In our submission, BSA underscores its support for the development and use of Software Bills of Materials (SBOMs) as an important, though limited, tool for improving the cybersecurity of digital products. We highlight that meaningful security gains from SBOMs depend on continued industry progress and on EU requirements that remain aligned with global best practices and internationally recognized standards. Our submission also urges the European Commission and ENISA to clarify that SBOM obligations under the Cyber Resilience Act (CRA) do not apply to Software as a Service (SaaS) or cloud services, as requiring SBOMs in these contexts would expose previously obscure attack surfaces and increase security risks. Clear scope boundaries and harmonised, risk-appropriate SBOM policies are essential to ensuring SBOMs deliver value to European users and the broader digital ecosystem.