Skip Navigation
Resources Blog Compliance webinar series: Understanding the Cyber ...

Compliance webinar series: Understanding the Cyber Resilience Act

Compliance webinar series: Understanding the Cyber Resilience Act
2:08

If your organization is not already preparing to comply with the Cyber Resilience Act (CRA), now's the time to begin. This is a European-wide regulation, which means it will be implemented in the same way across all European Union (EU) member states. However, its practical application will impact anyone placing digital products or products with digital elements into the European market.

We ended our Summer of Software Regulations & Compliance webinar series with Eloise Ryon, Senior Manager of European and Digital Policy at Schneider Electronic. Her discussion with Ilkka Turunen, Field CTO at Sonatype, covered some of the far-reaching impacts of the CRA and what it means for development and the future of innovation.

CRA represents a step change in regulating resilience

As society becomes more connected and reliance upon digital products increases, the goal of the CRA is to raise the bar for products to meet essential security requirements.

Even though the industry is still waiting for the text of the legislation to be finalized, it will go into effect at the end of 2027.

One of its key provisions is that every piece of software will be required to get a CE mark indicating compliance. Getting the mark and maintaining the ability to do business in the EU should catalyze organizations to do what they can to ensure compliance and business continuity.

Every business is now a regulated business, and SBOMs are critical

A key component is the requirement that every component within the software supply chain needs to be understood in order to guarantee they are not shipping exploitable software. This almost requires an automated approach to managing software bills of materials (SBOMs).

These new requirements have raised concerns about how innovation might suffer as a result of more regulations. The reality is that the world's software supply chains are being targeted more and more frequently, and regulations like CRA can help raise the bar industry-wide for cybersecurity standards.

You can watch Understanding the Cyber Resilience Act on demand now.

Picture of Hannah Laurence

Written by Hannah Laurence

Hannah is the Global Campaign Manager at Sonatype, leveraging over 10 years of marketing experience in the SaaS B2B industry. In her role, she focuses on understanding upcoming regulations and compliance issues across the globe, assessing their impact on customers, and educating them on how to best prepare for compliance.