Skip to main content

Open Source Software Stewards and CRA Whitepaper

Status: ✍️ Work in Progress

Abstract

The Cyber Resilience Act (CRA) defines a new category of organizations, Open Source Stewards (Stewards hereafter). It also defines obligations for them that are different from those of other categories like manufacturers.

This whitepaper will aim at elaborating on the obligations, restrictions, and penalties that will be imposed on Stewards.

From the elaboration on the legal text, we will outline the required elements, documents, and procedures for Stewards to fulfill their obligations.

The goal is NOT to provide a definition or guidance about who is and who is not a steward for an Product with Digital Element qualifying as Open Source Software.

This document is NOT legal guidance, but the current understanding of the CRA by its contributors.

Back to the top