惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

GbyAI
GbyAI
博客园 - 三生石上(FineUI控件)
S
Securelist
U
Unit 42
The Cloudflare Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Simon Willison's Weblog
Simon Willison's Weblog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
B
Blog
T
Tenable Blog
The Hacker News
The Hacker News
The Register - Security
The Register - Security
IT之家
IT之家
博客园 - 【当耐特】
Spread Privacy
Spread Privacy
P
Privacy & Cybersecurity Law Blog
博客园_首页
T
Tailwind CSS Blog
人人都是产品经理
人人都是产品经理
C
Cybersecurity and Infrastructure Security Agency CISA
Know Your Adversary
Know Your Adversary
NISL@THU
NISL@THU
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
阮一峰的网络日志
阮一峰的网络日志
T
Tor Project blog
C
CERT Recently Published Vulnerability Notes
Apple Machine Learning Research
Apple Machine Learning Research
Stack Overflow Blog
Stack Overflow Blog
T
Threat Research - Cisco Blogs
T
The Exploit Database - CXSecurity.com
V
Vulnerabilities – Threatpost
A
Arctic Wolf
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
V
V2EX
aimingoo的专栏
aimingoo的专栏
大猫的无限游戏
大猫的无限游戏
Scott Helme
Scott Helme
L
LINUX DO - 热门话题
Cyberwarzone
Cyberwarzone
V
Visual Studio Blog
月光博客
月光博客
爱范儿
爱范儿
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
美团技术团队
G
GRAHAM CLULEY
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
H
Heimdal Security Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO

Information Age

Is the SaaSpocalypse already over? - Information Age Stopping bad data from becoming bad business - Information Age Google I/O 2026 shows why enterprise AI governance needs an operating model Moving off the cloud – how to get repatriation right The AI inventory is the EU AI Act artefact most teams underestimate Why every organisation needs a minimum viable company strategy Quantum is coming. Here’s what CTOs can be doing today Small Language Models (SLMs) as the gold standard for trust in AI Your employees are waiting for your change programme to blow over How technical debt turns your IT infrastructure into a game you can’t win The business mobility trends driving workforce performance in 2026 Four actions CIOs must take to turn innovation into impact Eliminating blind spots – nailing the IPv6 transition Goodbye Software as a Service, Hello AI as a Service Smart auto-tiering vs. data reduction – logical efficiency vs. architectural efficiency The value of reducing middle office emissions for ESG How to match tech investment with real-world output
From speed to safety – how regulation is reshaping DevOps
Cameron Etezadi · 2026-05-20 · via Information Age

  • The focus for DevOps teams has shifted from how quickly they can deliver to how can they govern increasingly agentic delivery safely, transparently and accountably.
  • The Cyber Resilience Act (CRA) has three expectations: traceability, accountability and incident response.
  • Compliance is becoming an engineering problem in reviewing and governing code at machine scale.
  • The organisations best prepared for this next phase of software delivery will be those that build systems humans can confidently trust, govern, and remain accountable for, as delivery becomes increasingly autonomous. 

For over a decade, DevOps has been defined by one core principle: speed. The ability to ship code quickly, iterate continuously, and respond to user needs in near real-time has become the benchmark of high-performing software teams – made possible by end-to-end ownership and accountability.

But that benchmark is changing. A new wave of regulation in Europe, the Cyber Resilience Act (CRA) and the Product Liability Directive, is introducing stricter expectations around how software is built, deployed, and maintained. Crucially, this legislation is putting the liability back onto engineering teams in charge of deploying software. 

We’re seeing and hearing about more incidents where autonomous AI agents are making errors. Now, new legislation is giving clarity that the responsibility for any errors ultimately sits with human teams. This is forcing organisations to rethink what they ship, as well as how they control, monitor and account for it in production. 

The focus for DevOps teams has shifted from how quickly they can deliver to how can they govern increasingly agentic delivery safely, transparently and accountably.

What we can expect from new regulations

At a high level, regulations like the CRA aim to improve the security and resilience of digital products. In practice, they introduce concrete expectations for engineering teams. Three areas stand out.

  1. Traceability. Organisations must be able to identify what code is running in production, where it originated, and how it has changed over time. This goes far beyond version control. While ITIL has long emphasised CMDBs as a system of record, modern DevOps teams now need a true chain of custody for software delivery – tracking changes, ownership, and provenance from development through to production.
  2. Accountability. There needs to be clear ownership over software components and processes. This means being able to demonstrate who made changes, why they were made, how they were validated and who remains accountable for outcomes – even if those changes were AI-assisted or agent-driven.
  3. Incident response. Teams must be able to detect issues quickly, report them where necessary, and remediate them fast. In highly regulated environments this must be automatic, with little time for manual review or deliberation. Organisations therefore need systems that offer clarity, control and measurable accountability in real-time.

These aren’t box-ticking exercises. They demand a level of operational visibility and control that many organisations still lack.

Why this is an engineering challenge

In the past, regulation may have been viewed as a compliance issue handled by legal or risk teams. But in the age of AI agents, new legislation has made it clear that these requirements sit with engineering.

Software delivery today is highly distributed. Code moves through complex pipelines, across multiple environments, often supported by a fragmented toolchain, and releases are frequent, sometimes continuous. As AI accelerates software creation further, traditional human review processes quickly become bottlenecks.

Many teams still rely on manual processes for approvals, reporting, or rollback decisions, but these approaches no longer scale. As release velocity increases through agentic workflows, manual governance risks becoming an operational and regulatory liability.

As a result, compliance is becoming an engineering problem. The problem is reviewing and governing code at machine scale. While delivery pipelines can be parallelised to support this pace, organisations still need clear visibility into dependencies, ownership, and control across the software lifecycle.

Evolving DevOps for a regulated world

To meet these new expectations, DevOps practices need to evolve. The most effective organisations are embedding compliance into the delivery lifecycle. This builds on the ‘continuous compliance’ practices pioneered during the cloud era, where leading teams used monitoring, observability, and automated remediation to respond to issues in real time.

That starts with integrating security and governance into CI/CD pipelines. Automated checks, policy enforcement, and validation steps ensure that code meets required standards before it ever reaches production.

Visibility is equally important. Teams need real-time insight into what is deployed, how it is performing, and how it relates back to specific changes or features. Without that, accountability becomes difficult to maintain at scale.

Another critical capability is controlled release management. Techniques such as feature flags and progressive delivery allow teams to limit exposure, test changes in production safely, and respond quickly if something goes wrong. Instead of relying on large, high-risk deployments, organisations can manage feature availability dynamically at runtime, enabling faster reactions, incremental change, and rapid rollback when needed.

Finally, there’s a cultural shift. Responsibility for compliance can’t sit with a single team. It needs to be shared across engineering, security, and platform functions, supported by automated guardrails, rather than relying on humans to enforce policy manually after the fact.

Control, visibility, and the ability to act

If there’s one unifying theme across these changes, it’s control. In a regulated environment, it’s no longer enough to deploy code and monitor what happens. Teams need to be able to answer critical questions at any moment: What is currently live? Who approved it? What impact is it having? And if something goes wrong, how quickly can we fix it?

The ability to act and control software in production is just as important as the ability to observe. Fast rollback mechanisms, the option to disable features without redeploying, and tight feedback loops all contribute to reducing risk without slowing delivery.

Done well, these capabilities enable teams to move faster, with greater confidence and less exposure.

A competitive advantage for those who move early

With compliance deadlines approaching, many organisations are still trying to interpret requirements and assess gaps. Those that act early have an opportunity to do more than just meet regulatory standards.

The organisations best prepared for this next phase of software delivery will be those that build systems humans can confidently trust, govern, and remain accountable for – even as delivery becomes increasingly autonomous. 

Success will increasingly depend on teams being able to deliver quickly and safely, with complete confidence in what they’ve put into production.

Cameron Etezadi is chief technology officer at LaunchDarkly.

Read more

From generative to agentic AI – now the real transformation begins – Node4’s Mark Skelton takes us through the move from generative to agentic AI and how to approach it in your organisation

Small Language Models (SLMs) as the gold standard for trust in AI – Stephen Edginton of Dext explains why Small Language Models (SLMs) should be the next stage in your evolving AI strategy

Quantum is coming. Here’s what CTOs can be doing today – Ginna Raahauge of WWT talks us through quantum strategy and what you as a CTO should be doing to prepare your organisation