Software Bill of Materials requirements
Software Bill of Materials requirements are landing squarely in the Trade and Geopolitical Risk sector, driven by parallel mandates from the U.S. Cybersecurity and Infrastructure Security Agency under the Biden-era executive order framework and the European Commission's Cyber Resilience Act, which formally entered force in late 2024. Compliance teams at firms with cross-border technology supply chains are now mapping SBOM disclosure obligations against vendor contracts and export control classifications simultaneously. The friction point is real: an SBOM that satisfies a domestic procurement requirement may expose component-level sourcing data that triggers scrutiny under foreign investment screening regimes.
Watch
- Cyber Resilience Act SBOM provisions: EU enforcement timeline and importer obligations
- CISA minimum SBOM element standards applied to federal contractor supply chains
- Dual-use classification risk when SBOM data discloses controlled technology components
- OMB Memorandum M-22-18 self-attestation deadline extensions and scope clarifications
Recent material activity in Trade & Geopolitical Risk
-
OFAC designates 14 entities linked to Russian defense procurement network
The Treasury Department's Office of Foreign Assets Control added 14 entities and 6 individuals to the Specially Designated Nationals list for their roles in procuring critical technology components for Russia's defense i…
Read a full sample brief → -
BIS adds 22 Chinese semiconductor entities to Entity List for advanced chip diversion
The Bureau of Industry and Security expanded export controls targeting Chinese semiconductor entities found to be diverting advanced computing chips through third-country intermediaries. New license requirements affect i…
Read a full sample brief →