Safeguard
Topic

Regulatory Compliance

In-depth guides and analysis on regulatory compliance from the Safeguard engineering team.

138 articles

Regulatory Compliance

Open Source License Compliance Management

Open source license compliance is now a continuous, automated discipline. Here's what Sonatype gets right, where it falls short, and how Safeguard unifies license risk with vulnerability management.

Jun 5, 20268 min read
Regulatory Compliance

EU Cyber Resilience Act SBOM requirements

The EU Cyber Resilience Act makes SBOMs a legal requirement, not a best practice. Here's what's mandated, key 2026/2027 deadlines, and how Safeguard compares to Mend.io.

May 22, 20267 min read
Regulatory Compliance

NIS2's First Enforcement Wave (May 2026): What the Early Proceedings Tell Compliance Teams

By May 2026 the first NIS2 enforcement actions are surfacing across early-transposing member states, starting with registration and notification failures. We analyze what authorities are pursuing first and how to build evidence that survives the escalation.

May 20, 202611 min read
Regulatory Compliance

UK Cyber Security and Resilience Bill (May 2026): Report Stage, Supply Chain, and the 24-Hour Clock

By May 2026 the UK's Cyber Security and Resilience Bill has cleared Commons committee and is heading to Report stage. We analyze its expanded scope, the 24-hour incident reporting requirement, and the supply chain obligations software vendors should prepare for.

May 18, 202611 min read
Regulatory Compliance

Medical Device Cybersecurity Under FDA 524B in 2026

Three years into Section 524B, medical device manufacturers are operating under genuine premarket cybersecurity expectations. Here is what the 2026 submission and postmarket landscape actually requires.

May 15, 20266 min read
Regulatory Compliance

CISA's CI Fortify (May 2026): Planning Critical Infrastructure for Cyber Isolation and Recovery

On May 5, 2026, CISA launched CI Fortify, pushing critical infrastructure operators to plan for cyberattacks that sever their connections to the internet and telecom during a geopolitical crisis. We unpack the isolation and recovery objectives and what they demand of software supply chains.

May 7, 202611 min read
Regulatory Compliance

CISA's Agentic AI Secure Adoption Guide (May 2026): What It Means for Software Supply Chains

On May 4, 2026, CISA and international partners published guidance on the secure adoption of agentic AI. We break down the named risks, the recommended controls, and how to operationalize them for AppSec and platform teams.

May 6, 202611 min read
Regulatory Compliance

Utility Grid Software Supply Chain in 2026

NERC CIP-013, expanded CIP-010 expectations, and the post-Colonial Pipeline regulatory tightening have changed what utilities must demand from their software vendors. Here is the 2026 baseline.

Apr 30, 20265 min read
Regulatory Compliance

EU Cyber Resilience Act Vendor Obligations in 2026

The Cyber Resilience Act entered into force in December 2024 with a phased application schedule. The vendor obligations begin to bite in 2026 and accelerate through 2027.

Apr 29, 20266 min read
Regulatory Compliance

DORA Financial Services Supply Chain Obligations in 2026

The Digital Operational Resilience Act has been in application since January 2025. The ICT third-party risk management obligations are the operational center of gravity in 2026.

Apr 20, 20265 min read
Regulatory Compliance

Defense Prime Supply Chain Flowdown 2026

Defense primes are pushing supply chain security obligations down to subcontractors at every tier. Here is how to absorb the flowdown without breaking delivery.

Apr 13, 20268 min read
Regulatory Compliance

Audit Prep: Month To Week With Continuous Evidence

Replace last-minute audit scrambles with continuously generated supply chain evidence. Learn how compliance teams compress preparation timelines from weeks to days.

Apr 11, 20267 min read
Regulatory Compliance — Supply Chain Security Blog | Safeguard