Pirates and CRA – Cyber Resilience Act

The Commission’s proposal for a new Cyber Resilience Act (CRA) aims to safeguard consumers and businesses buying or using products or software with a digital component. The Act would see inadequate security features become a thing of the past with the introduction of mandatory cybersecurity requirements for manufacturers and retailers of such products, with this protection extending throughout the product lifecycle.

This regulation proposal has gathered quite some criticism from Free/Libree & Open Source community and organisations. I am wondering… is anyone else from any other PP working on these critisized points and have maybe even released a commentary/statement? I have found some comments from @pab here Cyber Resilience Act: Protecting digital security works differently. Probably there is even some more MEP activity inside EU? Or maybe any other EU level PP activity about this?

Here are some commentary posts from FOSS organisations and some other links on the topic:

I did recently take a look at the proposal and my reaction was: WTF?

They seem to think that everything containing some digital hardware is going to pose a risk. That goes as far as defining generic microcontrollers as potential treats. If this bullshit is adopted then any kind of development in the EU will come to a halt.

A knee-jerk reaction is that all digital hardware pose a potential risk. I’ll try to look at the CRA to get a better picture of what it’s actually “proposing”.

1 Like