Open Source and the Cyber Resilience Act
As written, the Cyber Resilience Act poses unnecessary economic and technological risks to the European Union.
Leading European open source software organizations have signed an open letter to the European Commission.
September 21, 2023 - As the European Union is about to initiate negotiations between co-legislators on the Cyber Resilience Act (CRA), organisations and contributors to leading European open source software (OSS) are expressing concerns about the consequences of the proposed CRA, and misconceptions throughout the EU legislative process.
It's important to stay informed about open source policy. Follow the latest news at #ModifytheCRA and ensure your colleagues, peers, and organizations are aware of the impact.
You can also share your ideas on how to modify the CRA for open source. To get you started, we have prepared some sample posts.
Beyond those who signed the above open letter, open source organisations have expressed their views on the current draft of the CRA. Read more about their positions in the resources below.
- Cyber Resilience Act & Free Software: Parliament waters down its own position
- OSVB Alliance Statement on the Cyber Resilience Act
- The ultimate list of reactions to the Cyber Resilience Act
- Diverse Open Source uses highlight need for precision in Cyber Resilience Act
- Europe’s Open Source Industry’s Statement on the Cyber Resilience Act
- TYPO3 and Fellow CMS Projects Warn of Adverse Effects of European Union Legislation
- Déclaration du CNLL sur le CRA (Cyber Resilience Act) (French only)
- Cyber Resilience Act on Wikipedia
- Building a strong foundation for the Cyber Resilience Act: key considerations for trilogues
Additional Eclipse Foundation Resources on the CRA