Understanding SBOM Regulations & Compliance

The UNECE R155 WP.29 regulation mandates that all automotive manufacturers and suppliers implement robust cybersecurity management systems for vehicles, ensuring the secure development, maintenance, and monitoring of automotive software. This regulation is expected to take effect progressively starting in 2024. Exodos Labs supports organizations in meeting these requirements by providing tools to securely manage cybersecurity documentation, evidence, and compliance workflows. The platform facilitates easy reporting to regulatory authorities and supports continuous monitoring of cybersecurity risks throughout the vehicle lifecycle. Features such as secure data storage, role-based access control, and integration with vulnerability management systems help streamline compliance and audit readiness.

The EU Cyber Resilience Act will require any company placing software or hardware products on the EU market to create and maintain SBOMs, with the regulation expected to take effect in 2027. Exodos Labs ensures organizations can securely store, and organize SBOMs as required. The platform makes it easy to provide SBOMs to market surveillance authorities or customers upon request, fulfilling the EU CRA mandate for inclusion in technical documentation. Exodos also offers features such as secure storage, attribute-based access control, and integration with vulnerability and license databases, streamlining compliance and simplifying the audit process.

The FDA’s Software Bill of Materials (SBOM) guidance requires medical device manufacturers to provide SBOMs for software used in medical devices to enhance transparency and cybersecurity throughout the device lifecycle. This guidance aims to improve risk management and vulnerability tracking in healthcare technology and is becoming increasingly important for regulatory submissions. Exodos Labs helps organizations securely create, store, and manage SBOMs to meet FDA expectations. The platform enables easy sharing of SBOMs with regulators and healthcare providers, supports fine-grained access control, and integrates with vulnerability and license databases to streamline compliance and auditing processes.

The EU NIS-2 Directive strengthens cybersecurity requirements for essential and important entities across the EU, mandating improved risk management, incident reporting, and supply chain security. Organizations covered by NIS-2 must enhance their operational resilience and ensure secure management of digital assets, including documentation like SBOMs where applicable. Exodos Labs supports compliance by enabling secure storage, organization, and sharing of cybersecurity documentation with authorities or partners upon request. The platform’s features—such as attribute-based access control, integration with vulnerability databases, and audit-ready reporting—help organizations meet NIS-2 mandates efficiently.