Workshop

The ramifications of the Cyber Resilience Act

Monday, 19 May 2025 @ 12:05 - 13:00

The Cyber Resilience Act (CRA) introduces new legal obligations for software producers operating in Europe, including open source projects and companies.

This workshop will unpack what the CRA means for open source developers, distributors, and maintainers. We’ll explore how the regulation defines “commercial activity,” what constitutes a “product with digital elements,” and how different open source business models may or may not fall under the CRA’s scope.

Participants will work through real-world scenarios, discuss strategies to adapt development and compliance practices, and better understand the legal and operational risks involved. We’ll also examine how the open source community is responding to the CRA and what collective actions are emerging to influence its implementation.

If you’re building or relying on open source in Europe, this session will give you a clear-eyed view of the upcoming challenges and the tools to navigate them.