Compliance
European Cybersecurity Certification Conference, 15 Apr 2026
Field notes from ENISA's 15 April 2026 conference: CSA2, the new ECCF, CRA conformity, the CAB capacity gap, EUDI Wallet, and the EU MSS scheme.
Cyber Resilience Act Blog
Analysis and practical guidance on the EU Cyber Resilience Act. Regulation explainers, SBOM tooling, vulnerability workflows, and ENISA reporting, written for manufacturers, importers, and distributors.
Compliance
CRA Conformity: Lessons from ENISA's EUDI Wallet Scheme [2026]
ENISA's first EU cybersecurity certification scheme requires SBOMs, rejects ISO 27001 alone, and puts suppliers in the certification chain. CRA implications.
Country & Market Guides
ECSMAF v3.0 Explained: How ENISA Maps the EU Cybersecurity Market
ENISA's ECSMAF v3.0 defines how the EU categorises and monitors its cybersecurity market. We break down the supply-side taxonomy, CRA integration, and what it means for manufacturers.
Vulnerability Management
ENISA's Secure by Design Playbook: What It Means for Product Teams Under the CRA
ENISA's Security by Design and Default Playbook (v0.4, March 2026) gives SMEs 22 practical checklists for CRA compliance. We break down the principles, lifecycle activities, threat modelling process, and CRA mapping.
Compliance
The CRA Gets Its Instruction Manual: What the Commission Guidance Means for You
The European Commission released draft guidance on the Cyber Resilience Act (Ares(2026)2319816). We break down the 9 key rulings on SaaS scope, legacy products, open source, and reporting obligations.
Compliance
How to Generate a Firmware SBOM: Open Source Tools and Workflows
Generate a firmware SBOM using Yocto, Buildroot, EMBA, or Syft. Step-by-step workflows for CRA compliance before the September 2026 ENISA reporting deadline.
Stay in the loop
Get notified when we publish new articles about CRA compliance and product security.