Products Intelligence Pricing Methodology Contact
TECHNOLOGY, AI & COMPETITION

Software Bill of Materials requirements

Software Bill of Materials requirements have become a direct compliance obligation for technology and AI companies, driven by the U.S. Cybersecurity and Infrastructure Security Agency's binding operational directives and the European Union Agency for Cybersecurity's guidance under the EU Cyber Resilience Act, which mandates machine-readable SBOMs for software placed on the EU market. The U.S. Office of Management and Budget's M-23-16 memo pushed federal software vendors to attest to secure development practices, with SBOM delivery as a core component, forcing compliance teams to map third-party component inventories against contractual and regulatory disclosure timelines now rather than at renewal.

Watch

  • EU Cyber Resilience Act SBOM format requirements: final delegated acts still pending
  • CISA's known exploited vulnerabilities catalog intersecting with SBOM disclosure duties for AI system vendors
  • OMB M-23-16 self-attestation deadlines for federal software suppliers in the AI toolchain
  • NTIA minimum elements standard: watch for agency-specific expansions beyond the 2021 baseline

Recent material activity in Technology, AI & Competition

  • Apr 11, 2026 MATERIAL

    NIST releases updated AI Risk Management Framework companion guide for critical infrastructure

    NIST published AI RMF 1.1 companion guidance specifically addressing AI deployment in critical infrastructure sectors including energy, financial services, and healthcare. The guide introduces mandatory risk assessment c…

    Read a full sample brief →