EU Cyber Resilience Act (Regulation 2024/2847) compliance for AI agents. Product classification, Annex I audit, SBOM generation, conformity assessment roadmap, vulnerability reporting readiness. For manufacturers of products with digital elements. By MEOK AI Labs.
Project description
CRA Compliance MCP
The only MCP server that automates EU Cyber Resilience Act (CRA, Regulation 2024/2847) compliance for manufacturers, importers, and distributors of products with digital elements.
Built by MEOK AI Labs. Pairs with our DORA, NIS2, EU AI Act, and ISO MCPs.
What it does
- Classify any product into CRA class (default / Class I / Class II / Critical)
- Audit Annex I essential requirements (both product-property Part 1 and vulnerability-handling Part 2)
- Generate CycloneDX SBOM skeleton (Article 13 + Annex I 2.1 mandatory)
- Assess vulnerability-reporting readiness for Sep 2026 mandatory reporting to ENISA
- Produce conformity assessment roadmap with CE marking path + timeline + cost estimate
- Track enforcement timeline — 3 critical dates between now and Dec 2027
Install
pip install cra-compliance-mcp
Use with Claude Desktop
{
"mcpServers": {
"cra": { "command": "cra-compliance-mcp" }
}
}
Why it matters
- Enforcement dates locked in: 11 Sep 2026 (reporting) → 11 Jun 2027 (vuln handling) → 11 Dec 2027 (full)
- Penalties up to €15M or 2.5% of global turnover for Annex I violations
- ALL products with digital elements sold on EU market in scope — IoT, software, SaaS, firmware, mobile apps
- ENISA single reporting platform launching 2026 — requires 24h / 72h / 1-month timeline
- CE marking mandatory from Dec 2027 — no CRA compliance = no EU market
Tiers
- Free — 10 calls/day, classification, Annex I audit, SBOM skeleton
- Pro (£199/mo) — unlimited, signed attestations, full SBOM scanner, notified-body handoff pack
- Team (£499/mo) — multi-product, consolidated dashboard, cross-CRA/NIS2/DORA crosswalk
- Enterprise (£1,499/mo) — SSO, SLA, co-branded Trust Center push, Annex II tech doc generator
- 48h written assessment (£5,000) — vs £20–80k Big-4 gap assessments
Legal basis
Regulation (EU) 2024/2847 (Cyber Resilience Act). Commission Delegated and Implementing acts pending for Annex III/IV expansion and reporting technical formats. Automated self-assessment — not a substitute for a notified body conformity assessment.
License
MIT. MEOK AI Labs, 2026.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file cra_compliance_mcp-1.0.0.tar.gz.
File metadata
- Download URL: cra_compliance_mcp-1.0.0.tar.gz
- Upload date:
- Size: 9.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1e2c2a639281ebd2b486cc9b8584af29f2e3eaab34782800f697770297bc9dd9
|
|
| MD5 |
ebf2844dc6a55244e8c25bbf6cd41aa8
|
|
| BLAKE2b-256 |
9113771339628ffb84990b6e1aca0f682e83be9144278500c0a9b22983a17aa9
|
File details
Details for the file cra_compliance_mcp-1.0.0-py3-none-any.whl.
File metadata
- Download URL: cra_compliance_mcp-1.0.0-py3-none-any.whl
- Upload date:
- Size: 10.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a76575c5790409991b6ee980bb55ba61b1574cd7a721c4f710b8102ffb147e84
|
|
| MD5 |
23a57ca9e84daff4b81ea341e654eeb7
|
|
| BLAKE2b-256 |
359fb7d7e15b831ca1031388ea2fbbfa43564c0fbd3a7686eb6bcca64fe4e10a
|
