What we do
ORC helps organisations understand regulatory requirements for their open source software, prepare for key milestones, and implement risk-based security practices without slowing innovation. Our members collaborate to define clear, practical guidance tailored to the realities of open source development.
A community for today and tomorrow's challenges
While the CRA is our current focus, the ORC Working Group is structured to take on emerging compliance topics. Through Special Interest Groups (SIGs), members can explore new regulatory domains as they arise, ensuring the community remains agile and responsive as global requirements evolve.
Examples of future SIG topics include:
- Emerging AI regulations
- Sector-specific compliance for automotive, industrial, and IoT
This structure ensures that ORC remains a long-term, future-proof collaboration.
Who's involved
Manufacturers &
software vendors
Whether they build physical devices, integrate software into products, or deliver digital services, manufacturers bring critical real-world perspectives on how open source is used across products, platforms, and supply chains. Their perspectives ensure ORC's work remains grounded in real-world production needs.
Open source
stewards & foundations
Open source stewards and foundations provide essential insight into the governance, sustainability, and community dynamics of OSS projects. Their leadership ensures that regulatory approaches remain compatible with open source principles and support the long-term health of the ecosystem.
Open source
developers & maintainers
Developers and maintainers contribute deep technical knowledge of how open source is created, reviewed, and improved. Their experience ensures that best practices are realistic for contributors, respectful of community workflows, and supportive of secure, high-quality software development.
ORC's purpose
The Open Regulatory Compliance working group supports all open source actors in understanding and meeting regulatory requirements. Our purpose is to strengthen the security, resilience, and long-term sustainability of the open source ecosystem through open, community-driven collaboration.
To achieve this, ORC:
Provides an open forum for members of the open source community to organise, share, document, and develop best practices, and support each other.
Collects and shares input and feedback in relevant legislative and standardisation processes.
Develops specifications that can be transformed into standards recognised by legislators through relevant standardisation organisations.
Creates additional materials to help with compliance, such as guidelines, educational content, and specifications not designed for further standardisation.
ORC strives to develop artefacts and best practices that help open source actors
comply with regulatory requirements across jurisdictions.
For detailed information about our mission and governance, please refer to our
Working Group Charter.
Get involved
The ORC community is open to anyone committed to strengthening open source security and compliance.
Become a member to help shape shared best practices and guide the working group's strategic direction.
Contribute to our projects and SIGs to support practical guidance, tooling, and collaborative work that benefits the entire ecosystem.
Collaborate with us
The Open Regulatory Compliance (ORC) Working Group is a neutral forum for the open source community — including foundations, maintainers, vendors, users, package managers, among others — and the broader software industry to facilitate CRA compliance.
