CRA compliance: notification of exploited vulnerabilities and incidents

The CRA requires notification of the market surveillance about exploited vulnerabilities and incidents. This is not yet addresses in this specification.

And a linked subject: the document does not mention now any ways or procedures to detect active exploitation.