The ORC Community’s 4 Biggest Achievements of 2025

As we look back on 2025, it’s clear that this has been a year of remarkable growth and maturation for the ORC community. Our membership has expanded to 63 organisations, reflecting both the rising importance of open, collaborative security practices and the trust our stakeholders place in the work we are doing together.

Over the past year, we have built greater clarity around the Cyber Resilience Act (CRA) and its implications for open source development. Through open dialogue, shared expertise, and a commitment to transparency, our community has refined how we work together. We have introduced clearer processes, improved cross-organisational coordination, and established more predictable pathways for collaboration. This has helped us make considerable progress on many of our key deliverables in 2025, including:

1. FAQ

New regulations inevitably raise questions about scope, responsibilities, and real-world impact. Throughout 2025, the ORC community worked collaboratively to develop a comprehensive set of frequently asked questions addressing how the Cyber Resilience Act applies to open source software. This FAQ was shaped by shared expertise and practical experience from across the community and is now available on a community-built website, making it easier to access, navigate, and understand for a broad audience.

2. Voluntary Security Attestations

Launching the voluntary security attestations project marked an important milestone for the ORC community in 2025. Together, we defined the scope of the work and surfaced key challenges and considerations, including legal, technical, and operational aspects. These discussions were further advanced during a dedicated workshop at Code & Compliance in October, providing valuable input and alignment. As a result, the community is now well-positioned to continue developing this work in 2026.

3. Active engagement supporting institutions in the CRA implementation

One of our most impactful achievements in the first half of 2025 was establishing a clear and effective process for providing coordinated feedback to regulatory bodies. Throughout the year, the ORC community submitted multiple contributions, ensuring that open source perspectives were represented in regulatory discussions at all levels. Several of these inputs have already been reflected in official materials, demonstrating the tangible influence of community-led collaboration (ex. Technical definitions milestone)

4. Stewards and the CRA white paper

In the latter part of 2025, the ORC community prepared its first white paper focused on open source software stewards and the Cyber Resilience Act. This significant effort brought together our community experts working openly in GitHub and in the open meetings ORC community organises, reflecting the collaborative spirit of the community. To broaden its reach and accessibility, the final paper will be published as a PDF on the orcwg.org website, supporting those seeking a deeper understanding of the CRA and its implications.

As we close out the year, we can be proud not only of what we accomplished, but how we accomplished it. Our progress in 2025 shows the strength of a community that is willing to learn, adapt, and lead together. With a solid foundation, clearer processes, and an engaged membership continuing to grow, the ORC is entering 2026 with momentum. The work ahead is significant, but so is our collective capacity, and we look forward to building on this year’s achievements to support an even stronger open source ecosystem in the years to come.