SBOM Adoption State of Play - 2026

Back to all publications

SBOM Adoption State of Play 2026 - Cover of the survey results published by the European Union Agency for Cybersecurity in June 2026.

Download

Publication date:June 9, 2026

ENISA launched a survey at the end of 2025 to gather factual data on how organisations across industries and of varying sizes are approaching Software Bill of Materials (SBOM) adoption in response to the EU Cyber Resilience Act (CRA). This report analyses the survey results, which confirm that the CRA acts as an accelerator for SBOM adoption. Organisations are broadly investing in SBOM generation and automation to integrate SBOMs into the Software Development Life Cycle (SDLC), while also accelerating their implementation timelines to meet expected maturity levels.

Publication details

Related content

Cover of the ENISA publication Technical Competence Requirements for CABs published in June 2026

Technical Competence Requirements for CRA Notified Bodies

The document focuses on high-level competences which will be required to perform conformity assessment activities, in particular the experience and training requirements for the personnel employed by a CAB wishing to be notified (CRA NB) – especially t

Cover image for the ENISA Technical Advisory for Secure Use of Package Managers

ENISA Technical Advisory for Secure Use of Package Managers

This document focuses on how developers can securely use package managers as part of their software development life cycle.

Voices of EU Cybersecurity Certification - Magazine cover by ENISA

Voices of EU Cybersecurity Certification

A special publication by ENISA that incorporates feedback from stakeholders involved in building, maintaining, operating, and applying the first EU cybersecurity certification schemes.

Managed Security Services Analysis cover featuring an illistration of a woman working on different screens with statistics

Managed Security Services Market Analysis

This report addresses the market for Managed Security Services (MSS) on both the demand and the supply side.

BROWSE ALL PUBLICATIONS

2026 European Cybersecurity Certification Conference

2026 Apr 15

CRA - Making the EU Market Resilient

2025 Oct 8

Trust Services and eID Forum - CA Day 2025

2025 Sep 24

2025 European Cybersecurity Certification Conference

2025 Mar 12

BROWSE ALL EVENTS

Call for Feedback: Advancing Software Supply Chain Security together!

News Item

ENISA invites industry stakeholders and interested parties to provide their feedback on the draft SBOM Landscape Analysis and the Technical Advisory for Secure Use of Package Managers.

EU Managed Security Services Certification to drive the cybersecurity market

Press Release

Following the request of the European Commission for the development of a candidate certification scheme for Managed Security Services, the EU Agency for Cybersecurity (ENISA) launches a call for expression of interest to participate in the relevant Ad

European Cybersecurity Certification: Celebrating achievements and exploring future horizons

Press Release

At the eighth edition of the certification conference, the European Union Agency for Cybersecurity celebrates the first accredited Conformity Assessment Bodies for the EU Cybersecurity Certification scheme on Common Criteria (EUCC) .

ENISA Cybersecurity Resilience and Market Conference: Joining forces for a cyber-secure and resilient digital single market

Press Release

The central theme of the conference was the expansion of synergies in the field to achieve the shared goal of safeguarding the digital single market and its economy through a robust EU Cybersecurity Regulatory Framework.

BROWSE ALL NEWS