nanog mailing list archives
Open-source software vs. the proposed Cyber Resilience Act
From: Alex Band <alex () nlnetlabs nl>
Date: Mon, 14 Nov 2022 10:54:42 +0100
The NLnet Labs foundation is closely following a legislative proposal by the European Commission called the Cyber Resilience Act (CRA), affecting almost all hardware and software offered on the European market. In the nearby future, manufacturers of toasters, ice cream makers and (open-source) software will have something in common: to make their products available on the European market, they will need to affirm their compliance with EU product legislation by affixing the CE marking. We have published background information and our views here: https://blog.nlnetlabs.nl/open-source-software-vs-the-cyber-resilience-act/ The current proposal would require developers of open-source software deemed both ‘critical’ and a ‘commercial activity’ to jump through elaborate and potentially costly compliance hoops to make their software available in the EU. What defines a 'critical product' and a 'commercial activity' is key for this discussion. Please get in touch with us if you have concerns or this affects you. Maarten Aertsen <maarten () nlnetlabs nl> is spearheading this initiative. Kind regards, Alex Band NLnet Labs
Current thread:
- Open-source software vs. the proposed Cyber Resilience Act Alex Band (Nov 14)