ORC Monthly: Momentum After FOSDEM

Following a strong presence at FOSDEM and our second Code & Compliance event, conversations around the Cyber Resilience Act (CRA) continue to mature — shifting from awareness to practical implementation. The sessions and workshops helped advance key ORC deliverables, including the voluntary security attestations project and ongoing work around due diligence. As momentum builds around these critical initiatives, we encourage you to follow orcwg.org/blog for the latest updates and opportunities to get involved.

Timo Perala and Dirk-Willem van Gulik
ORC co-chairs

What’s New

• Open Community for Compliance at OCX 2026
  The Open Community for Compliance program is shaping up to be a must-attend event, featuring sessions like Beyond Compliance: What the Cyber Resilience Act Means for Software Trust and Generating an SBOM Is Not Enough for Java Teams. If you’re navigating CRA readiness or responsible open source practices, this is where the conversation is happening. Register now to secure your spot in Brussels, April 21–23.
• Code & Compliance – FOSDEM Edition Recordings Available
  Catch up on the full playlist from our latest Code & Compliance, featuring expert discussions on open source, compliance realities, and CRA readiness.
• Eclipse Foundation and ECSO Formalise Cooperation
  The Eclipse Foundation and the European Cyber Security Organisation (ECSO) have signed a Memorandum of Understanding to strengthen collaboration around cybersecurity, standards, and regulatory readiness — reinforcing our shared commitment to a secure and resilient digital ecosystem. Learn more

Blog you might have missed

• From Code to Compliance at FOSDEM 2026
• Please don’t make your CRA due diligence a DoS attack!
• ORC’s First Whitepaper on Open Source Software Stewards and the Cyber Resilience Act

Overheard

Upcoming Events

• Embedded World 2026 | March 10-12, 2026
• 10th Cybersecurity Standardisation Conference | March 12, 2026
• FOSS Backstage 2026 | 16-17 March 2026
• OpenChain and Friends 2026 | 24-26 March 2026
• Open Community Experience (OCX) 2026 | 21-23 April 2026

Recent Talks & Events

• FOSDEM: Could Compliance Costs Sustain FOSS? A Theory of Voluntary Attestations
• FOSDEM: The CRA isn’t coming for your open source community
• Open Source Governance in the Global South: Challenges, Opportunities & Compliance in Africa | CRA Monday
• Anyone who still puts AI-generated code into circulation has conditional intent to infringe the law | CRA Monday
• Code & Compliance - FOSDEM Edition

How to Participate

• Learn
• Contribute
• Join the Working Group