ORC Monthly: Recent press release, white paper on Open Source Stewards and the CRA and Code & Compliance

As summer winds down, ORC is gearing up for a busy event season. From global security summits to community-driven gatherings, this fall will be packed with opportunities to connect, share knowledge, and advance the conversation around the Cyber Resilience Act and upcoming regulations.

One event you won’t want to miss: Code & Compliance Community Day taking place in Brussels, 22–23 October. This event will bring together developers, compliance experts, and regulators to share knowledge and advance collaboration around the CRA and open source compliance. We hope to see many of you there.

Shanda Giacomoni
Senior Marketing Manager, ORC

What’s New

• ORC’s recent press release highlighting our growth and achievements has generated meaningful industry attention, reflecting the timely interest in the Cyber Resilience Act (CRA) and the broader push for open regulatory compliance. See the cover below.
• Work continues on the Open Source Stewards and the CRA white paper, with valuable input coming from across the working group. This resource will outline the obligations, restrictions, and potential penalties that Stewards may face under the Cyber Resilience Act. Community members can learn more and contribute to the discussion on GitHub
• The open source community, and ORC members in particular, have reported and commented on the initial draft of the Vulnerability Handling CEN/CENELEC work, which currently equates open source with a supplier. We will closely monitor the evolution of this work, as it could have a major impact on the community.
• We’re excited to announce the launch of a dedicated blog section on orcwg.org. We’d love to highlight voices from across the community. If you’re interested in contributing a post, please reach out to our team to discuss your ideas.
• Our popular CRA Mondays series resumes on September 1 with the session Unlocking Software Supply Chain Security: Updates from Ecma TC54 and OWASP. Add it to your calendar.

Overheard

In the news

• Cyber Resilience Act: Eclipse Foundation initiative helps with compliance
• Eclipse Foundation Publishes Toolkit to Simplify CRA Compliance
• Thabang Mashologu on Open Regulatory Compliance (ORC) Momentum and the Launch of the OCCTET Project
• Empowering Open Source: Insights from Eclipse Foundation’s Thabang Mashologu

Upcoming Events

• Comply.Land | 11 September 2025 - 12 September 2025
• Bitkom Open Source Forum 2025 | 18 September 2025
• The Things Conference | 23 - 24 September 2025
• Nordic Software Security Summit | 1-3 October 2025
• ETSI Security Conference 2025 | 6-9 October 2025
• CRA – Making the EU Market Resilient | 8 October 2025
• Code & Compliance Community Day | 22-23 October 2025

Welcome ORC Members

The following members joined in August 2025:

• Nordic Institute for Interoperability Solutions (NIIS)

How to Participate

• Learn
• Contribute
• Join the Working Group