In this episode of Nerding Out with Viktor, host Viktor Petersson sits down with Olle Johansson and Anthony Harrison to explore the intersection of Software Bills of Materials (SBOMs) and the EU Cyber Resilience Act (CRA). Together, they unpack what CRA compliance looks like in practice and why SBOMs are becoming a critical piece of the regulatory puzzle.

Olle and Anthony share their hands-on experience navigating SBOM tooling, formats like CycloneDX and SPDX, and the operational challenges teams face when integrating these workflows into real-world development pipelines. The conversation covers how organizations can move beyond checkbox compliance toward meaningful transparency in their software supply chains.

They also discuss the timeline and enforcement realities of the CRA, how it interacts with existing standards, and what engineering teams should be doing now to prepare. For anyone building, shipping, or securing software in the EU market, this episode offers a grounded, practical guide to the compliance landscape ahead.