FlagThis

Abstract

The EU Cyber Resilience Act (CRA) becoming fully applicable in December 2027, transforms the supply chain security landscape by making security-by-design and security-by-default, a legal obligation for all digital products entering the EU market. Software supply chain transparency thus becomes a required cybersecurity capability, positioning the Software Bill of Materials (SBOM) as an enabler and key mechanism for operational efficiency, vulnerability management, third-party risk management, and regulatory compliance. SBOM is defined as a formal record containing details and supply chain relationships of components included in the software elements of a product with digital elements. It provides visibility of the components, libraries, dependencies and licencing requirements in a software product.