The regulatory response: EU Cyber Resilience Act
European regulators have taken notice of these emerging risks. The EU Cyber Resilience Act is set to take full effect in December 2027, and it imposes comprehensive security requirements on manufacturers of any product that contains digital elements.Specifically, the act mandates security considerations at every stage of the product lifecycle: planning, design, development, and maintenance. Companies must provide ongoing security updates by default, and customers must be given the option to opt out, not opt in. Products that are classified as critical will require a third-party security assessment before they can be sold in EU markets.Non-compliance carries severe penalties, with fines of up to Euro15 million or 2.5% of annual revenues from the previous financial year. These severe penalties underscore the urgency for organizations to implement robust security measures immediately.”Software is becoming a regulated industry,” Schmitt says. “Software has become so pervasive in every organization, from companies to schools to governments, that the risk that poor quality or flawed security poses to society has become profound.”Even so, despite these security challenges and regulatory pressures, organizations cannot afford to slow down development. Market dynamics demand rapid release cycles, and AI has become a critical tool to enable development acceleration. Research from McKinsey highlights the productivity gains: AI tools enable developers to document code functionality twice as fast, write new code in nearly half the time, and refactor existing code one-third faster. In competitive markets, those who forgo the efficiencies of AI-assisted development risk missing crucial market windows and ceding advantage to more agile competitors.The challenge organizations face is not choosing between speed and security but rather finding the way to achieve both simultaneously.
Threading the needle: Security without sacrificing speed
The solution lies in technology approaches that do not force compromises between the capabilities of AI and the requirements of modern, secure software development. Effective partners provide:
Comprehensive automated tools that integrate seamlessly into development pipelines, detecting vulnerabilities without disrupting workflows.AI-enabled security solutions that can match the pace and scale of AI-generated code, identifying patterns of vulnerability that might otherwise go undetected.Scalable approaches that grow with development operations, ensuring security coverage doesn’t become a bottleneck as code generation accelerates.Depth of experience in navigating security challenges across diverse industries and development methodologies.As AI continues to transform software development, the organizations that thrive will be those that embrace both the speed of AI-generated code and the security measures necessary to protect it.Black Duck cut its teeth providing security solutions that facilitated the safe and rapid adoption of open-source code, and they now provide a comprehensive suite of tools to secure software in the regulated, AI-powered world.Learn more about how Black Duck can secure AI-generated code without sacrificing speed.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3996055/code-security-in-the-ai-era-balancing-speed-and-safety-under-new-eu-regulations.html
