European Union: Commission Delegated Regulation (EU) 2026/881 supplementing Cyber Resilience Act on grounds for delaying dissemination of notifications
Progress
Current status
in force
10 May 2026 in force
11 Dec 2025 adopted
Scope
Implementers
Austria
Belgium
Bulgaria
Croatia
Cyprus
Czechia
Denmark
Estonia
Finland
France
Germany
Greece
Hungary
Ireland
Italy
Latvia
Lithuania
Luxembourg
Malta
Netherlands
Poland
Portugal
Romania
Slovakia
Slovenia
Spain
Sweden
Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Government Branch
executive
Government Body
other regulatory body
Implementation Level
supranational
Timeline of events
Commission Delegated Regulation (EU) 2026/881 supplementing the Cyber Resilience Act on notification dissemination delay conditions enters into force
On 10 May 2026, Commission Delegated Regulation (EU) 2026/881 supplementing Regulation (EU) 2024/2847 (Cyber Resilience Act) enters into force. The Delegated Regulation applies to the computer security incident response teams (CSIRTs) designated as …
Event type
order
Action type
implementation
Government branch
executive
Government body
other regulatory body
European Commission adopted Delegated Regulation (EU) 2026/881 supplementing Cyber Resilience Act on grounds for delaying dissemination of notifications
On 11 December 2025, the European Commission adopted Commission Delegated Regulation (EU) 2026/881 supplementing Regulation (EU) 2024/2847 (Cyber Resilience Act) on the terms and conditions for applying cybersecurity-related grounds to delay the dis…
Event type
order
Action type
adoption
Government branch
executive
Government body
other regulatory body