Safeguard
Tag

cyber-resilience-act

Safeguard articles tagged "cyber-resilience-act" — guides, analysis, and best practices for software supply chain and application security.

10 articles

Compliance & Frameworks

A Practical Guide to EU Cyber Resilience Act Compliance

The CRA's 24-hour vulnerability reporting clock starts 11 September 2026. Here's how to build the SDLC changes now instead of scrambling later.

Jul 9, 20266 min read
Solutions

Software Supply Chain Security for SaaS

SaaS companies are a supply chain for everyone else, which is why the EU Cyber Resilience Act, NIS2, SOC 2, and DORA now push obligations onto them. Here is how to build a program that satisfies customers and regulators alike.

Jul 5, 20266 min read
FAQ

EU Cyber Resilience Act FAQ: Timelines, SBOMs, and Reporting Duties

A precise FAQ on the EU Cyber Resilience Act in 2026 — what it covers, the phased 2026 and 2027 deadlines, the SBOM requirement, 24-hour vulnerability reporting, risk classes, and penalties.

Jul 3, 20266 min read
Compliance

What is the EU Cyber Resilience Act (CRA)? A software supply chain guide

The Cyber Resilience Act sets binding cybersecurity rules for products with digital elements sold in the EU. Here's who it covers, what it demands of software, and how to prepare before the 2027 deadline.

Jul 1, 20266 min read
SBOM & Compliance

Cyber Resilience Act (CRA) Compliance for Software Vendors

CRA reporting duties start Sept 2026; fines reach 2.5% of global turnover. What software vendors must do for SBOMs, vulnerability reporting, and audits.

May 15, 20268 min read
Regulatory Compliance

EU Cyber Resilience Act Vendor Obligations in 2026

The Cyber Resilience Act entered into force in December 2024 with a phased application schedule. The vendor obligations begin to bite in 2026 and accelerate through 2027.

Apr 29, 20266 min read
Compliance

EU Cyber Resilience Act Enforcement Timeline 2026

The EU Cyber Resilience Act is already biting in 2026. Here is the enforcement timeline manufacturers, integrators, and open source stewards need to internalize now.

Feb 11, 20268 min read
Regulatory Compliance

License and Regulatory Risk in Open Source Components

Redis, HashiCorp, and Elastic all re-licensed core projects since 2021, and new rules like the EU Cyber Resilience Act now make license and SBOM gaps a regulatory problem.

Nov 2, 20258 min read
Compliance

EU Cyber Resilience Act: Final Text Analysis and Compliance Roadmap

The EU Cyber Resilience Act was finalized in 2024, mandating cybersecurity requirements and SBOMs for products with digital elements. Here is what the final text requires and how to prepare.

Oct 10, 20247 min read
Compliance

Software Transparency and the EU Cyber Resilience Act

The EU Cyber Resilience Act is rewriting the rules for software sold in Europe. Mandatory vulnerability handling, SBOM requirements, and security-by-design obligations are coming for every vendor.

Sep 15, 20228 min read
cyber-resilience-act — Safeguard Blog