Skip to main content

Trust portal for approved viewers

The trust portal lets a company share its Cyber Resilience Act compliance records with specific external people it has approved, such as customers, auditors, and distributors. It is an Enterprise feature.

What viewers see

Approved viewers sign in at your-company.cvdportal.com/trust and see:

  • A compliance documents section: EU digital identity verification status, published security advisories, the coordinated vulnerability disclosure policy, and a statement that the audit trail is tamper-evident.
  • For each shared product: its CRA classification and conformity route, the security update period, the draft EU Declaration of Conformity, and the Annex VII technical-documentation index.

Only the latest frozen snapshot of a product is shared, never live in-progress drafts. Every conformity record carries a notice that it does not by itself constitute a presumption of conformity or a guarantee of compliance.

Enabling and managing access

Under Settings, Trust Portal:

  1. Enable the trust portal with the master toggle.
  2. Choose which products to share. On a product page, open the Monitoring tab and use "Share on trust portal". A product needs at least one saved snapshot to show a record.
  3. Approve viewers. People can request access from the portal, or an admin can invite an email directly. Each approved viewer receives a private, single-use magic link that signs them in for seven days.
  4. Revoke a viewer at any time. Access ends immediately on the next page load.

Viewers never get a dashboard account. Access is a signed session cookie established by the magic link, and the link token is stored only as a hash.

Delegating a control (assignments)

Separately from the trust portal, an admin can assign a single CRA control to an outside person to provide information or upload a document. The assignee gets a magic link to a one-off contribution page, and their submission is filed as evidence for that control. See the Evidence tab on a product page.