Recent cybersecurity regulations in the EU impact providers of digital products by setting down new requirements along the software supply chain. Our Cyber Resilience Act (CRA) checklist covers key elements of CRA and how the Sonatype Platform enables compliance for your organization.
The European Parliament approved CRA in March 2024, and the regulations will be enforceable by 2027. This EU-wide act is part of a growing trend of legislation aiming to improve cybersecurity around the world. Specifically, the CRA sets a standard for digital resiliency in the EU through a focus on the security of the software supply chain by placing key requirements for the security of software components, vulnerability handling, and reporting requirements on suppliers.
That last part has real consequences for software providers. Meeting the software development prerequisites, mandatory documentation, and reporting requirements is essential. Organizations will be held accountable if any software or hardware product that contains digital elements is non-compliant. If products are discovered to be non-compliant, sanctions will apply, including fines of up to €15 million or 2.5% of a company's global annual turnover, whichever is higher.
The Sonatype Platform helps developers meet the requirements of CRA by identifying vulnerabilities and gathering mandatory documentation and compliance information. To ensure your team understands the components of CRA and the steps to take to ensure compliance, download our checklist.