Recent Cybersecurity regulations in the EU impact providers of digital products by setting down new requirements along the software supply chain. Our Cyber Resilience Act (CRA) checklist covers key elements of CRA and how the Sonatype platform enables compliance for your organization.
What is the Cyber Resilience Act, and why is this happening now?
The European Parliament approved CRA in March 2024, and the regulations will be enforceable by 2027. This EU-wide act is part of a growing trend of legislation aiming to improve cybersecurity around the world. Specifically, the CRA sets a standard for digital resiliency in the EU through a focus on the security of the software supply chain by placing key requirements for the security of software components, vulnerability handling, and reporting requirements on suppliers.
What does this mean for you?
That last part has real consequences for providers of software. Meeting the software development prerequisites, mandatory documentation, and reporting requirements is essential. Organizations will be held accountable if any software or hardware product that contains digital elements is found to be non-compliant. If products are discovered to be non-compliant, sanctions will apply, including fines of up to €15 million or 2.5% of a company's global annual turnover, whichever is higher.
Get started
The Sonatype platform helps developers meet the requirements of CRA by enabling them to identify vulnerabilities and gather the mandatory documentation and compliance information. To make sure your team understands the components of CRA and the steps to take to ensure compliance download our checklist.
