product companies selling into the EU

This scenario is designed for product managers, security engineers, DevOps leads, and compliance officers at companies that manufacture or distribute products with digital elements in the EU market. Covers mandatory vulnerability reporting, CE marking, and supply chain obligations under the Cyber Resilience Act.

Pricing

Annual site licence. Upload to your LMS in 30 minutes. Train your product and security teams before CRA enforcement begins.

Starter

Up to 50 employees

€690/year

€13.80 per learner

Interactive CRA compliance scenario
SCORM 1.2 package
Completion & score tracking
Regulation reference modals
Email support
Content updates included

Get Started

Growth

Up to 250 employees

€1,490/year

€5.96 per learner

Everything in Starter
Priority support
CRA compliance checklist
Renewal at €990/year

Buy Growth

Scale

Up to 1,000 employees

€3,990/year

€3.99 per learner

Everything in Growth
Dedicated account manager
Custom completion reports
Renewal at €2,490/year

Buy Scale

Custom Programme

Any size organisation

From €15,000

Scenarios built around your product lines
Your branding & company context
Facilitated cohort sessions
Bespoke role-specific modules
Board-ready compliance reports
Ongoing measurement & iteration

Book a Call

All prices exclude VAT. 14-day refund policy.

Place Your Order

Fill in your details and we'll send you an invoice and SCORM download links within one business day.

Frequently Asked Questions

What LMS platforms are supported?

Any LMS that supports SCORM 1.2, which includes Moodle, TalentLMS, Cornerstone, Docebo, Canvas, Blackboard, Chamilo, and hundreds more. If your LMS accepts SCORM packages, this course will work.

What do learners actually do in the course?

Each module is an interactive scenario where learners navigate a critical vulnerability in a connected product being actively exploited. They handle ENISA mandatory reporting, user notification, CE marking compliance, and supply chain disclosure under real deadline pressure.

When does the CRA come into force?

The EU Cyber Resilience Act entered into force in December 2024 with a phased implementation. Mandatory vulnerability reporting begins September 2026, and full compliance is required by December 2027.

Who needs this training?

Product managers, DevOps leads, CISOs, security engineers, and compliance officers at any company that manufactures or distributes products with digital elements in the EU market — including software, IoT devices, and connected hardware.

How long does the course take?

2 hours across 5 interactive scenarios. Each module takes 20-25 minutes depending on the learner's pace and how many decision paths they explore.

Can I try before I buy?

Absolutely. The demo scenario is available to play for free, no email required. It's the same quality and format as the full course.

What is your refund policy?

Full refund within 14 days if the SCORM packages have not been uploaded to an LMS. Contact support@blend.training.