The European Commission has published its first official FAQs on the Cyber Resilience Act, outlining implementation guidance. Key points include early reporting deadlines starting September 2026, a minimum five-year support period for product security, and explicit supply-chain due diligence requirements. Organizations are encouraged to begin preparations now to ensure compliance.