Compliance
The EU Cyber Resilience Act Explained for Software Vendors
What the EU CRA actually requires from software vendors — SBOMs, vulnerability handling, CE marking, timelines through 2027, and penalties up to EUR 15M.
Apr 10, 20268 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
What the EU CRA actually requires from software vendors — SBOMs, vulnerability handling, CE marking, timelines through 2027, and penalties up to EUR 15M.
A 2026 reality check on EU AI Act enforcement: which obligations are active, what regulators expect, and the technical evidence enterprises must produce.
A data-grounded analysis of CISA Known Exploited Vulnerabilities catalog growth through 2025 and 2026, and the operational implications for defenders.
A 2026 enforcement update on California SB-327, the IoT security statute that set a national precedent, and what manufacturers and integrators need to know.
OMB M-22-18 and the CISA Secure Software Self-Attestation form continue to evolve. Here is what producers and federal buyers must change in 2026.
A senior engineer's view of the Digital Personal Data Protection Act in 2026: security safeguards, significant data fiduciaries, breach notification, and software controls that actually comply.
The UK PSTI Act's first year of enforcement reveals how consumer IoT vendors are struggling with minimum security requirements, password rules, and disclosure policies.
A senior engineer's guide to FDA premarket cybersecurity for medical devices in 2026: section 524B, SBOM expectations, SPDF, and what reviewers actually ask about.
The EU AI Act's 2026 obligations reshape software supply chain requirements for AI system providers, deployers, and upstream model suppliers across every sector.
Weekly insights on software supply chain security, delivered to your inbox.