The Commission’s proposal for a new Cyber Resilience Act (CRA) aims to safeguard consumers and businesses buying or using products or software with a digital component. The Act would see inadequate security features become a thing of the past with the introduction of mandatory cybersecurity requirements for manufacturers and retailers of such products, with this protection extending throughout the product lifecycle.
This regulation proposal has gathered quite some criticism from Free/Libree & Open Source community and organisations. I am wondering… is anyone else from any other PP working on these critisized points and have maybe even released a commentary/statement? I have found some comments from @pab here Cyber Resilience Act: Protecting digital security works differently. Probably there is even some more MEP activity inside EU? Or maybe any other EU level PP activity about this?
Here are some commentary posts from FOSS organisations and some other links on the topic:
- Free Software Foundation Europe: EU: Proposed liability rules will harm Free Software
- The Document Foundation/LibreOffice: TDF position on EU’s proposed Cyber Resilience Act
- Open Source Initiative: What is the Cyber Resilience Act and why it’s dangerous for Open Source
- OpenForum Europe: OSS and Cybersecurity beyond the CRA
- Internet Systems Consortium: ISC and the EU Cyber Resilience Act
- Python Software Foundation: The EU’s Proposed CRA Law May Have Unintended Consequences for the Python Ecosystem
- Eclipse Foundation: Cyber Resilience Act: Good Intentions and Unintended Consequences
- NLnet Labs: Open-source software vs. the proposed Cyber Resilience Act
- FOSDEM 2023: How regulating software for the European market could impact FOSS
- OSI: The ultimate list of reactions to the Cyber Resilience Act
- David A. Wheeler: Free-Libre / Open Source Software (FLOSS) is Commercial Software