EU Cyber Resilience Act compliance reaches a milestone today as the 92-day window to September 11 vulnerability reporting opens. Manufacturers of IoT devices or software in Europe must notify ENISA within 24 hours of detecting active exploitation or face fines up to 15 million euros. A 2026 readiness report finds 66% of manufacturers remain unprepared.