Semgrep eventsAs sports fans get ready for football’s biggest tournament, security pros are preparing for a different kind of international showdown. The EU Cyber Resilience Act is coming soon (like England's next World Cup triumph...), and it's the most significant mandatory cybersecurity regulation for software and hardware products in a generation. But who actually needs to comply, and exactly how you execute the perfect game plan, is not super clear.
The CRA applies to products with digital elements: software or hardware that connects to a network and ships a physical artefact, desktop app, firmware, or downloadable component. Pure SaaS with no client? You may be out of scope. But if you have an SDK, an agent, or a desktop client – you're in. Either way, a lot of the requirements are just the building blocks of a good security program – i.e. worth paying attention to, regardless of whether you're on the pitch.
In this webinar, Dr Katie Paxton-Fear cuts through the confusion to explain exactly who the CRA applies to, what the six core obligations require, and what your engineering team needs to do before the deadlines (reporting in September 2026, full compliance in December 2027). You'll leave knowing:
Whether you're in scope;
What a practical compliance programme looks like;
How you can take inspiration from this legislation to level up your security program, putting it on a world-class footing.