BearingPoint launches new services to help organizations gain full software transparency and meet EU Cyber Resilience Act requirements ahead of the 2027 deadline

AMSTERDAM--(BUSINESS WIRE)--BearingPoint announces the launch of two new service offerings designed to address the growing complexity of software supply chains and the upcoming regulatory requirements under the EU Cyber Resilience Act (CRA): SBOM Management Services and CRA Compliance Services.

In the light of the CRA’s lifecycle security and accountability requirements, SBOM management becomes the foundation for security by design.

Share

Modern software products often contain thousands of components, many of which are open source or sourced from third-party suppliers. As supply chain attacks become more frequent and regulations tighten, organizations need complete visibility into their software composition to manage risk effectively and meet compliance obligations. The EU Cyber Resilience Act, which comes into full effect in December 2027, mandates that manufacturers demonstrate exactly what is inside their products and how vulnerabilities are managed throughout the product lifecycle.

An integrated approach to software transparency and compliance

BearingPoint's SBOM Management Services deliver the foundational visibility that organizations require. The service covers the entire Software Bill of Materials (SBOM) lifecycle: strategy and readiness assessment, generation and integration into development workflows, quality assurance against industry standards such as CycloneDX and SPDX, vulnerability and license risk analytics, governance and policy implementation, supplier management, and audit-ready reporting.

Building on this foundation, BearingPoint's CRA Compliance Services ensure that software transparency translates into regulatory conformity. The service includes comprehensive OSS inventory and risk assessment, vulnerability management processes aligned with CRA reporting obligations, cybersecurity policy development, compliance documentation, and targeted training for engineering and compliance teams.

While the two services address distinct challenges, they are closely connected. SBOM management provides the structured, automated visibility that CRA compliance requires. Together, they enable organizations to understand their software composition, manage risks proactively, and demonstrate conformity to regulators and customers alike.

What sets BearingPoint apart

BearingPoint brings a distinctive combination of capabilities to these services. The firm offers an operational, end-to-end model that covers SBOM generation, quality assurance, policy enforcement, mitigation workflows, and audit support. The approach is vendor-agnostic and tool-neutral, adapting to each client's existing infrastructure rather than requiring specific technology choices.

With deep experience in open source license governance and compliance, BearingPoint is uniquely positioned to unify license, security, and compliance risk into a single SBOM-driven model. Both services are aligned with current and emerging regulations, including the CRA, NIS2, and U.S. Executive Order 14028.

Organizations can engage flexibly: starting with a pilot program, scaling to a full operating model, or fully outsourcing ongoing SBOM management to BearingPoint.

Industry perspectives

“The world around us is becoming increasingly digital, and every device we use today is built on software. Open source is everywhere and a key driver of innovation. At the same time, the risk of cyberattacks and incompliance is growing, and the need for real cyber resilience is becoming critical. With regulations such as the EU Cyber Resilience Act, this responsibility will soon be mandatory rather than optional. This is exactly where our new outcome‑based service comes in: we combine best‑of‑breed software with deep expert capabilities and take end‑to‑end responsibility for ensuring software compliance and security for our clients. Not as a one‑off effort, but as a measurable, sustainable outcome,” says Frank Duscheck, Partner at BearingPoint.

“Once SBOMs become fully enforceable by the CRA, SBOM management is no longer a ‘nice to have’. In the light of the CRA’s lifecycle security and accountability requirements, SBOM management becomes the foundation for security by design, not just a compliance checkbox. Companies that invest early turn regulatory pressure into a competitive advantage. Our new CRA Compliance and SBOM Management services are a powerful instrument for companies of any size to make their CRA compliance journey smooth, efficient, and sustainable,” adds Claus-Peter Wiedemann, Director Software Services, at BearingPoint.

BearingPoint's SBOM Management Services and CRA Compliance Services are available now. To learn more or schedule a consultation, visit:

SBOM Management Services: https://bearingpoint.services/foss/en/our-services/sbom-management-services/

CRA Compliance Services : https://bearingpoint.services/foss/en/our-services/cyber-resilience-act-cra-compliance-services/

About BearingPoint

BearingPoint is an independent management and technology consultancy with European roots and a global reach. We help businesses transform by combining deep industry expertise with strong capabilities in strategy, operations, and technology. Dedicated SAP and Microsoft transformation units, a strong focus on AI, and outcome-based products enable us to provide tailored, innovative solutions that create measurable and sustainable value.

In addition to our core consulting operations, we run two joint ventures. Arcwide, our joint venture with IFS, specializes in business transformation enabled by IFS technology. BearingPoint North America, our joint venture with ABeam Consulting, focuses on consulting excellence and business transformation built on SAP.

BearingPoint works with many of the world’s leading companies and public-sector organizations. Together with its strategic alliance partner ABeam Consulting, the firm brings together more than 15,000 professionals and serves clients in over 70 countries, delivering seamless business transformation, strengthening performance, and driving sustainable impact.

BearingPoint is recognized among TIME World’s Best Companies and Forbes World’s Best Employers. The firm is also a certified B Corporation, committed to responsible business and creating long-term value for organizations, people, and society.

For more information, please visit:
Homepage: www.bearingpoint.com
LinkedIn: www.linkedin.com/company/bearingpoint