Safeguard
Topic

Regulation

In-depth guides and analysis on regulation from the Safeguard engineering team.

20 articles

Regulation

EU AI Act Article 73: Serious Incident Reporting from August 2026

Article 73 of the AI Act requires high-risk AI providers to report serious incidents within 15 days, with shorter clocks of 2 days for critical infrastructure and 10 days for death.

May 4, 20267 min read
Regulation

France's NIS2 Transposition: Inside the Resilience Bill

France's Senate passed the Resilience bill on 12 March 2025 — the omnibus law transposing NIS2 and CER — after the Commission's reasoned opinion of 7 May 2025 escalated infringement proceedings.

Apr 22, 20267 min read
Regulation

CRA Article 14: 24-Hour Early Warning and 72-Hour Reporting Explained

Article 14 of the Cyber Resilience Act mandates dual notifications to coordinating CSIRTs and ENISA within 24 hours of awareness. Reporting starts 11 September 2026.

Mar 4, 20266 min read
Regulation

ENISA's CRA Single Reporting Platform Goes Live September 2026

From 11 September 2026, every CRA manufacturer must file a 24-hour early warning of actively exploited vulnerabilities through one ENISA-operated portal — and the platform is being built right now.

Mar 4, 20267 min read
Regulation

UK Cyber Security and Resilience Bill: What Changed November 2025

The UK government published the draft Cyber Security and Resilience Bill on 12 November 2025, bringing over 900 managed service providers and data centres above 1MW into NIS scope.

Feb 10, 20267 min read
Regulation

Germany's NIS2 Transposition: BSI Act in Force December 2025

Germany's NIS2 implementing law took effect 6 December 2025 with no transition period, expanding regulated entities from 4,500 to roughly 29,000 and giving the BSI direct sanction powers.

Jan 20, 20267 min read
Regulation

CRA Product Classes: Implementing Regulation 2025/2392 Technical Descriptions

Commission Implementing Regulation (EU) 2025/2392 was signed on 28 November 2025, setting the technical descriptions for important and critical CRA product categories.

Jan 15, 20267 min read
Regulation

UK CSR Bill: Relevant MSPs and Data Centres Brought Into Scope

The UK Cyber Security and Resilience Bill introduced on 12 November 2025 expands the NIS regime to 900-1,100 managed service providers and large data centres.

Dec 9, 20258 min read
Regulation

CRA Harmonised Standards: Inside CEN-CENELEC JTC 13 and Standardisation Request M/606

Standardisation Request M/606 was accepted in April 2025 with 41 harmonised standards to deliver by Q3 2026 to underpin CRA presumption of conformity.

Nov 12, 20257 min read
Regulation

CRA Open Source Software Stewards: Article 24's Light-Touch Regime

The CRA's open-source software steward concept under Article 24 creates a distinct, lighter set of obligations for foundations and non-profits supporting commercial OSS.

Oct 21, 20257 min read
Regulation

CIRCIA Final Rule Slips to May 2026: What Changes

CISA pushed the CIRCIA final rule deadline from October 2025 to May 2026, citing 24,000 public comments and harmonization work with other federal cyber reporting frameworks.

Oct 2, 20255 min read
Regulation

EU AI Act Article 5: Prohibited Practices Now Enforceable

Article 5 of the EU AI Act became enforceable on 2 August 2025, with administrative fines up to €35 million or 7% of worldwide turnover for prohibited AI practices.

Sep 22, 20258 min read
Regulation — Supply Chain Security Blog | Safeguard