BearingPoint launches new services to help organizations gain full software transparency and meet EU Cyber Resilience Act requirements ahead of the 2027 deadline

AMSTERDAM--(BUSINESS WIRE)--Feb 24, 2026--

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260224192962/en/

Modern software products often contain thousands of components, many of which are open source or sourced from third-party suppliers. As supply chain attacks become more frequent and regulations tighten, organizations need complete visibility into their software composition to manage risk effectively and meet compliance obligations. The EU Cyber Resilience Act, which comes into full effect in December 2027, mandates that manufacturers demonstrate exactly what is inside their products and how vulnerabilities are managed throughout the product lifecycle.

An integrated approach to software transparency and compliance

BearingPoint's SBOM Management Services deliver the foundational visibility that organizations require. The service covers the entire Software Bill of Materials (SBOM) lifecycle: strategy and readiness assessment, generation and integration into development workflows, quality assurance against industry standards such as CycloneDX and SPDX, vulnerability and license risk analytics, governance and policy implementation, supplier management, and audit-ready reporting.

Building on this foundation, BearingPoint's CRA Compliance Services ensure that software transparency translates into regulatory conformity. The service includes comprehensive OSS inventory and risk assessment, vulnerability management processes aligned with CRA reporting obligations, cybersecurity policy development, compliance documentation, and targeted training for engineering and compliance teams.

While the two services address distinct challenges, they are closely connected. SBOM management provides the structured, automated visibility that CRA compliance requires. Together, they enable organizations to understand their software composition, manage risks proactively, and demonstrate conformity to regulators and customers alike.

What sets BearingPoint apart

BearingPoint brings a distinctive combination of capabilities to these services. The firm offers an operational, end-to-end model that covers SBOM generation, quality assurance, policy enforcement, mitigation workflows, and audit support. The approach is vendor-agnostic and tool-neutral, adapting to each client's existing infrastructure rather than requiring specific technology choices.

With deep experience in open source license governance and compliance, BearingPoint is uniquely positioned to unify license, security, and compliance risk into a single SBOM-driven model. Both services are aligned with current and emerging regulations, including the CRA, NIS2, and U.S. Executive Order 14028.

Organizations can engage flexibly: starting with a pilot program, scaling to a full operating model, or fully outsourcing ongoing SBOM management to BearingPoint.

Industry perspectives

“The world around us is becoming increasingly digital, and every device we use today is built on software. Open source is everywhere and a key driver of innovation. At the same time, the risk of cyberattacks and incompliance is growing, and the need for real cyber resilience is becoming critical. With regulations such as the EU Cyber Resilience Act, this responsibility will soon be mandatory rather than optional. This is exactly where our new outcome‑based service comes in: we combine best‑of‑breed software with deep expert capabilities and take end‑to‑end responsibility for ensuring software compliance and security for our clients. Not as a one‑off effort, but as a measurable, sustainable outcome,” says Frank Duscheck, Partner at BearingPoint.

“Once SBOMs become fully enforceable by the CRA, SBOM management is no longer a ‘nice to have’. In the light of the CRA’s lifecycle security and accountability requirements, SBOM management becomes the foundation for security by design, not just a compliance checkbox. Companies that invest early turn regulatory pressure into a competitive advantage. Our new CRA Compliance and SBOM Management services are a powerful instrument for companies of any size to make their CRA compliance journey smooth, efficient, and sustainable,” adds Claus-Peter Wiedemann, Director Software Services, at BearingPoint.

BearingPoint's SBOM Management Services and CRA Compliance Services are available now. To learn more or schedule a consultation, visit:

SBOM Management Services: https://bearingpoint.services/foss/en/our-services/sbom-management-services/

CRA Compliance Services : https://bearingpoint.services/foss/en/our-services/cyber-resilience-act-cra-compliance-services/

About BearingPoint

BearingPoint is an independent management and technology consultancy with European roots and a global reach. We help businesses transform by combining deep industry expertise with strong capabilities in strategy, operations, and technology. Dedicated SAP and Microsoft transformation units, a strong focus on AI, and outcome-based products enable us to provide tailored, innovative solutions that create measurable and sustainable value.

In addition to our core consulting operations, we run two joint ventures. Arcwide, our joint venture with IFS, specializes in business transformation enabled by IFS technology. BearingPoint North America, our joint venture with ABeam Consulting, focuses on consulting excellence and business transformation built on SAP.

BearingPoint works with many of the world’s leading companies and public-sector organizations. Together with its strategic alliance partner ABeam Consulting, the firm brings together more than 15,000 professionals and serves clients in over 70 countries, delivering seamless business transformation, strengthening performance, and driving sustainable impact.

BearingPoint is recognized among TIME World’s Best Companies and Forbes World’s Best Employers. The firm is also a certified B Corporation, committed to responsible business and creating long-term value for organizations, people, and society.

For more information, please visit:
Homepage: www.bearingpoint.com
LinkedIn: www.linkedin.com/company/bearingpoint

BearingPoint announces the launch of two new service offerings designed to address the growing complexity of software supply chains and the upcoming regulatory requirements under the EU Cyber Resilience Act (CRA): SBOM Management Services and CRA Compliance Services.

PARIS (AP) — France’s spat with the U.S. ambassador to Paris took another turn Tuesday with the French foreign minister saying the top U.S. diplomat in France must respond to a summons and won't have access to French government officials until he complies.

French authorities had summoned Ambassador Charles Kushner — the father of U.S. President Donald Trump’s son-in-law and adviser Jared Kushner — for a meeting on Monday evening over comments from the Trump administration that France objected to. French diplomats said Kushner did not show up.

Speaking Tuesday, French Foreign Minister Jean-Noël Barrot described the failure to attend the meeting as “a surprise” that flew in the face of diplomatic protocol and will dent Charles Kushner’s ability to serve as an ambassador.

“It will, naturally, affect his capacity to exercise his mission in our country,” Barrot said, speaking to public broadcaster France Info.

He said that Kushner "is bringing difficulties on himself. Because for an ambassador to be able to do his job he needs access to members of the government. That’s the basics.”

“When these explanations have taken place, then the U.S. ambassador in France will, naturally, regain access to members of the French government,” the minister said.

The U.S. Embassy did not respond to an Associated Press request for comment on Monday and a follow-up request on Tuesday morning also got no immediate reply.

France's foreign ministry had summoned Kushner over Trump administration tweets relating to the beating death in France of a far-right activist, Quentin Deranque. The 23-year-old student, described as a fervent nationalist, was beaten by a group of people earlier this month in the city of Lyon, in fighting that erupted between far-left and far-right activists. He later died of brain injuries.

In a post last week on X, the State Department’s Counterterrorism Bureau said “violent radical leftism is on the rise and its role in Quentin Deranque’s death demonstrates the threat it poses to public safety.”

The U.S. Embassy in Paris posted the same statement, in French.

Barrot said France needs to discuss the comments with Kushner.

“We must have an explanation with him,” Barrot said. “We don’t accept that foreign countries can come and interfere, invite themselves, into the national political debate.”

FILE - U.S. Ambassador to France Charles Kushner gives a news conference marking the 250th birthday of the U.S. in 2026, in Paris, Dec. 4, 2025. (AP Photo/Christophe Ena, File)