Skip to main content

Open Source Software Stewards and CRA Whitepaper

Status: 🚀 Shipped

Download Resource →

Abstract

The Cyber Resilience Act (CRA) defines a new category of legal persons: Open Source Stewards (hereafter “Stewards”). It also defines obligations for them that differ from those applicable to other actors, such as manufacturers.

This whitepaper aims to elaborate on the obligations, restrictions, and penalties that will be imposed on Stewards.

Based on an analysis of the legal text, we outline the required elements, documentation, and procedures that Stewards must implement to fulfill their obligations.

The goal is not to provide a definition of, or guidance on, who is or is not a Steward for a Product with Digital Elements qualifying as Open Source Software.

This document does not constitute legal guidance; it reflects the current understanding of the CRA held by its contributors.

Back to the top