---
title: "Cloudsmith warns - most teams won't meet the EU Cyber Resilience Act's software supply chain deadline"
description: "Cloudsmith arrived at KubeCon with an interesting piece of survey data. Only one in four engineering teams automatically generates and verifies software bills of materials – SBOMs – at every build. For the remaining three-quarters, SBOMs exist, but they are generated manually, reactively, or only when an auditor asks. This came from a survey of 505 developers, engineers, and DevOps leads, published as the company's 2026 Artifact Management Report which was released in full last week. "
canonical_url: "https://cloudsmith.com/company/press/cloudsmith-warns-most-teams-won-t-meet-the-eu-CRA-software-supply-chain-deadline"
last_updated: "2026-04-15"
---
# Cloudsmith warns - most teams won't meet the EU Cyber Resilience Act's software supply chain deadline
