{"id":21931,"date":"2026-07-07T11:00:00","date_gmt":"2026-07-07T11:00:00","guid":{"rendered":"https:\/\/www.securitytoday.de\/2026\/07\/07\/what-is-cra-obligations-for-digital-products\/"},"modified":"2026-07-11T06:35:45","modified_gmt":"2026-07-11T06:35:45","slug":"what-is-cra-obligations-for-digital-products","status":"publish","type":"post","link":"https:\/\/www.securitytoday.de\/en\/2026\/07\/07\/what-is-cra-obligations-for-digital-products\/","title":{"rendered":"What Is the CRA? Obligations for Digital Products"},"content":{"rendered":"<div class=\"st-definition\">\n<p><strong>What is the Cyber Resilience Act?<\/strong> The Cyber Resilience Act (CRA), Regulation (EU) 2024\/2847, is an EU regulation for products with digital elements. It obliges manufacturers of hardware and software to adopt security-by-design, provide security updates throughout the product lifecycle, and report exploited vulnerabilities. Reporting obligations apply from 11. September 2026, and main obligations from 11. December 2027.<\/p>\n<\/div>\n<div style=\"background:#003340;color:#fff;padding:32px 36px;margin:32px 0;border-radius:8px;\">\n<p style=\"margin:0 0 18px 0;font-size:0.95em;font-weight:800;text-transform:uppercase;color:#69d8ed;border-bottom:2px solid rgba(105,216,237,0.25);padding-bottom:12px;\">Key Takeaways<\/p>\n<ul style=\"margin:0;padding-left:22px;color:rgba(255,255,255,0.92);line-height:1.6;\">\n<li style=\"margin-bottom:10px;\"><strong style=\"color:#69d8ed;\">Legal nature:<\/strong> EU Regulation, applies directly in all Member States. No national transposition is required, unlike a directive.<\/li>\n<li style=\"margin-bottom:10px;\"><strong style=\"color:#69d8ed;\">Scope:<\/strong> Products with digital elements, i.e., hardware and software with a direct or indirect data connection to a device or network.<\/li>\n<li style=\"margin-bottom:10px;\"><strong style=\"color:#69d8ed;\">Core obligations:<\/strong> Security-by-Design, free security updates throughout the support period, CE marking following conformity assessment.<\/li>\n<li style=\"margin-bottom:0;\"><strong style=\"color:#69d8ed;\">Deadlines:<\/strong> In force since 10. December 2024. Reporting obligations from 11. September 2026, full application from 11. December 2027.<\/li>\n<li style=\"margin-bottom:0;\"><strong style=\"color:#69d8ed;\">Quick tip:<\/strong> The CRA governs the product, NIS2 the operator, DORA the financial sector.<\/li>\n<\/ul>\n<\/div>\n<h2>What the Cyber Resilience Act (CRA) actually means<\/h2>\n<p>The Cyber Resilience Act (CRA) applies at market launch. A product with digital elements may only be made available in the EU if it meets the essential cybersecurity requirements of the regulation. This shifts responsibility to the start of the supply chain: the manufacturer must embed security into the product before it reaches the customer.<\/p>\n<p>Obligations do not end with the sale. Manufacturers must address vulnerabilities throughout the support period, which is based on the expected useful life and is typically at least five years. Security updates must be provided free of charge. Before market access, a conformity assessment with CE marking is required, with stricter procedures for certain critical product classes.<\/p>\n<p>Products that have their own sectoral security regime, such as medical devices, motor vehicles or certified aerospace technology, may be exempt, provided the relevant EU regulations apply.<\/p>\n<h2>Who the CRA Applies To<\/h2>\n<p>First and foremost, the manufacturers are the target, regardless of their headquarters location. Anyone supplying from outside the EU into the single market must appoint an EU-based representative. Importers and retailers have their own due\u2011diligence obligations. For open\u2011source software, an important clarification applies: merely providing code on repositories does not, by itself, constitute placing the product on the market. What matters is whether the software is made available as part of a commercial activity.<\/p>\n<p>Indirectly, the CRA affects every purchase: For CISOs and IT decision\u2011makers, CRA compliance will soon become a procurement criterion. Violations of core obligations can result in fines of up to 15 million euros or 2.5 percent of worldwide annual turnover, whichever is higher, for manufacturers.<\/p>\n<h2>What Companies Must Check Now<\/h2>\n<p>Manufacturers should start with a portfolio inventory: every product with a data connection potentially falls under the regulation. This gives rise to support commitments, reporting processes and the preparation of conformity assessments.<\/p>\n<div data-element=\"checklist\" style=\"background:#23261f;border:1px solid rgba(105,216,237,0.22);border-radius:10px;padding:22px 24px;margin:32px 0;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 2px 10px rgba(0,0,0,0.22);\">\n<p style=\"margin:0 0 12px;font-family:'IBM Plex Mono',ui-monospace,SFMono-Regular,monospace;font-size:0.72em;letter-spacing:0.12em;text-transform:uppercase;color:#69d8ed;\">Check now<\/p>\n<ul style=\"margin:0;padding-left:0;list-style:none;\">\n<li style=\"margin:0 0 10px;padding-left:26px;position:relative;color:#e6e3da;line-height:1.5;\"><span style=\"position:absolute;left:0;color:#69d8ed;\">&#10003;<\/span>Product inventory: capture all own and distributed products with a data connection<\/li>\n<li style=\"margin:0 0 10px;padding-left:26px;position:relative;color:#e6e3da;line-height:1.5;\"><span style=\"position:absolute;left:0;color:#69d8ed;\">&#10003;<\/span>Define support commitments for each product in writing, and make update paths freely available<\/li>\n<li style=\"margin:0 0 10px;padding-left:26px;position:relative;color:#e6e3da;line-height:1.5;\"><span style=\"position:absolute;left:0;color:#69d8ed;\">&#10003;<\/span>Set up a reporting process with 24\u2011 and 72\u2011hour deadlines, and appoint responsible persons<\/li>\n<li style=\"margin:0 0 10px;padding-left:26px;position:relative;color:#e6e3da;line-height:1.5;\"><span style=\"position:absolute;left:0;color:#69d8ed;\">&#10003;<\/span>Prepare a conformity assessment, and secure a notified body for critical product categories<\/li>\n<li style=\"margin:0 0 10px;padding-left:26px;position:relative;color:#e6e3da;line-height:1.5;\"><span style=\"position:absolute;left:0;color:#69d8ed;\">&#10003;<\/span>Update procurement policies: make CRA compliance a purchasing criterion from 2026 onward<\/li>\n<\/ul>\n<\/div>\n<h2>Scope of Related Terms<\/h2>\n<p>The CRA is constantly confused with NIS2 and DORA. The three regulations complement each other and do not replace one another. The overview shows how they divide responsibilities.<\/p>\n<div data-element=\"comparison_table\" style=\"overflow-x:auto;-webkit-overflow-scrolling:touch;margin:28px 0;\">\n<table style=\"width:100%;min-width:640px;border-collapse:collapse;font-size:0.92em;\">\n<thead>\n<tr style=\"border-bottom:2px solid #69d8ed;\">\n<th style=\"text-align:left;padding:12px 14px;color:#e6e3da;\">Regulation<\/th>\n<th style=\"text-align:left;padding:12px 14px;color:#e6e3da;\">Scope<\/th>\n<th style=\"text-align:left;padding:12px 14px;color:#e6e3da;\">Addressee<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr style=\"border-bottom:1px solid rgba(230,227,218,0.12);\">\n<td style=\"padding:11px 14px;color:#e6e3da;\">CRA (Verordnung (EU) 2024\/2847)<\/td>\n<td style=\"padding:11px 14px;color:#e6e3da;\">Products with digital elements<\/td>\n<td style=\"padding:11px 14px;color:#e6e3da;\">Manufacturers, importers, distributors<\/td>\n<\/tr>\n<tr style=\"border-bottom:1px solid rgba(230,227,218,0.12);\">\n<td style=\"padding:11px 14px;color:#e6e3da;\">NIS2 (Richtlinie (EU) 2022\/2555)<\/td>\n<td style=\"padding:11px 14px;color:#e6e3da;\">Operation of essential and important entities<\/td>\n<td style=\"padding:11px 14px;color:#e6e3da;\">Operators and organizations<\/td>\n<\/tr>\n<tr style=\"\">\n<td style=\"padding:11px 14px;color:#e6e3da;\">DORA (Verordnung (EU) 2022\/2554)<\/td>\n<td style=\"padding:11px 14px;color:#e6e3da;\">Digital operational resilience in the financial sector<\/td>\n<td style=\"padding:11px 14px;color:#e6e3da;\">Financial institutions and ICT service providers<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<p>The two neighboring regulations explain our glossary entries <a href=\"https:\/\/www.securitytoday.de\/en\/2026\/07\/05\/what-is-nis2-definition-obligations-and-liability\/\">What is NIS2?<\/a> and <a href=\"https:\/\/www.securitytoday.de\/en\/2026\/07\/06\/what-is-dora-definition-obligations-and-deadlines\/\">What is DORA?<\/a>. What the CRA means for already sold products is examined in our article <a href=\"https:\/\/www.securitytoday.de\/en\/2026\/07\/06\/the-cyber-resilience-act-also-impacts-your-existing-systems\/\">The Cyber Resilience Act also affects your inventory<\/a>.<\/p>\n<h2 style=\"padding-top:64px;margin-bottom:20px;\">Frequently Asked Questions<\/h2>\n<p class=\"st-faq-hint\">Every question is locked. A tap unlocks the answer.<\/p>\n<details>\n<summary><strong>From when does the Cyber Resilience Act apply?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">The regulation has been in force since December 10, 2024. Reporting obligations for manufacturers apply from September 11, 2026, and the full primary obligations from December 11, 2027.<\/p>\n<\/details>\n<details>\n<summary><strong>Is the CRA a law only for manufacturers?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">Manufacturers bear primary responsibility. Importers and retailers have their own due diligence obligations. Manufacturers located outside the EU must additionally appoint an authorized representative in the EU.<\/p>\n<\/details>\n<details>\n<summary><strong>When must a manufacturer report a vulnerability?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">When critical vulnerabilities are actively exploited and serious incidents occur, an early warning must be issued within 24 hours of becoming aware. The detailed report will follow within 72 hours via the central reporting platform to the coordinating CSIRT and ENISA. A final report concludes the notification.<\/p>\n<\/details>\n<details>\n<summary><strong>Does the CRA also apply to open-source software?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">The mere provision of software on repositories or platforms does not in itself constitute placing on the market. Under the EU\u2019s Cyber Resilience Act (CRA), obligations kick in as soon as an organization provides software as part of a commercial activity and thereby acts as a manufacturer.<\/p>\n<\/details>\n<details>\n<summary><strong>What distinguishes CRA, NIS2 and DORA?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">The Cyber Resilience Act (CRA) regulates products with digital elements and their manufacturers. The NIS2 Directive regulates the operation of important and essential entities. The Digital Operational Resilience Act (DORA) regulates the digital resilience of the financial sector. Together, they cover products, operators, and the financial sector.<\/p>\n<\/details>\n<p><!--ST-LOWER-CARDS lang=en--><\/p>\n<h3 style=\"margin:48px 0 18px;padding-left:12px;font-size:1.05em;font-weight:800;color:#e6e3da;border-left:3px solid #69d8ed;line-height:1.2;\">Editor&#8217;s Picks<\/h3>\n<p><a href=\"https:\/\/www.securitytoday.de\/en\/2026\/07\/06\/the-cyber-resilience-act-also-impacts-your-existing-systems\/\" style=\"display:flex;align-items:center;gap:14px;padding:12px 14px;margin:0 0 10px;background:#23261f;border:1px solid rgba(105,216,237,0.18);border-radius:12px;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 6px 18px rgba(0,0,0,0.22);text-decoration:none;color:#e6e3da;box-sizing:border-box;width:100%;\"><span style=\"flex:0 0 116px;aspect-ratio:16\/9;overflow:hidden;border-radius:8px;background:#111210;border:1px solid rgba(230,227,218,0.08);display:block;\"><img decoding=\"async\" src=\"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/07\/cover-hero-2-250x143.jpg\" alt=\"\" loading=\"lazy\" width=\"116\" height=\"65\" style=\"width:100%;height:100%;object-fit:cover;display:block;\"><\/span><span style=\"display:block;min-width:0;\"><span style=\"display:block;font-size:0.68em;font-weight:700;letter-spacing:0.1em;text-transform:uppercase;color:#69d8ed;margin-bottom:5px;\">Editor&#8217;s Pick<\/span><span style=\"display:block;font-size:1.0em;font-weight:650;line-height:1.35;color:#e6e3da;overflow-wrap:anywhere;\">The Cyber Resilience Act Also Affects Your Installed Base<\/span><\/span><\/a><a href=\"https:\/\/www.securitytoday.de\/en\/2026\/07\/05\/what-is-nis2-definition-obligations-and-liability\/\" style=\"display:flex;align-items:center;gap:14px;padding:12px 14px;margin:0 0 10px;background:#23261f;border:1px solid rgba(105,216,237,0.18);border-radius:12px;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 6px 18px rgba(0,0,0,0.22);text-decoration:none;color:#e6e3da;box-sizing:border-box;width:100%;\"><span style=\"flex:0 0 116px;aspect-ratio:16\/9;overflow:hidden;border-radius:8px;background:#111210;border:1px solid rgba(230,227,218,0.08);display:block;\"><img decoding=\"async\" src=\"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/07\/was-ist-nis2-cover-hero-1-250x143.jpg\" alt=\"\" loading=\"lazy\" width=\"116\" height=\"65\" style=\"width:100%;height:100%;object-fit:cover;display:block;\"><\/span><span style=\"display:block;min-width:0;\"><span style=\"display:block;font-size:0.68em;font-weight:700;letter-spacing:0.1em;text-transform:uppercase;color:#69d8ed;margin-bottom:5px;\">Editor&#8217;s Pick<\/span><span style=\"display:block;font-size:1.0em;font-weight:650;line-height:1.35;color:#e6e3da;overflow-wrap:anywhere;\">What Is NIS2? Definition, Obligations, and Liability<\/span><\/span><\/a><a href=\"https:\/\/www.securitytoday.de\/en\/2026\/07\/06\/what-is-dora-definition-obligations-and-deadlines\/\" style=\"display:flex;align-items:center;gap:14px;padding:12px 14px;margin:0 0 10px;background:#23261f;border:1px solid rgba(105,216,237,0.18);border-radius:12px;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 6px 18px rgba(0,0,0,0.22);text-decoration:none;color:#e6e3da;box-sizing:border-box;width:100%;\"><span style=\"flex:0 0 116px;aspect-ratio:16\/9;overflow:hidden;border-radius:8px;background:#111210;border:1px solid rgba(230,227,218,0.08);display:block;\"><img decoding=\"async\" src=\"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/07\/was-ist-dora-cover-hero-250x143.jpg\" alt=\"\" loading=\"lazy\" width=\"116\" height=\"65\" style=\"width:100%;height:100%;object-fit:cover;display:block;\"><\/span><span style=\"display:block;min-width:0;\"><span style=\"display:block;font-size:0.68em;font-weight:700;letter-spacing:0.1em;text-transform:uppercase;color:#69d8ed;margin-bottom:5px;\">Editor&#8217;s Pick<\/span><span style=\"display:block;font-size:1.0em;font-weight:650;line-height:1.35;color:#e6e3da;overflow-wrap:anywhere;\">What Is DORA? Definition, Obligations and Deadlines<\/span><\/span><\/a><\/p>\n<h3 style=\"margin:48px 0 18px;padding-left:12px;font-size:1.05em;font-weight:800;color:#e6e3da;border-left:3px solid #69d8ed;line-height:1.2;\">More from the MBF Media Network<\/h3>\n<p><a href=\"https:\/\/www.cloudmagazin.com\/en\/2026\/07\/06\/banning-shadow-ai-is-the-most-expensive-reflex-in-it-security\/\" style=\"display:flex;align-items:center;gap:14px;padding:12px 14px;margin:0 0 10px;background:#23261f;border:1px solid rgba(105,216,237,0.18);border-radius:12px;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 6px 18px rgba(0,0,0,0.22);text-decoration:none;color:#e6e3da;box-sizing:border-box;width:100%;\"><span style=\"flex:0 0 116px;aspect-ratio:16\/9;overflow:hidden;border-radius:8px;background:#111210;border:1px solid rgba(230,227,218,0.08);display:block;\"><img decoding=\"async\" src=\"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/07\/net-shadow-ai-verbieten-teuerster-reflex-gov-92616216.jpg\" alt=\"\" loading=\"lazy\" width=\"116\" height=\"65\" style=\"width:100%;height:100%;object-fit:cover;display:block;\"><\/span><span style=\"display:block;min-width:0;\"><span style=\"display:block;font-size:0.68em;font-weight:700;letter-spacing:0.1em;text-transform:uppercase;color:#0bb7fd;margin-bottom:5px;\">cloudmagazin<\/span><span style=\"display:block;font-size:1.0em;font-weight:650;line-height:1.35;color:#e6e3da;overflow-wrap:anywhere;\">Banning shadow AI is the most expensive reflex in IT security<\/span><\/span><\/a><a href=\"https:\/\/mybusinessfuture.com\/en\/electricity-price-relief-2026-what-manufacturing-companies-need-to-examine\/\" style=\"display:flex;align-items:center;gap:14px;padding:12px 14px;margin:0 0 10px;background:#23261f;border:1px solid rgba(105,216,237,0.18);border-radius:12px;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 6px 18px rgba(0,0,0,0.22);text-decoration:none;color:#e6e3da;box-sizing:border-box;width:100%;\"><span style=\"flex:0 0 116px;aspect-ratio:16\/9;overflow:hidden;border-radius:8px;background:#111210;border:1px solid rgba(230,227,218,0.08);display:block;\"><img decoding=\"async\" src=\"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/07\/net-strompreisentlastung-2026-netzentgelte-s-83450652-250x143.jpg\" alt=\"\" loading=\"lazy\" width=\"116\" height=\"65\" style=\"width:100%;height:100%;object-fit:cover;display:block;\"><\/span><span style=\"display:block;min-width:0;\"><span style=\"display:block;font-size:0.68em;font-weight:700;letter-spacing:0.1em;text-transform:uppercase;color:#aa8ac2;margin-bottom:5px;\">MyBusinessFuture<\/span><span style=\"display:block;font-size:1.0em;font-weight:650;line-height:1.35;color:#e6e3da;overflow-wrap:anywhere;\">Electricity Price Relief 2026: What Manufacturing Businesses Need to Check<\/span><\/span><\/a><a href=\"https:\/\/www.digital-chiefs.de\/en\/the-chief-ai-officer-is-here-the-problem-remains\/\" style=\"display:flex;align-items:center;gap:14px;padding:12px 14px;margin:0 0 10px;background:#23261f;border:1px solid rgba(105,216,237,0.18);border-radius:12px;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 6px 18px rgba(0,0,0,0.22);text-decoration:none;color:#e6e3da;box-sizing:border-box;width:100%;\"><span style=\"flex:0 0 116px;aspect-ratio:16\/9;overflow:hidden;border-radius:8px;background:#111210;border:1px solid rgba(230,227,218,0.08);display:block;\"><img decoding=\"async\" src=\"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/07\/net-der-chief-ai-officer-ist-da-das-problem-14328098-250x141.jpg\" alt=\"\" loading=\"lazy\" width=\"116\" height=\"65\" style=\"width:100%;height:100%;object-fit:cover;display:block;\"><\/span><span style=\"display:block;min-width:0;\"><span style=\"display:block;font-size:0.68em;font-weight:700;letter-spacing:0.1em;text-transform:uppercase;color:#e8828d;margin-bottom:5px;\">Digital Chiefs<\/span><span style=\"display:block;font-size:1.0em;font-weight:650;line-height:1.35;color:#e6e3da;overflow-wrap:anywhere;\">The Chief AI Officer is here. The problem remains.<\/span><\/span><\/a><!--\/ST-LOWER-CARDS--><\/p>\n","protected":false},"excerpt":{"rendered":"Cyber Resilience Act explained: which products it covers, what manufacturers must report by September 2026, and how it differs from NIS2.","protected":false},"author":50,"featured_media":21796,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_yoast_wpseo_focuskw":"cyber resilience act","_yoast_wpseo_title":"What Is the CRA? Obligations for Digital Products","_yoast_wpseo_metadesc":"Cyber Resilience Act explained: products covered, reporting requirements for manufacturers by September 2026, and differences from NIS2.","_yoast_wpseo_meta-robots-noindex":"","_yoast_wpseo_meta-robots-nofollow":"","_yoast_wpseo_meta-robots-adv":"","_yoast_wpseo_canonical":"","_yoast_wpseo_opengraph-title":"","_yoast_wpseo_opengraph-description":"","_yoast_wpseo_opengraph-image":"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/07\/was-ist-der-cyber-resilience-act-cover-hero.jpg","_yoast_wpseo_opengraph-image-id":0,"_yoast_wpseo_twitter-title":"","_yoast_wpseo_twitter-description":"","_yoast_wpseo_twitter-image":"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/07\/was-ist-der-cyber-resilience-act-cover-hero.jpg","_yoast_wpseo_twitter-image-id":0,"evm_cvss":0,"evm_risk":0,"evm_casefile":"","evm_primary_cve":"","_evm_translation_lang":"en","featured_post":0,"featured_post_sortierung":0,"_wp_old_slug":[],"footnotes":""},"categories":[263],"tags":[],"class_list":["post-21931","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sicherheitslexikon-en"],"evm_reading_time_minutes":6,"wpml_language":"en","wpml_translation_of":21793,"_links":{"self":[{"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/posts\/21931","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/users\/50"}],"replies":[{"embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/comments?post=21931"}],"version-history":[{"count":1,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/posts\/21931\/revisions"}],"predecessor-version":[{"id":21950,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/posts\/21931\/revisions\/21950"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/media\/21796"}],"wp:attachment":[{"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/media?parent=21931"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/categories?post=21931"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/tags?post=21931"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}