regulatory
Safeguard articles tagged "regulatory" — guides, analysis, and best practices for software supply chain and application security.
19 articles
EU CRA Enforcement First Year: What Changed
A senior engineer's review of the first year of EU Cyber Resilience Act enforcement, what regulators actually asked for, what vendors got wrong, and where the bar moves next.
EU AI Act High-Risk System Obligations
A senior engineer's breakdown of the EU AI Act high-risk system obligations as they apply in 2026, with a focus on documentation, supply chain, and ongoing monitoring.
CISA Secure-By-Design Pledge Update 2026
A senior engineer's view of where the CISA Secure-By-Design pledge stands in 2026, what signatories actually delivered, and what the second wave of expectations looks like.
Telecom Supply Chain Risk Controls in 2026
Practical supply chain controls for telecom operators in 2026, covering RAN software, OSS/BSS stacks, and the regulatory pressure from FCC and ENISA frameworks.
CMMC 2.0 Rollout: Where Deadlines Actually Are
A senior engineer's guide to where CMMC 2.0 deadlines actually sit in 2026, what assessors are looking for, and how supply chain controls fit into the certification path.
NYDFS 500 Software Supply Chain Implications
A senior engineer's view of how NYDFS Part 500 amendments through 2025 and 2026 reshape software supply chain expectations for regulated financial institutions.
India CERT-In Software Supply Chain Update
A senior engineer's view of how CERT-In directives in 2025 and 2026 are reshaping software supply chain expectations for organizations operating in India.
SEC Cyber Disclosure Rules: Year Two
A senior engineer's view of the second-year impact of SEC cybersecurity disclosure rules, what filings actually look like, and where supply chain risk fits in.
FTC Data Broker Rule And Supply Chain Overlap
A senior engineer's view of how FTC data broker rulemaking through 2025 and 2026 intersects with software supply chain expectations for organizations handling personal data.
DORA Financial Sector Supply Chain Controls
A senior engineer's view of how DORA's ICT third-party risk management requirements are reshaping software supply chain controls across European financial services.
Australia Essential Eight 2026: Supply Chain
A senior engineer's view of how Australia's Essential Eight evolved through 2025 and 2026 to incorporate software supply chain expectations alongside the original mitigations.
PCI DSS 4.0 Alignment: Griffin AI vs Mythos
PCI DSS 4.0 raised the evidence bar for software security, supplier management, and continuous assurance. Griffin AI meets the new requirements with persisted records. Mythos-class pure-LLM tools leave QSAs asking for artifacts.