Blog
Compliance deadlines, in plain terms
EU AI Act, CRA, and FedRAMP timelines, plus changelog notes. Each post ladders you back to a free scan.
- DORA ICT risk and third-party code obligations, explainedDORA applies to EU financial entities and their ICT providers. Here is what the ICT risk and third-party rules expect, and how continuous code-security findings fit.June 22, 2026
- NIS2 secure-development duties — what in-scope teams oweThe NIS2 Directive pushes secure development and vulnerability handling onto more EU entities. Here is what those duties mean for engineering teams, and how to get a baseline read.June 18, 2026
- ISO 27001 Annex A 8.28 secure coding, and the evidence it asks forThe 2022 revision of ISO/IEC 27001 added a secure coding control. Here is what 8.28 expects and how engineering teams produce the evidence.June 2, 2026
- Check EU AI Act compliance in 3 minutesThe EU AI Act obligations are landing in phases. Here is what applies, when, and how to get a baseline read fast.May 12, 2026
- PCI DSS 4.0 Requirement 6 — what secure software teams must meetPCI DSS 4.0 is now mandatory. Requirement 6 reshapes how software development and vulnerability management are evidenced. Here is what changed and how to get a baseline read fast.April 28, 2026
- The Cyber Resilience Act timeline, in plain termsThe EU CRA puts security obligations on products with digital elements. Here is the timeline and how to get ahead of it.April 3, 2026
- FedRAMP 20x and the shift to continuous evidenceFedRAMP 20x is moving authorization toward machine-readable, continuously validated evidence. Here is what changes for engineering teams.March 18, 2026
