eu-cra
Safeguard articles tagged "eu-cra" — guides, analysis, and best practices for software supply chain and application security.
15 articles
CRA Conformity Assessment: Choosing Between Modules A, B+C, and H
The CRA offers three conformity routes: Module A self-assessment, Module B+C type examination plus production conformity, and Module H quality management system audit.
Vulnerability management under the EU Cyber Resilience Ac...
The EU Cyber Resilience Act sets hard deadlines for vulnerability reporting and SBOMs. Here's what changes, when, and how Safeguard stacks up against Anchore.
EU CRA SBOM requirements overview and compliance tips
The EU Cyber Resilience Act makes SBOMs mandatory for connected products by December 2027. Here is what CRA compliance actually requires, and how to prepare.
Reachability Analysis For EU CRA Due Diligence
EU CRA enforcement asks vendors and operators to demonstrate due diligence on software components. Reachability is the evidence that makes the demonstration honest.
CRA Article 14: 24-Hour Early Warning and 72-Hour Reporting Explained
Article 14 of the Cyber Resilience Act mandates dual notifications to coordinating CSIRTs and ENISA within 24 hours of awareness. Reporting starts 11 September 2026.
How to Comply With EU CRA: A Practical Checklist
The EU Cyber Resilience Act requires vendors to ship secure-by-default products, provide SBOMs, and report exploited vulnerabilities within 24 hours. Here is a concrete compliance path.
EU Cyber Resilience Act: Your SBOM Obligations
The EU Cyber Resilience Act makes SBOMs a legal requirement for products with digital elements sold in Europe. Here is what the regulation actually demands, when the deadlines hit, and how to prepare.
EU Cyber Resilience Act Enforcement Timeline 2026
The EU Cyber Resilience Act is already biting in 2026. Here is the enforcement timeline manufacturers, integrators, and open source stewards need to internalize now.
CRA Product Classes: Implementing Regulation 2025/2392 Technical Descriptions
Commission Implementing Regulation (EU) 2025/2392 was signed on 28 November 2025, setting the technical descriptions for important and critical CRA product categories.
CRA Harmonised Standards: Inside CEN-CENELEC JTC 13 and Standardisation Request M/606
Standardisation Request M/606 was accepted in April 2025 with 41 harmonised standards to deliver by Q3 2026 to underpin CRA presumption of conformity.
CRA Open Source Software Stewards: Article 24's Light-Touch Regime
The CRA's open-source software steward concept under Article 24 creates a distinct, lighter set of obligations for foundations and non-profits supporting commercial OSS.
Software Transparency Goes Global: Regulatory Developments in 2025
From the EU Cyber Resilience Act to Japan's software security guidelines, governments worldwide are mandating software transparency. A comprehensive overview of the global regulatory landscape.