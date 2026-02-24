BearingPoint's new SBOM Management and CRA Compliance Services strengthen software supply chain security.

BearingPoint announces the launch of two new service offerings designed to address the growing complexity of software supply chains and the upcoming regulatory requirements under the EU Cyber Resilience Act (CRA): SBOM Management Services and CRA Compliance Services.

Modern software products often contain thousands of components, many of which are open source or sourced from third-party suppliers. As supply chain attacks become more frequent and regulations tighten, organizations need complete visibility into their software composition to manage risk effectively and meet compliance obligations. The EU Cyber Resilience Act, which comes into full effect in December 2027, mandates that manufacturers demonstrate exactly what is inside their products and how vulnerabilities are managed throughout the product lifecycle.

An integrated approach to software transparency and compliance

BearingPoint's SBOM Management Services deliver the foundational visibility that organizations require. The service covers the entire Software Bill of Materials (SBOM) lifecycle: strategy and readiness assessment, generation and integration into development workflows, quality assurance against industry standards such as CycloneDX and SPDX, vulnerability and license risk analytics, governance and policy implementation, supplier management, and audit-ready reporting.

Building on this foundation, BearingPoint's CRA Compliance Services ensure that software transparency translates into regulatory conformity. The service includes comprehensive OSS inventory and risk assessment, vulnerability management processes aligned with CRA reporting obligations, cybersecurity policy development, compliance documentation, and targeted training for engineering and compliance teams.

While the two services address distinct challenges, they are closely connected. SBOM management provides the structured, automated visibility that CRA compliance requires. Together, they enable organizations to understand their software composition, manage risks proactively, and demonstrate conformity to regulators and customers alike.

What sets BearingPoint apart

BearingPoint brings a distinctive combination of capabilities to these services. The firm offers an operational, end-to-end model that covers SBOM generation, quality assurance, policy enforcement, mitigation workflows, and audit support. The approach is vendor-agnostic and tool-neutral, adapting to each client's existing infrastructure rather than requiring specific technology choices.

With deep experience in open source license governance and compliance, BearingPoint is uniquely positioned to unify license, security, and compliance risk into a single SBOM-driven model. Both services are aligned with current and emerging regulations, including the CRA, NIS2, and U.S. Executive Order 14028.

Organizations can engage flexibly: starting with a pilot program, scaling to a full operating model, or fully outsourcing ongoing SBOM management to BearingPoint.

Industry perspectives

"The world around us is becoming increasingly digital, and every device we use today is built on software. Open source is everywhere and a key driver of innovation. At the same time, the risk of cyberattacks and incompliance is growing, and the need for real cyber resilience is becoming critical. With regulations such as the EU Cyber Resilience Act, this responsibility will soon be mandatory rather than optional. This is exactly where our new outcome-based service comes in: we combine best-of-breed software with deep expert capabilities and take end-to-end responsibility for ensuring software compliance and security for our clients. Not as a one-off effort, but as a measurable, sustainable outcome," says Frank Duscheck, Partner at BearingPoint.

"Once SBOMs become fully enforceable by the CRA, SBOM management is no longer a 'nice to have'. In the light of the CRA's lifecycle security and accountability requirements, SBOM management becomes the foundation for security by design, not just a compliance checkbox. Companies that invest early turn regulatory pressure into a competitive advantage. Our new CRA Compliance and SBOM Management services are a powerful instrument for companies of any size to make their CRA compliance journey smooth, efficient, and sustainable," adds Claus-Peter Wiedemann, Director Software Services, at BearingPoint.

