Safeguard
Tag

eu

Safeguard articles tagged "eu" — guides, analysis, and best practices for software supply chain and application security.

12 articles

FAQ

EU Cyber Resilience Act FAQ: Timelines, SBOMs, and Reporting Duties

A precise FAQ on the EU Cyber Resilience Act in 2026 — what it covers, the phased 2026 and 2027 deadlines, the SBOM requirement, 24-hour vulnerability reporting, risk classes, and penalties.

Jul 3, 20266 min read
Regulatory Compliance

NIS2's First Enforcement Wave (May 2026): What the Early Proceedings Tell Compliance Teams

By May 2026 the first NIS2 enforcement actions are surfacing across early-transposing member states, starting with registration and notification failures. We analyze what authorities are pursuing first and how to build evidence that survives the escalation.

May 20, 202611 min read
Regulatory Compliance

EU Cyber Resilience Act Vendor Obligations in 2026

The Cyber Resilience Act entered into force in December 2024 with a phased application schedule. The vendor obligations begin to bite in 2026 and accelerate through 2027.

Apr 29, 20266 min read
Regulatory Compliance

NIS2 Directive Supply Chain Obligations in 2026

NIS2 has been in force across the EU since October 2024, and member state enforcement is now operating in earnest. The supply chain obligations are the ones most organizations underestimated.

Apr 8, 20265 min read
Regulation

ENISA's CRA Single Reporting Platform Goes Live September 2026

From 11 September 2026, every CRA manufacturer must file a 24-hour early warning of actively exploited vulnerabilities through one ENISA-operated portal — and the platform is being built right now.

Mar 4, 20267 min read
Regulation

Germany's NIS2 Transposition: BSI Act in Force December 2025

Germany's NIS2 implementing law took effect 6 December 2025 with no transition period, expanding regulated entities from 4,500 to roughly 29,000 and giving the BSI direct sanction powers.

Jan 20, 20267 min read
Policy

ENISA Threat Landscape 2025: Supply Chain Section Decoded

ENISA's October 2025 report analysed 4,875 incidents from July 2024 to June 2025 and found phishing led at 60% of intrusions, with supply chain and slopsquatting as fast-growing vectors.

Nov 4, 20257 min read
Regulatory Compliance

EU NIS2 Directive: Enforcement at One Year

Twelve months after the NIS2 transposition deadline, enforcement is uneven, fines are real, and software supply chain obligations are starting to bite.

Aug 15, 20254 min read
Compliance

DORA Register of Information: Lessons From the First Submission

The 30 April 2025 ESA deadline forced banks and insurers to inventory every ICT contract against 105 prescribed data points — and exposed structural gaps in third-party data.

Jun 12, 20258 min read
Regulatory Compliance

DORA Operational Resilience: Software Implications

DORA became fully applicable January 17, 2025. Here's what Articles 6, 8, 28, and the ICT third-party RTS mean for the software you build, buy, and operate in the EU.

Jan 17, 20255 min read
Regulatory Compliance

GDPR Meets CRA: Software Overlap

GDPR Article 32 and the EU Cyber Resilience Act look like separate regimes, but for any software handling personal data they converge at the component level. Here's where they overlap and where they diverge.

Jul 22, 20247 min read
Compliance

GDPR and Software Supply Chain Obligations You Can't Ignore

GDPR's security requirements extend deep into software supply chains. Here's where data protection law meets dependency management.

Oct 8, 20226 min read
eu — Safeguard Blog