EU launches ICT Supply Chain Security Toolbox to address cybersecurity risks
On 30 January 2026, the NIS Cooperation Group, comprising representatives of EU Member States, the European Commission and the EU Agency for Cybersecurity (ENISA), adopted the EU ICT Supply Chain Security Toolbox, establishing a common EU approach to identifying, assessing and mitigating cybersecurity risks across ICT supply chains. The toolbox provides a structured, non-binding framework […]
Cyber Resilience Act: Technical Descriptions for Important and Critical Products Are Published
The European Commission has adopted Implementing Regulation (EU) 2025/2392, providing the technical descriptions for the categories of important and critical products with digital elements under the Cyber Resilience Act (Regulation (EU) 2024/2847). The CRA establishes a tiered regulatory framework, whereby the required level of assurance depends on a product’s core functionality and the associated cybersecurity […]
Cyber Resilience Act enters into force
On 10 December 2024 the Cyber Resilience Act entered into force. The regulation aims to: You can find the full regulation in our compliance tracker here.