Safeguard
Tag

eu-cra

Safeguard articles tagged "eu-cra" — guides, analysis, and best practices for software supply chain and application security.

15 articles

Compliance

CRA Conformity Assessment: Choosing Between Modules A, B+C, and H

The CRA offers three conformity routes: Module A self-assessment, Module B+C type examination plus production conformity, and Module H quality management system audit.

Apr 7, 20267 min read
Compliance

Vulnerability management under the EU Cyber Resilience Ac...

The EU Cyber Resilience Act sets hard deadlines for vulnerability reporting and SBOMs. Here's what changes, when, and how Safeguard stacks up against Anchore.

Mar 25, 20267 min read
Compliance

EU CRA SBOM requirements overview and compliance tips

The EU Cyber Resilience Act makes SBOMs mandatory for connected products by December 2027. Here is what CRA compliance actually requires, and how to prepare.

Mar 25, 20267 min read
Regulatory Compliance

Reachability Analysis For EU CRA Due Diligence

EU CRA enforcement asks vendors and operators to demonstrate due diligence on software components. Reachability is the evidence that makes the demonstration honest.

Mar 10, 20263 min read
Regulation

CRA Article 14: 24-Hour Early Warning and 72-Hour Reporting Explained

Article 14 of the Cyber Resilience Act mandates dual notifications to coordinating CSIRTs and ENISA within 24 hours of awareness. Reporting starts 11 September 2026.

Mar 4, 20266 min read
Best Practices

How to Comply With EU CRA: A Practical Checklist

The EU Cyber Resilience Act requires vendors to ship secure-by-default products, provide SBOMs, and report exploited vulnerabilities within 24 hours. Here is a concrete compliance path.

Mar 3, 20267 min read
Compliance

EU Cyber Resilience Act: Your SBOM Obligations

The EU Cyber Resilience Act makes SBOMs a legal requirement for products with digital elements sold in Europe. Here is what the regulation actually demands, when the deadlines hit, and how to prepare.

Feb 12, 20266 min read
Compliance

EU Cyber Resilience Act Enforcement Timeline 2026

The EU Cyber Resilience Act is already biting in 2026. Here is the enforcement timeline manufacturers, integrators, and open source stewards need to internalize now.

Feb 11, 20268 min read
Regulation

CRA Product Classes: Implementing Regulation 2025/2392 Technical Descriptions

Commission Implementing Regulation (EU) 2025/2392 was signed on 28 November 2025, setting the technical descriptions for important and critical CRA product categories.

Jan 15, 20267 min read
Regulation

CRA Harmonised Standards: Inside CEN-CENELEC JTC 13 and Standardisation Request M/606

Standardisation Request M/606 was accepted in April 2025 with 41 harmonised standards to deliver by Q3 2026 to underpin CRA presumption of conformity.

Nov 12, 20257 min read
Regulation

CRA Open Source Software Stewards: Article 24's Light-Touch Regime

The CRA's open-source software steward concept under Article 24 creates a distinct, lighter set of obligations for foundations and non-profits supporting commercial OSS.

Oct 21, 20257 min read
Compliance

Software Transparency Goes Global: Regulatory Developments in 2025

From the EU Cyber Resilience Act to Japan's software security guidelines, governments worldwide are mandating software transparency. A comprehensive overview of the global regulatory landscape.

Apr 10, 20255 min read
eu-cra — Safeguard Blog