Home / Who We Are / Policies / EU Cyber Resilience Act Compliance

Pleora’s Commitment to the EU Cyber Resilience Act

Last modified: March 2026

Pleora Technologies is committed to risk management and aligning our vulnerability management and incident response practices with the mandatory requirements of the EU Cyber Resilience Act (Regulation (EU) 2024/2847).

Based on our internal product impact assessment, and with reference to the technical descriptions set out in Commission Implementing Regulation (EU) 2025/2392, Pleora Technologies’ products are classified in the default category and are subject to the standard essential cybersecurity requirements set out in Annex I of the Act, with conformity demonstrated through self-assessment. We will continue to review this designation and will update it as appropriate if we identify any material changes in product functionality, intended use, applicable classifications, or regulatory guidance (including following consultation with external experts). The Pleora products identified are:

  • External Frame Grabbers,
  • Embedded Video Interfaces, and
  • eBUS Software

As part of our ongoing compliance readiness project, we are actively assessing our current security practices and taking steps in the following areas:

  • Product impact assessment
  • Documentation of our security measures, including a Software Bill of Materials (SBOM) available to customers on request under appropriate confidentiality terms.
  • Gap analysis and remediation
  • Preparation for full compliance with the mandatory requirements of the EU Cyber Resilience Act by December 2027, including ongoing enhancements to our security processes and documentation.
  • Coordinated vulnerability handling and disclosure — see our Coordinated Vulnerability Disclosure Policy for details on how to report a suspected vulnerability and what to expect from us in return.
  • Readiness for Article 14 reporting obligations, which apply from 11 September 2026 — Pleora is establishing the processes needed to notify ENISA and the relevant coordinator CSIRT of any actively exploited vulnerability or severe incident affecting our products within the timelines set out in the Act.

Updates will be posted regularly on our website at https://www.pleora.com/about-us/policies/.

Questions and inquiries can be sent to our Compliance Team at compliance@pleora.com

How to Report a Vulnerability

If you believe you have discovered a security vulnerability, please report it to us by emailing our Compliance Team: compliance@pleora.com.

Include as much information as possible, such as:

  • Product name and version
  • Detailed description of the vulnerability
  • Steps to reproduce (if available)
  • Potential impact
  • Any evidence of exploitation
  • Your preferred contact information

Please submit reports in English where possible.

Responsible Disclosure Expectations

We ask that reporters:

  • Act in good faith and avoid privacy violations, data destruction, or service disruption
  • Refrain from publicly disclosing the vulnerability until Pleora has had a reasonable opportunity to investigate and remediate the issue
  • Provide sufficient detail to allow us to reproduce and assess the vulnerability.

Our Response Process

When a potential security vulnerability is reported to Pleora, we will make reasonable efforts to:

  1. Log and review the report through our security and compliance processes
  2. Assess and triage the reported issue to determine validity, impact, and severity
  3. Escalate internally through defined alerting and response workflows where appropriate
  4. Coordinate reporting with relevant authorities where required under applicable legal or regulatory obligations
  5. Develop mitigations or corrective actions for confirmed vulnerabilities
  6. Communicate guidance to affected customers when appropriate
  7. Support coordinated disclosure practices that prioritize user protection and responsible remediation

We may contact you for clarification or additional technical details during our investigation.

Coordinated Disclosure

Where appropriate, Pleora supports coordinated disclosure timelines that balance transparency with user protection. Disclosure timing may depend on factors such as:

  • Severity and exploitability
  • Availability of mitigations or patches
  • Regulatory or customer-impact considerations

Pleora retains discretion to determine appropriate disclosure timing in line with user protection and regulatory obligations.

Safe Harbor

Pleora will not pursue legal action against individuals who:

  • Engage in good-faith security research
  • Follow this disclosure policy
  • Do not exploit vulnerabilities beyond what is necessary for validation
  • Do not violate applicable laws or regulations

This policy is intended to provide assurance that responsible security research is welcome and encouraged.

Changes to This Policy

Pleora may update this policy from time to time. The most current version will always be published on our website.

Thank You

We appreciate the efforts of the security community in helping keep Pleora products secure and our customers protected.

Download the printer-friendly version of Pleora’s Coordinated Vulnerability Disclosure