Regulatory roadmap
Last updated: 15 May 2026.
AlfaNest Labs tracks European product rules that apply to SafeKey. This page states factual progress only. It does not constitute a declaration of conformity, CE marking notice, or legal opinion.
EU Cyber Resilience Act
Regulation (EU) 2024/2847 sets obligations for products with digital elements. Reporting of certain incidents becomes relevant from 11 September 2026 for products on the market; full essential requirements, technical documentation, and conformity assessment processes are phased toward 11 December 2027. SafeKey likely falls under Annex III Class I categories such as password managers or identity-related tooling; confirm final classification with a qualified advisor.
What we publish today
Public security model (this site), privacy policy, terms, disclosure and support policies, and engineering audit notes maintained in our repositories. Internal risk assessments and Annex I mapping are under active development.
What we do not claim
Until an authorised assessment path is completed we do not state CRA certification, CE marking for software downloads, or penetration-test pass/fail marketing. Marketing language stays aligned with verifiable technical documentation.
Other law
GDPR, consumer rules, payment regulation, and app-store policies run in parallel. Users must still evaluate jurisdictional fit for Dead Man’s Switch and inheritance-sensitive features with local counsel.
Contact
Compliance and security coordination: security@alfanestlabs.com for intake, contact@alfanestlabs.com for contractual or privacy requests. Supervisory reporting follows statutory channels, not email alone.