Our Commitment to the
EU Cyber Resilience Act (CRA)

At Change Vision, Inc. (Astah), product security and customer trust are our highest priorities.
We are fully aware of the EU Cyber Resilience Act (CRA), which aims to enhance the security of digital products in the EU market.

Current Status (As of May 2026)

We have initiated a comprehensive internal review of our software development lifecycles, vulnerability management, and documentation against the CRA requirements. Our timeline is structured into phased rollouts to ensure a seamless transition for our users and partners.

Our Compliance Roadmap

By Fall 2026

Coordinated Vulnerability Disclosure (CVD)

Establish and publish our Coordinated Vulnerability Disclosure (CVD) policy and dedicated reporting channels in accordance with the early-enforced CRA reporting obligations.

December 11, 2027

Full CRA Enforcement & Certification

Ensure all applicable products are fully CRA-compliant, accompanied by the required EU Declaration of Conformity (DoC), product security guidelines, and technical documentation.

Product Security & Update Instructions

In accordance with the EU Cyber Resilience Act requirements, below are the detailed instructions regarding security-relevant updates and settings for Astah products.

How security-relevant updates can be installed:

When a software patch or security-relevant update becomes available, we will inform our customers via our official website, direct email notifications, and/or in-product alerts. To install a security update, please follow these steps:

01

Download

Visit our official website and download the package containing the latest security fixes.

Get Latest Installer
02

Execute

Close any running instances of Astah, then double-click the downloaded installer file to launch it.

03

Apply

Follow the on-screen prompts in the setup wizard. The installer will automatically overwrite and update your existing application files.

04

Verify

Once finished, launch Astah and check [Help] > [Software Update Information] to verify your secure version.

*Note: Your existing project files, user preferences, and license configurations will remain safely intact during this update process.*

Automatic installation settings and notification opt-out

To prevent unexpected disruptions to your environment, Astah does not perform silent automatic installations of security updates in the background. All updates must be explicitly initiated by the user.

However, to ensure you are promptly notified of critical security patches, Astah is configured by default to automatically check for available software updates upon application launch.

If you wish to turn off this default automatic checking and notification mechanism, you can disable it by following these steps:

  1. Navigate to [Tools] > [System Properties] from the top menu.
  2. Select [Other] from the left-hand menu.
  3. Uncheck the box next to [Check for Software Updates when launching Astah].
  4. Click [Apply], then click [OK].
Warning: Disabling this option means Astah will no longer automatically alert you when critical security patches are released. We highly recommend keeping this feature enabled or manually checking our website regularly for security updates.

Frequently Asked Questions

Are Astah products compliant with the EU Cyber Resilience Act (CRA)?

We are currently working on full CRA compliance for our products. The CRA will be fully enforced on December 11, 2027, with some vulnerability reporting obligations starting in September 2026.

Astah is proactively aligning its development processes, vulnerability disclosure policies, and product documentation with CRA standards. We will ensure that all required compliance measures are met well before the deadlines. We will update our official CRA status page regularly as we progress.

Last updated: May 28, 2026