#CRAFAQ

Open Regulatory Complianceorcwg@fosstodon.org
2025-07-09

💻 It’s not just consumer devices — the Cyber Resilience Act (#CRA) applies to hardware, software, and remote services that support digital products. If you’re working with open source, there’s a good chance you’re in scope.

To learn more about what kinds of products are regulated by the CRA, read the ORC’s #CRAFAQ: github.com/orcwg/cra-hub/blob/

Open Regulatory Complianceorcwg@fosstodon.org
2025-06-24

🛡️ The EU’s Cyber Resilience Act (#CRA) is changing how digital products, including #OSS, are developed, distributed, and maintained. Whether you’re a developer, maintainer, or vendor, this regulation will impact your work.

To learn more about what the CRA is, read the ORC’s #CRAFAQ: github.com/orcwg/cra-hub/blob/

Open Regulatory Complianceorcwg@fosstodon.org
2025-05-29

Do all #opensource projects have an open source software steward?

Not all open source projects have a steward, and the ORC community is actively discussing this topic. Current discussions suggest that most projects don’t meet the criteria for having a steward, as a steward must be a "legal person" (Art. 3), such as a company, which excludes many community-driven projects.

Join this conversation on GitHub! github.com/orcwg/cra-hub/issue

#CRA #CyberResilience #CRAFAQ #ORCWG

Open Regulatory Complianceorcwg@fosstodon.org
2025-05-26

Can a solo maintainer be considered to be an #opensource software steward?

Check our ongoing #CRAFAQ discussion on GitHub and share your thoughts and contributions!

🔗 github.com/orcwg/cra-hub/pull/

#CRA #CyberResilience #OSS #ORCWG

Open Regulatory Complianceorcwg@fosstodon.org
2025-05-23

Are you worried about how the EU’s Cyber Resilience Act (CRA) might impact you? Are you considering shutting down your #opensource projects?

➡️ Discussion on this topic is ongoing. The prevailing opinion is that most open source developers won’t be significantly affected, meaning you don’t need to shut down your open source projects because of the CRA.

Explore the reasons for it, and engage with the community discussion: github.com/orcwg/cra-hub/issue

#CRA #CyberResilience #CRAFAQ #ORCWG

Open Regulatory Complianceorcwg@fosstodon.org
2025-05-14

Is distributing binaries or container images of an #opensource project considered as making it available on the market? Our community doesn’t think so. Monetisation by the original manufacturer is what determines whether a product is made available on the market.

💭 What do you think? Share your feedback: github.com/orcwg/cra-hub/blob/

#CRAFAQ #CRA

Open Regulatory Complianceorcwg@fosstodon.org
2025-04-25

🌐 If you manufacture, maintain, or steward #opensource software that is used in products with digital elements within the European Union, the Cyber Resilience Act (CRA) will affect you.

🤔 Not sure how you'll be impacted? Check out this CRA FAQ! bit.ly/4hwiaV5

#crafaq #CRA #CyberResilienceAct

Open Regulatory Complianceorcwg@fosstodon.org
2025-04-24

The #CRAFAQ is a community effort to collect and answer open source related aspects covered by the EU’s Cyber Resilience Act (CRA), especially as it relates to open source.

To take a look at the #CRAFAQ so far or to join the task force working on this, visit: github.com/orcwg/cra-hub/blob/

#CRA #CyberResilienceAct #orcwg #CyberResilience #DigitalEurope

Open Regulatory Complianceorcwg@fosstodon.org
2025-03-20

“Am I subject to the CRA if I only contribute to an open source project?”

The answer? No. Contributions to an open source project are explicitly not in the scope of the CRA.

Read more in the ORC WG’s #CRAFAQ here: buff.ly/QQnuLwz

Open Regulatory Complianceorcwg@fosstodon.org
2025-03-19

The #CRAFAQ is a community effort to collect and answer frequently asked questions about the Cyber Resilience Act, especially as it relates to open source. To take a look at the FAQ so far or to join the task force working on this, visit: github.com/orcwg/cra-hub/blob/

Open Regulatory Complianceorcwg@fosstodon.org
2025-03-19

The #CRAFAQ is a community effort to collect and answer frequently asked questions about the Cyber Resilience Act, especially as it relates to open source. To take a look at the FAQ so far or to join the task force working on this, visit buff.ly/tyfGpnQ

Open Regulatory Complianceorcwg@fosstodon.org
2025-02-18

If you manufacture, maintain, or steward open source software that is used in products with digital elements within the European Union, the Cyber Resilience Act (CRA) will affect you.

🤔 Not sure how you'll be impacted? Check out this CRA FAQ: bit.ly/4hwiaV5

#orcwg #cra #crafaq #opensource

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst