In 2024 we gave a talk called "The Regulators are Coming". This year, the regulators are here!

This will be a talk to update the broader community on how the implementation of the CRA is advancing, and how we have made efforts to include the open source community so far. There will be a short update from the European Commission, the European Standardisation Organisations (CEN/CENELEC and ETSI) and a representative from a Market Surveilllance Authority (BSI Germany).

Questions? https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act

Want to participate? https://www.stan4cra.eu/

Survey on CRA Article 25 - Attestation for Open-Source Software This survey gathers input on how voluntary security attestation programmes for open-source software could work under Article 25 of the Cyber Resilience Act. https://dialog-cybersicherheit.limesurvey.net/113884?lang=en

Examples of responses to CRA-related demands are available in the attachment below, titled "Helpful replies for FOSS developers". Yes, including references to the relevant articles of the CRA.