Latest Compliance News & Updates
Stay informed with real-time updates on EU CRA, SBOM requirements, and cybersecurity compliance developments.
Commission publishes for feedback draft guidance to assist companies in applying the Cyber Resilience Act
The European Commission has published draft guidance for public feedback to help companies meet their CRA obligations. The guidance clarifies scope and obligations with a focus on microenterprises and SMEs, covering remote data processing, free and open-source software, support periods, and interplay with other EU legislation. Stakeholder consultation runs until 31 March 2026.
Commission strengthens EU cybersecurity resilience and capabilities
European Commission proposes comprehensive cybersecurity package including revised Cybersecurity Act, NIS2 Directive amendments, and strengthened ENISA mandate. Package introduces harmonized risk-based framework for ICT supply chain security across 18 critical sectors, simplified certification for cyber-secure products, and enhanced ransomware response capabilities.
CRA Vulnerability Reporting Deadline Approaching: 8 Months Until Mandatory Compliance
With September 11, 2026 fast approaching, manufacturers must establish vulnerability handling processes and incident reporting procedures. Article 14 obligations become enforceable in 8 months, requiring immediate preparation.
European Commission Publishes Official CRA FAQ and Implementation Hub
EC releases comprehensive FAQ document and dedicated implementation website to guide manufacturers through Cyber Resilience Act compliance. Resources include clarifications on product categorization, SBOM requirements, and conformity assessment procedures.
Germany Releases BSI Technical Guideline TR-03183 for CRA Compliance
German Federal Office for Information Security publishes comprehensive technical guidance for implementing EU Cyber Resilience Act requirements. Available in German and English, providing practical interpretation for manufacturers.
Multiple EU Member States Release National CRA Implementation Guidance
Belgium, Netherlands, and Poland join Germany in publishing national guidance documents for Cyber Resilience Act compliance. Resources provide country-specific interpretations and practical implementation advice for manufacturers.
EU Cyber Resilience Act: New Security Requirements for Digital Products
The European Union finalizes groundbreaking legislation requiring cybersecurity measures for all digital products sold in the EU market, including mandatory vulnerability disclosure.
CISA Mandates SBOM Requirements for Federal Software Procurement
The Cybersecurity and Infrastructure Security Agency announces new Software Bill of Materials requirements for all federal software purchases, setting the standard for transparency.
CSAF 2.1 Standard Released: Enhanced Vulnerability Exchange Format
The Common Security Advisory Framework introduces new capabilities for machine-readable vulnerability advisories, improving automated security response.
EU CRA Compliance Deadlines: 2026 Vulnerability Reporting and 2027 Full Implementation
Industry experts emphasize that organizations must implement Cyber Resilience Act requirements urgently, with vulnerability reporting mandatory September 2026 and full compliance by December 2027. Penalties up to 2.5% of global turnover.
NTIA Releases Comprehensive SBOM Generation Guidelines
The National Telecommunications and Information Administration publishes detailed guidance for creating effective Software Bills of Materials across different ecosystems.
Major Software Vendors Adopt CSAF for Vulnerability Disclosure
Leading technology companies including Microsoft, Red Hat, and Cisco announce adoption of CSAF standard for publishing security advisories.
How Prismor Helps with CRA Compliance
Prismor is the only platform that combines deep regulatory expertise with automated security tooling, so your team can meet EU CRA requirements without manual overhead.
Vulnerability Fixes
Automatically detect and fix known CVEs across your entire dependency tree, no manual patching required.
SBOM & VEX Generation with Compliance Reporting
Produce CycloneDX and SPDX-compliant SBOMs and VEX documents automatically on every build, with audit-ready reports aligned to EU CRA.
Software Supply Chain Monitoring
Continuous monitoring of your software supply chain with real-time alerts on new vulnerabilities and dependency changes.