Safeguard
Tag

compliance

Safeguard articles tagged "compliance" — guides, analysis, and best practices for software supply chain and application security.

435 articles

Regulation

CRA Article 14: 24-Hour Early Warning and 72-Hour Reporting Explained

Article 14 of the Cyber Resilience Act mandates dual notifications to coordinating CSIRTs and ENISA within 24 hours of awareness. Reporting starts 11 September 2026.

Mar 4, 20266 min read
Regulatory Compliance

DORA Financial Sector Supply Chain Controls

A senior engineer's view of how DORA's ICT third-party risk management requirements are reshaping software supply chain controls across European financial services.

Mar 4, 20268 min read
Regulatory Compliance

NIS2 Supply Chain Evidence For EU Operators

NIS2 expects essential and important entities to manage supply chain risk with documented evidence. Learn how to build a program that survives competent authority review.

Mar 4, 20267 min read
SBOM & Compliance

SBOM Incident Response: Finding Affected Products Fast

When a critical CVE drops, the only number that matters is minutes-to-blast-radius. Here is how a well-run SBOM programme answers the question in under five minutes.

Mar 4, 20267 min read
SBOM

SBOM-Driven Due Diligence for M&A

How SBOMs have become a standard input to technical due diligence for software acquisitions, what acquirers actually look for, and how sellers should prepare.

Mar 4, 20267 min read
Best Practices

How to Comply With EU CRA: A Practical Checklist

The EU Cyber Resilience Act requires vendors to ship secure-by-default products, provide SBOMs, and report exploited vulnerabilities within 24 hours. Here is a concrete compliance path.

Mar 3, 20267 min read
AI Security

EU AI Act Alignment: Griffin AI vs Mythos

EU AI Act enforcement began in 2026. Vendors sold as "AI security tools" are now high-risk systems with documentation obligations. The shape of the documentation matters.

Mar 2, 20264 min read
Best Practices

How to Audit Open Source Licenses for Compliance

A senior engineer's playbook for auditing open source licenses across modern polyglot repos, from SPDX extraction to enforcement in CI and legal reporting.

Mar 2, 20268 min read
Compliance

SBOM Requirements for Automotive (ISO 21434) 2026

A senior engineer's guide to SBOM requirements for automotive suppliers under ISO/SAE 21434, UNECE WP.29 R155, and the 2026 enforcement landscape for connected vehicles.

Mar 2, 20267 min read
AI Security

What is AI Governance

AI governance means the policies and technical controls that keep AI models, data, and agents safe, compliant, and auditable across your software supply chain.

Mar 1, 20267 min read
Industry Analysis

Crypto Exchange Supply Chain Defence 2026

Crypto exchanges remain the highest-value target for supply chain attackers. Here is the 2026 defence playbook that hardens the entire stack.

Feb 28, 20266 min read
Regulatory Compliance

Australia Essential Eight 2026: Supply Chain

A senior engineer's view of how Australia's Essential Eight evolved through 2025 and 2026 to incorporate software supply chain expectations alongside the original mitigations.

Feb 27, 20268 min read
compliance (Page 22) — Safeguard Blog