User Instructions & Documentation
CRA also sets requirements on user instructions and technical documentation. Where you may already have a wealth of documentation in place for your products, there are specific new elements or details that you may need to add - for example, the vulnerability reporting instructions, the SBOM, your CE marking, or access to the CRA conformity documentation.
EU CRA Reference
Annex II: Information and Instructions to the User
Products with digital elements must include the manufacturer's contact details, a point of contact for vulnerability reporting, product identification, intended purpose, known cybersecurity risks, EU declaration access, security support details, and instructions for secure use, updates, and decommissioning.
EU CRA Reference
Annex VII: Content of the Technical Documentation
Technical documentation must include a general description of the product, its intended purpose, software versions, user instructions, design and development details, vulnerability handling processes, cybersecurity risk assessments, standards applied, test reports, the EU declaration of conformity, and the software bill of materials.
Qt Group Highlights
Qt Group Products' Compliance
Qt Group's products readily have a wealth of excellent user instructions and quality documentation in place, with some additions to be made based on the CRA requirements.
The documentation is also there to help comply with the CRA requirements in your products. For example, there are Qt Framework instructions on how to generate your SBOM, or how to ensure the updateability of your products.
Qt's Customers' Compliance
When you build your product with Qt, you have a wealth of the CRA required documentation ready-made for Qt's part of your product, including product manuals, technical documentation, and the SBOM.
That'll also help you get compliant with the essential product requirements set out in CRA Annex I.
Next Steps at Qt Group
Update documentation with information about the product’s security properties
Update documentation with descriptions of any foreseeable circumstances which may lead to significant security risks
Update user instructions on secure use of Qt Group's products with the relevant risks identified in the risk assessment
More Related to Documentation
Additional Resources
The information contained on this page and this website does not constitute legal advice. It is provided for informational purposes and discussion of the subject matter only. Content is subject to change and The Qt Group does not guarantee the accuracy or currentness of the contents of this page nor is The Qt Group responsible for the content or operation of any external website that these pages link to—or that may link to—these pages. The information contained here is not, and should not be used as, a substitute for legal advice.