[Rebroadcast] Webinar: 'Only 3 Months Until Mandatory Incident Reporting for Manufacturers—Is Your CRA Compliance Stalled?'

In the manufacturing industry, quality control for digital products is highly prioritized, and many companies have already implemented corresponding measures. However, these existing processes may not be directly applicable to the software design and management required for CRA compliance. Even for manufacturers that already possess an SBOM, many are merely extensions of Excel-based ledger management. These often lack the necessary information for incident reporting and the 'rapid vulnerability response' critical during such events. Without solving this, companies cannot claim to be compliant with CRA reporting obligations. Building and operating an SBOM that allows for rapid response when vulnerabilities are disclosed is essential for CRA compliance. The incident response mandate under the EU Cyber Resilience Act (EU CRA) will take effect on September 11, 2026. This requires manufacturers selling digital products in the EU market to report serious security incidents or vulnerabilities to the EU. The regulation demands transparency and notification regarding product vulnerabilities, detection and reporting of major incidents, and security responses to users to explain the absence of known vulnerabilities. However, determining what constitutes CRA compliance and adapting existing business processes is difficult, and many companies have yet to take concrete steps. This seminar will start with 'risk analysis,' which the EU CRA emphasizes, and explain what tests to conduct and what needs to be verified and proven. It is important not just to detect vulnerabilities, but to create a state where product composition (SBOM), development/verification processes, and the absence of known vulnerabilities can be explained as technical documentation. Furthermore, regarding SBOM management, which is essential for CRA compliance, we will organize the key points for creating, updating, and sharing, and introduce how to implement and operate using 'SBOM.JP' with specific examples. 'SBOM.JP' is not a general vulnerability matching tool, but a management package software for manufacturers that can manage software across the entire supply chain. By using this tool as a core, we will present practical solutions that can advance CRA compliance at the operational level by clarifying the overall picture and operational processes.