eu-regulation
Safeguard articles tagged "eu-regulation" — guides, analysis, and best practices for software supply chain and application security.
12 articles
A Practical Guide to EU Cyber Resilience Act Compliance
The CRA's 24-hour vulnerability reporting clock starts 11 September 2026. Here's how to build the SDLC changes now instead of scrambling later.
DORA compliance for application risk management
DORA became fully applicable on 17 January 2025 with no grace period, and its ICT risk-management articles map almost line-for-line onto standard AppSec practice.
NIS2 Directive explained: the software and supply-chain obligations
NIS2 rewired EU cybersecurity law around supply-chain security, vulnerability handling, and 24-hour incident reporting. Here is who is in scope and what your software teams now have to prove.
What is the EU Cyber Resilience Act (CRA)? A software supply chain guide
The Cyber Resilience Act sets binding cybersecurity rules for products with digital elements sold in the EU. Here's who it covers, what it demands of software, and how to prepare before the 2027 deadline.
Cyber Resilience Act (CRA) Compliance for Software Vendors
CRA reporting duties start Sept 2026; fines reach 2.5% of global turnover. What software vendors must do for SBOMs, vulnerability reporting, and audits.
DORA Financial Services Supply Chain Obligations in 2026
The Digital Operational Resilience Act has been in application since January 2025. The ICT third-party risk management obligations are the operational center of gravity in 2026.
The EU Cyber Resilience Act Explained for Software Vendors
What the EU CRA actually requires from software vendors — SBOMs, vulnerability handling, CE marking, timelines through 2027, and penalties up to EUR 15M.
DORA Third-Party ICT Risk for Financial Services 2026
A senior engineer's view of DORA third-party ICT risk in 2026: register of information, concentration risk, subcontractor depth, and the operational controls regulators actually test.
What is the EU Cyber Resilience Act
The EU Cyber Resilience Act sets binding cybersecurity rules for digital products, with reporting due by Sept 2026 and full compliance by Dec 2027.
NIS2 Directive: What EU Software Vendors Must Do Now
NIS2 is in force, transposition is late in half the EU, and the obligations bind anyway if you're in scope. The supply chain security and 24-hour reporting duties, decoded.
EU Cyber Resilience Act: Final Text Analysis and Compliance Roadmap
The EU Cyber Resilience Act was finalized in 2024, mandating cybersecurity requirements and SBOMs for products with digital elements. Here is what the final text requires and how to prepare.
EU NIS2 Directive: What Software Supply Chain Teams Need to Know
The NIS2 Directive imposes new cybersecurity obligations across the EU, with specific requirements for supply chain risk management that affect software vendors and their customers.