Is it GDPR 2.0? What is CRA and how can it affect you and OSS in general

By Cheuk Ting Ho

Elevator Pitch

The European Parliament proposed a Cyber Resilience Act - basically wants all software to have an “EC” stamp on it. There is a non-commercial craft out but it is still not enough to make sure open-source projects with limited resources are exempted from the Act. How will it affect the OSS ecosystem?

Description

Remember GDPR make all of us agree on cookies when browsing any websites. Here is a new regulation that is coming up - have you heard of CRA? The European Parliament proposed a Cyber resilience act - basically wants all software to have an “EC” stamp on it. There is a non-commercial craft out but it is still not enough to make sure open source projects with limited resources are exempted from the Act

===============================

Do you use Open-Source Software at your work and research? Then you must pay attention to what is going on recently with the new proposed Cyber Reliance Act that is happening in the European Commission.

This act aims to more secure hardware and software products that are distributed in Europe, however, this may include the Open-Source Software that you are using and with limited resources, these OSS projects may not have enough resources and support to ensure it is compliant with the new CRA. There is an exemption for non-profits projects however, it brings more questions to the table as the definition of the non-profit is sometimes not very clear.

In the session, we will explore what is in the CRA, what is the lastest legislative process of it and what we can do to be prepared of these new changes and protect the OSS ecosystem.