TORONTO, April 17, 2024 – Cybeats Technologies Corp. (“Cybeats'' or the “Company”)(CSE: CYBT, OTCQB: CYBCF), a company offering industry-leading cybersecurity technology, is pleased to provide an update on new cybersecurity regulation by the European Union’s (“EU”) Cyber Resilience Act (“CRA” or “Act”), which positions Cybeats to benefit from the enforcement of SBOM requirements..

‍

The new Act puts forth that failing to comply with certain Software Bill of Materials (“SBOM”) reporting could lead to a €15 million administrative fine or 2.5% of an organization's gross sales, whichever is higher. This enhanced oversight by the EU fortifies the go-to-market thesis for Cybeats’ Product, SBOM Studio, and helps drive further commercial expansion through the G7.² SBOM Studio provides customers with an industry-leading interface to manage their software assets, and helps facilitate compliance with the growing oversight and regulatory requirements for SBOM.

‍

“Governments and regulators are no longer standing by as Fortune 500 organizations fail to choose a proactive approach to their software supply chain and cybersecurity posture that aims to protect devices, users and national security interests. As seen with FDA mandates on SBOM, the EU and ROW are following suit with widespread SBOM oversight and severe penalties in some cases. Regulations on SBOM are here to stay,” said Justin Leger, CEO, Cybeats.

‍

Companies that fail to comply with the CRA's vulnerability reporting, cyber incident reporting, or essential cybersecurity requirements could face administrative fines of up to €15 million or 2.5% of their gross sales, whichever is higher. Included in the CRA’s requirements:

‍Annex 1 (Part 2, Point 1) - Software Bill of Materials (“SBOM”): Manufacturers must identify and document product components and vulnerabilities, including...software bill of materials (SBOM).”

‍

This CRA covers all products with software as well with a direct or indirect connection to a device or network, which includes standalone software as well as Internet of Things (IoT), operational technology, or other tangible devices, such as televisions, laptops, baby monitors, etc., for both enterprises and consumers.

‍

FDA and Medical Device Security

The U.S. Food and Drug Administration’s (“FDA”) enhanced its regulation of medical device cybersecurity with its authority to approve or reject premarket submissions based on compliance with section 524B of the Federal Food, Drug, and Cosmetic Act (“FD&C Act”).5 This section mandates that Medical Device Manufacturers (“MDM”) provide a SBOM for their devices' commercial, open-source, and off-the-shelf software components. To proactively manage cybersecurity risks, MDMs must maintain an accurate inventory of device software components, develop vulnerability management and risk assessment processes, provide device patches, and maintain device change records. The FDA’s Refuse-to-Accept (“RTA”) authority emphasizes the growing significance of SBOM management solutions like SBOM Studio.

‍

About Cybeats

Cybeats is a cybersecurity company providing SBOM management and software supply chain intelligence technology, helping organizations to manage risk, meet compliance requirements, and secure their software from procurement to development and operation. Our platform gives customers comprehensive visibility and transparency into their software supply chain, enabling them to improve operational efficiency and increase revenue. Cybeats. Software Made Certain. Website: https://cybeats.com

‍

SUBSCRIBE: For more information, or to subscribe to the Company’s mail list, visit: https://www.cybeats.com/investors

‍

Contact:

James Van Staveren

Corporate Development

Phone: 1-888-713-SBOM (7266)

Email: ir@cybeats.com

‍

Forward-looking Information Cautionary Statement

Except for statements of historic fact, this news release contains certain "forward-looking information" within the meaning of applicable securities law. Forward-looking information is frequently characterized by words such as "plan", "expect", "project", "intend", "believe", "anticipate", "estimate" and other similar words, or statements that certain events or conditions "may" or "will" occur. Forward-looking statements are based on the opinions and estimates at the date the statements are made, and are subject to a variety of risks and uncertainties and other factors that could cause actual events or results to differ materially from those anticipated in the forward-looking statements including, but not limited to delays or uncertainties with regulatory www.sedarplus.ca.

‍

1 https://www.aoshearman.com/en/insights/ao-shearman-on-tech/the-eu-cyber-resilience-act-proposal-what-you-need-to-know

2 https://www.lexology.com/library/detail.aspx?g=33d0c6f6-350a-4d0c-9bf4-877b82d42db2#:~:text=Companies%20that%20fail%20to%20comply,53.3%5D

3 https://shorturl.at/hyzN9

4 https://shorturl.at/jTUX5

5 https://www.cybeats.com/news/fdas-enhanced-role-and-sbom-mandate-further-validates-market-for-cybeats-sbom-studio