Skip to main content

ORC learning hub

Understand the EU Cyber Resilience Act (CRA) and what it means for open source

The Cyber Resilience Act (CRA) is transforming how software is developed, distributed, and maintained across Europe, and its impact on open source is significant.

The ORC Learning Hub provides the first practical, open source-focused training to help you understand how the CRA applies in real-world scenarios and what actions you need to take.

Developed by the ORC Working Group, this training delivers real-world, role-specific guidance to help you prepare with confidence.

Training participants collaborating at a conference

Start with the right course for you

Two introductory modules are now available. Choose the one that best matches your role:

I contribute to or maintain open source

Start with

Introduction to the CRA for the Open Source Community

Designed for

  • Developers
  • Maintainers
  • Contributors
  • Open source project stewards

You’ll learn

  • How the CRA applies to open source projects
  • The role of open source vs. manufacturers
  • Key concepts like vulnerability handling and SBOMs
  • What “secure by design” means in an open source context
Start this ✨free✨ course

I manufacture products using open source

Start with

Introduction to the CRA for Manufacturers

Designed for

  • Product teams
  • Security & compliance professionals
  • OSPO leaders
  • Legal and regulatory teams

You’ll learn

  • CRA obligations for manufacturers
  • Organisational responsibilities and risk
  • Supply chain accountability
  • Security-by-design expectations and compliance context
Coming soon

What the open source community is saying

With CRA enforcement approaching, now is the time to prepare

With CRA obligations coming into effect in September 2026, organisations and open source communities must move quickly from awareness to action.

This training helps you:

  • Move from awareness to action
  • Understand your specific responsibilities
  • Prepare for real-world implementation

It is the first community-developed, practical guidance focused specifically on open source and the CRA.

Coming soon: modules 3-5

  • Deep dives on SBOMs, due diligence, and vulnerability management.
  • Learners will have the option to complete an assessment to earn a CRA & Open Source certification badge.

Stay tuned for updates as we roll out additional modules. Learners from modules 1 and 2 will receive recommendations on what to take next based on your role.

Collaborate with us

The Open Regulatory Compliance (ORC) Working Group is a neutral forum for the open source community — including foundations, maintainers, vendors, users, package managers, among others — and the broader software industry to facilitate CRA compliance.

Join the working group Participate
Members of the ORC community collaborating around a whiteboard. A speaker from the Eclipse Foundation welcoming an audience to the Code and Compliance Community Day. People navigating through the Code and Compliance event. An ORC booth where two people are talking to each other. A room full of people listening to a public speaker.

Back to the top