FOSDEM and EU Open Source Week 2026: Key Events for the ORC Community
By Juan Rico
Late January in Brussels has become an important moment for anyone working at the intersection of open source and European regulation. In 2026, FOSDEM and EU Open Source Week again bring together developers, maintainers, policymakers, and organisations that are actively shaping how open source is developed, distributed, and used in Europe.
For the ORC community, this week is particularly relevant. The Cyber Resilience Act (CRA) is moving from interpretation to implementation, and many of the conversations happening during this week focus on what that means in practice.
Key Events for the ORC Community
Code & Compliance
As part of EU Open Source Week, Code & Compliance takes place on Thursday, 29 January in Brussels. It is a focused, in-person event that brings together open source communities, industry, and policy experts to discuss compliance challenges in a concrete, technical way.
Discussions focus on topics such as:
How open source projects and downstream users can align on security and compliance expectations
The roles and responsibilities of different actors in the open source supply chain
How collaboration between communities, industry, and regulators can reduce friction while improving software security
For the ORC community, this event provides a focused starting point for discussions grounded in real project experience.
FOSDEM: CRA in Practice
At FOSDEM itself, the “CRA in practice” devroom on Saturday, 31 January is one of the most relevant spaces for our community.
This devroom focuses on how the CRA is affecting open source projects today — not in theory, but in code, processes, and governance. Talks and discussions focus on maintainers and contributors who are actively adapting their projects to new regulatory expectations.
FOSDEM: Open Source & EU Policy
On Sunday, 1 February, the Open Source & EU Policy devroom provides a broader policy context.
This devroom brings developers and policymakers into the same conversation. It covers the CRA, but also situates it alongside other EU initiatives that affect open source, such as standardisation, software liability, and digital sovereignty.
This devroom helps clarify why certain policy choices are being made and how community voices can influence outcomes.
Global Vulnerability Intelligence Platform (GVIP) Summit
The Global Vulnerability Intelligence Platform (GVIP) Summit takes place on Wednesday, 28 January in Brussels. The Summit focuses on the rapidly changing landscape of vulnerability information and the challenges facing long-standing systems around funding, scalability, trust, and governance. GVIP brings together a global, multi-stakeholder community to discuss how vulnerability intelligence can remain openly available, reliable, and sustainable over the long term. The ORC Working Group is sponsoring the event, reflecting its interest in strengthening shared approaches to security, governance, and compliance across the open source ecosystem.
FOSS license and security compliance tools workshop
A one-day workshop on open source licenses and security compliance will take place on Friday, 30 January. The FOSS license and security compliance tools workshop brings together developers, users, and contributors of open source compliance tools to exchange requirements, share plans, and identify collaboration opportunities. It will focus on tools and practices supporting software provenance, vulnerability management, license detection, SBOM creation and consumption, dependency and container analysis, code scanning, and regulatory compliance, including the Cyber Resilience Act.
Other Events During EU Open Source Week
The week also includes broader policy-focused events such as the EU Open Source Policy Summit on Friday, 30 January and the European Open Source Awards on the evening of Thursday, 29 January. While not core ORC events, they provide useful context for the wider discussions taking place and recognise the contributions and achievements of the open source community over the past year. A full overview of additional activities throughout the week is available at opensourceweek.eu.
If you are involved in ORC or the broader open source community, this week offers a concentrated view of where open source and regulation are heading and how we can shape that direction together. We hope to see you there!