CRA

An EU regulation requiring manufacturers and distributors of products with digital elements to meet cybersecurity requirements throughout the product lifecycle. Key obligations include SBOM provision, vulnerability handling, and security updates. Enforcement begins in phases from September 2026 (vulnerability reporting) through December 2027 (full enforcement). Affects any company selling software or connected hardware into EU markets.