Skip to main content
  1. October 6 2025

    ORC Monthly: FAQ Momentum, Code & Compliance, and EU Consultations

    By Juan Rico

    As we move into autumn, the momentum in our community continues to build. A particular highlight is the upcoming Code & Compliance Community Day 2025, taking place 22–23 October. The program is shaping up beautifully, with speakers being announced daily. This is your opportunity to connect with …
    Continue reading
  2. October 3 2025

    Why Do You Trust Software? | CRA Mondays

    By Shanda Giacomoni

    In this edition of CRA Mondays, we welcomed John Ellis, President and Head of Product at CodeThink, to discuss the trustworthiness of software in the context of the Cyber Resilience Act (CRA). With extensive experience leading high-performance software projects across industries like automotive, …
    Continue reading
  3. September 12 2025

    How to Start Contributing to ORC Deliverables

    By Juan Rico

    Contributing to the Open Regulatory Compliance (ORC) Working Group is one of the most effective ways to help shape how the Cyber Resilience Act (CRA) impacts the open source ecosystem. If you’re new to the group or simply wondering where to begin, the best starting point is our deliverables plan. …
    Continue reading
  4. September 10 2025

    ORC Working Group Welcomes our 20th Foundation Member

    By Shanda Giacomoni

    The Open Regulatory Compliance (ORC) Working Group is built on the power of collaboration, and today, we celebrate an exciting milestone—surpassing 20 foundation members! This achievement is a testament to the strength of our community, uniting industry leaders, open source foundations and …
    Continue reading
  5. September 10 2025

    Unlocking Software Supply Chain Security: Updates from Ecma TC54 and OWASP | CRA Mondays

    By Juan Rico

    This post is part of our CRA Mondays series. It captures a recent session featuring Samina Husain (Ecma International), Steve Spring (Chair of Ecma TC54), and Philippe Ombredanne (AboutCode), exploring the ongoing work in Ecma’s TC54 committee and its alignment with the EU’s Cyber Resilience Act …
    Continue reading
  6. August 27 2025

    ORC Monthly: Recent press release, white paper on Open Source Stewards and the CRA and Code & Compliance

    By Juan Rico

    As summer winds down, ORC is gearing up for a busy event season. From global security summits to community-driven gatherings, this fall will be packed with opportunities to connect, share knowledge, and advance the conversation around the Cyber Resilience Act and upcoming regulations. One event you …
    Continue reading
  7. August 25 2025

    The OCCTET Project: Tooling for CRA Compliance with Sébastien Heurtematte | CRA Mondays

    By Juan Rico

    This post is part of our CRA Mondays series. It captures a session originally hosted earlier this year with Sébastien Heurtematte, coordinator of the OCCTET project. While the discussion took place several months ago, the insights remain highly relevant as CRA implementation continues to evolve. …
    Continue reading
  8. August 14 2025

    How to stop worrying and love the NLF with Fukami | CRA Mondays

    By Juan Rico

    This post is part of our CRA Mondays series. It captures a session originally hosted earlier this year with Fukami, EU Policy Advisor at the OpenSSF. While the discussion took place several months ago, the insights remain highly relevant as CRA implementation continues to evolve. CRA Mondays are a …
    Continue reading
  9. August 13 2025

    Code & Compliance Community Day 2025: What to Expect in Brussels

    By Juan Rico

    Here’s a preview of the topics and sessions shaping Code & Compliance Community Day 2025, taking place October 22–23, 2025 in Brussels. This event brings together open source maintainers, compliance leads, manufacturers, and institutional stakeholders to reflect on the Cyber Resilience Act’s …
    Continue reading
  10. July 30 2025

    ORC Monthly: Regulatory Submissions and Code & Compliance Community Day

    By Juan Rico

    As we dive into the summer months, we’re combining our June and July updates into a single post, because June was packed. In June alone, we contributed to the EU’s draft guidance on open source hardware, submitted detailed comments on the CEN/CENELEC PT 1 Standard, and provided feedback on the …
    Continue reading
  11. July 15 2025

    Save the Date: Code and Compliance Community Day 2025

    By Juan Rico

    We’re excited to announce Code and Compliance Community Day 2025, a two-part event taking place October 22–23, 2025, in Brussels, Belgium. This new event builds on the momentum of recent community gatherings and ongoing collaboration around open source and regulatory compliance. Designed to support …
    Continue reading
  12. June 20 2025

    Maintainer Month Recap: What the CRA Means for You

    By Juan Rico

    Last month we teamed up with GitHub to host “The Cyber Resilience Act and Open Source: What Maintainers Really Need to Know.” The one-hour panel zeroed in on the top worries we hear from open source project maintainers and contributors. Below is a recap—and, more importantly, where you’ll find the …
    Continue reading
  13. June 4 2025

    ORC Monthly: Deliverables Plan in Motion, New Task Force Forming and CRA Maintainers Recap

    By Juan Rico

    We’re pleased to share that we’ve moved from planning to execution. The Cyber Resilience SIG’s deliverables plan has been expanded with clear, actionable projects, which will each be supported by a dedicated task force. This marks a significant milestone in our collective efforts to operationalise …
    Continue reading
  14. May 26 2025

    Maintainer Month Speaker Spotlight: Felix Reda

    By Juan Rico

    As part of Maintainer Month—a time to recognize and support the open source maintainers who keep our digital infrastructure running—Open Regulatory Compliance (ORC) is hosting a special panel on 27 May. Among the featured speakers is Felix Reda, who will share insights in the session titled, “The …
    Continue reading
  15. May 22 2025

    Maintainer Month Speaker Spotlight: Maarten Aertsen

    By Juan Rico

    In honour of Maintainer Month, Open Regulatory Compliance (ORC) will host a panel with GitHub on 27 May focused on one of the most pressing topics facing open source maintainers today. Maarten Aertsen is among the expert speakers featured in the discussion, “The Cyber Resilience Act and Open Source: …
    Continue reading
  16. May 20 2025

    Maintainer Month Speaker Spotlight: Daniel Stenberg

    By Juan Rico

    On 27 May, Open Regulatory Compliance (ORC) is hosting a panel in support of GitHub’s Maintainer Month, a month dedicated for open source maintainers to gather, share, and be celebrated. Daniel Stenberg is one of the speakers in the ORC’s panel, “The Cyber Resilience Act and Open Source: What …
    Continue reading
  17. May 12 2025

    Save the Date: ORC Celebrates GitHub Maintainer Month with CRA Panel

    By Juan Rico

    On 27 May, Open Regulatory Compliance is hosting a panel, “The Cyber Resilience Act and Open Source: What Maintainers Really Need to Know,” which will be live-streamed by GitHub as part of Maintainer Month. Maintainer Month is a month dedicated for open source maintainers to gather and share helpful …
    Continue reading
  18. April 30 2025

    ORC Monthly: CRA Monday launched, feedback submitted, and deliverables plan expanded

    By Juan Rico

    We’re pleased to share that, following active community discussions and collaboration, we have submitted feedback to the European Commission on the Definition of Important and Critical Product Categories. This contribution reflects our collective understanding of how the CRA definitions intersect …
    Continue reading
  19. March 25 2025

    ORC Monthly: Cyber Resilience Spec Project, Deliverables Plan and Feedback for the European Commission

    By Juan Rico

    The Cyber Resilience SIG reached a critical milestone by defining a scope of work for 2025. The Cyber Resilience Practices Spec project has also launched, with project proposal and feedback open for review and contribution. The Open Regulatory Compliance WG attended several recent industry events …
    Continue reading
  20. March 6 2025

    Meet Open Regulatory Compliance at Embedded World 2025

    By Juan Rico

    Embedded systems are at the heart of modern industry, powering everything from automotive applications to industrial automation. But as software continues to define embedded technologies, new regulations like the Cyber Resilience Act (CRA) are set to reshape how manufacturers and developers approach …
    Continue reading
  21. February 26 2025

    ORC Monthly: CRA Expert Group, Recent Workshops, and More

    By Juan Rico

    The Open Regulatory Compliance WG has created new resources on GitHub for those who are just getting started or who want to learn how to contribute. We hosted our first workshop in Brussels, joined the EU Open Source Policy Summit and attended the first CRA Expert Group meeting, had multiple …
    Continue reading
  22. December 19 2024

    The composition of the Cyber Resilience Act (CRA) Expert Group: a key step toward Collaborative Cybersecurity Policy

    By Juan Rico

    The European Commission revealed on December 11 the members of its Cyber Resilience Act (CRA) Expert Group, following a public call for applications that ran in October of this year. This diverse group brings together individual experts, industry leaders, Member State agencies, and non-governmental …
    Continue reading

Back to the top