Open-source software vs. the proposed Cyber Resilience Act

[Alex Band <alex () nlnetlabs nl>]

The NLnet Labs foundation is closely following a legislative proposal by the
European Commission called the Cyber Resilience Act (CRA), affecting almost
all hardware and software offered on the European market.

In the nearby future, manufacturers of toasters, ice cream makers and
(open-source) software will have something in common: to make their products
available on the European market, they will need to affirm their compliance
with EU product legislation by affixing the CE marking.

We have published background information and our views here:

https://blog.nlnetlabs.nl/open-source-software-vs-the-cyber-resilience-act/

The current proposal would require developers of open-source software deemed
both ‘critical’ and a ‘commercial activity’ to jump through elaborate and
potentially costly compliance hoops to make their software available in the
EU. What defines a 'critical product' and a 'commercial activity' is key for
this discussion.

Please get in touch with us if you have concerns or this affects you. Maarten
Aertsen <maarten () nlnetlabs nl> is spearheading this initiative.

Kind regards,

Alex Band
NLnet Labs