Blog

The OCCTET Project: Tooling for CRA Compliance with Sébastien Heurtematte | CRA Mondays

By Juan Rico

This post is part of our CRA Mondays series. It captures a session originally hosted earlier this year with Sébastien Heurtematte, coordinator of the OCCTET project. While the discussion took place several months ago, the insights remain highly relevant as CRA implementation continues to evolve. …

How to stop worrying and love the NLF with Fukami | CRA Mondays

By Juan Rico

This post is part of our CRA Mondays series. It captures a session originally hosted earlier this year with Fukami, EU Policy Advisor at the OpenSSF. While the discussion took place several months ago, the insights remain highly relevant as CRA implementation continues to evolve. CRA Mondays are a …

Code & Compliance Community Day 2025: What to Expect in Brussels

By Juan Rico

Here’s a preview of the topics and sessions shaping Code & Compliance Community Day 2025, taking place October 22–23, 2025 in Brussels. This event brings together open source maintainers, compliance leads, manufacturers, and institutional stakeholders to reflect on the Cyber Resilience Act’s …

ORC Monthly: Regulatory Submissions and Code & Compliance Community Day

By Juan Rico

As we dive into the summer months, we’re combining our June and July updates into a single post, because June was packed. In June alone, we contributed to the EU’s draft guidance on open source hardware, submitted detailed comments on the CEN/CENELEC PT 1 Standard, and provided feedback on the …

Save the Date: Code and Compliance Community Day 2025

By Juan Rico

We’re excited to announce Code and Compliance Community Day 2025, a two-part event taking place October 22–23, 2025, in Brussels, Belgium. This new event builds on the momentum of recent community gatherings and ongoing collaboration around open source and regulatory compliance. Designed to support …

Maintainer Month Recap: What the CRA Means for You

By Juan Rico

Last month we teamed up with GitHub to host “The Cyber Resilience Act and Open Source: What Maintainers Really Need to Know.” The one-hour panel zeroed in on the top worries we hear from open source project maintainers and contributors. Below is a recap—and, more importantly, where you’ll find the …

ORC Monthly: Deliverables Plan in Motion, New Task Force Forming and CRA Maintainers Recap

By Juan Rico

We’re pleased to share that we’ve moved from planning to execution. The Cyber Resilience SIG’s deliverables plan has been expanded with clear, actionable projects, which will each be supported by a dedicated task force. This marks a significant milestone in our collective efforts to operationalise …

Maintainer Month Speaker Spotlight: Felix Reda

By Juan Rico

As part of Maintainer Month—a time to recognize and support the open source maintainers who keep our digital infrastructure running—Open Regulatory Compliance (ORC) is hosting a special panel on 27 May. Among the featured speakers is Felix Reda, who will share insights in the session titled, “The …

Maintainer Month Speaker Spotlight: Maarten Aertsen

By Juan Rico

In honour of Maintainer Month, Open Regulatory Compliance (ORC) will host a panel with GitHub on 27 May focused on one of the most pressing topics facing open source maintainers today. Maarten Aertsen is among the expert speakers featured in the discussion, “The Cyber Resilience Act and Open Source: …

Maintainer Month Speaker Spotlight: Daniel Stenberg

By Juan Rico

On 27 May, Open Regulatory Compliance (ORC) is hosting a panel in support of GitHub’s Maintainer Month, a month dedicated for open source maintainers to gather, share, and be celebrated. Daniel Stenberg is one of the speakers in the ORC’s panel, “The Cyber Resilience Act and Open Source: What …

Save the Date: ORC Celebrates GitHub Maintainer Month with CRA Panel

By Juan Rico

On 27 May, Open Regulatory Compliance is hosting a panel, “The Cyber Resilience Act and Open Source: What Maintainers Really Need to Know,” which will be live-streamed by GitHub as part of Maintainer Month. Maintainer Month is a month dedicated for open source maintainers to gather and share helpful …

ORC Monthly: CRA Monday launched, feedback submitted, and deliverables plan expanded

By Juan Rico

We’re pleased to share that, following active community discussions and collaboration, we have submitted feedback to the European Commission on the Definition of Important and Critical Product Categories. This contribution reflects our collective understanding of how the CRA definitions intersect …

ORC Monthly: Cyber Resilience Spec Project, Deliverables Plan and Feedback for the European Commission

By Juan Rico

The Cyber Resilience SIG reached a critical milestone by defining a scope of work for 2025. The Cyber Resilience Practices Spec project has also launched, with project proposal and feedback open for review and contribution. The Open Regulatory Compliance WG attended several recent industry events …

Meet Open Regulatory Compliance at Embedded World 2025

By Juan Rico

Embedded systems are at the heart of modern industry, powering everything from automotive applications to industrial automation. But as software continues to define embedded technologies, new regulations like the Cyber Resilience Act (CRA) are set to reshape how manufacturers and developers approach …

ORC Monthly: CRA Expert Group, Recent Workshops, and More

By Juan Rico

The Open Regulatory Compliance WG has created new resources on GitHub for those who are just getting started or who want to learn how to contribute. We hosted our first workshop in Brussels, joined the EU Open Source Policy Summit and attended the first CRA Expert Group meeting, had multiple …

The composition of the Cyber Resilience Act (CRA) Expert Group: a key step toward Collaborative Cybersecurity Policy

By Juan Rico

The European Commission revealed on December 11 the members of its Cyber Resilience Act (CRA) Expert Group, following a public call for applications that ran in October of this year. This diverse group brings together individual experts, industry leaders, Member State agencies, and non-governmental …