As part of the "Dialogue for Cybersecurity" project, the @fsfe and the German Federal Office for Information Security (BSI) are working together with representatives from civil society, academia, industry and government in a project on the #CRA and its implications for #FreeSoftware.

📺 Watch the recording of the first event in this series, which took place on 3 April: https://media.fsfe.org/w/f14ys5iqatZgKucz7WGPNT

FSFE

2025-04-24 08:31:54

Free Software and CRA - expert talk and discussion

As part of the “Dialog für Cybersicherheit” (Dialogue on Cybersecurity) project, the FSFE and the Federal Office for Information Security (BSI) are working together with representatives from civil society, academia, industry and public authorities in a project on the Cyber Resilience Act (CRA) and its implication for Free Software. To ensure clarity, information is needed on who will take on which role and which tasks and processes are to be carried out. In particular, the role of Open Source Stewards and Free Software beyond commercial interest are of particular importance to the project.

This video is a recording of an event held as part of the "Dialogue for Cybersecurity." The statements
made therein do not necessarily reflect the opinion of the Federal Office for Information Security
(BSI). The first event in the workstream series took place on April 3, 2025.

Moderators: Alexander Sander, Free Software Foundation Europe (FSFE) und Michael Schuster, (BSI)

Speakers: Caroline Krohn (BSI) and Maarten Aertsen, senior internet technologist at NLnet Labs

Maarten Aertsen's talk focuses on how Free and Open-Source Software (FOSS) is addressed by the
Cyber Resilience Act and in particular on how that is different from other New Legislative Framework
(NLF) style regulations in different segments.

In the "Dialog for Cybersecurity", organized civil society and representatives from science, culture
and media, industry and state (dialogue partners) enter into intensive exchange with each other and
with the BSI.

More information: https://www.dialog-cybersicherheit.de/workstreams/.
© BSI

Dialog für Cybersicherheit | Workstreams

^{www.dialog-cybersicherheit.de}

Happy to have 3 talks about the Cyber Resilience Act #CRA in the legal and policy devroom, which I co-organise for #FOSDEM

* The EU CRA and #Copyleft
https://fosdem.org/2025/schedule/event/fosdem-2025-5291-the-eu-cra-and-copyleft/

* Legislative overlay: anticipating and navigating through regulatory vectors https://fosdem.org/2025/schedule/event/fosdem-2025-5325-legislative-overlay-anticipating-and-navigating-through-regulatory-vectors/

* CRA Q&A on #OpenSource Stewards under the Cyber Resilience Act https://fosdem.org/2025/schedule/event/fosdem-2025-6638-cra-q-a-on-open-source-stewards-under-the-cyber-resilience-act/

FOSDEM 2025 - The EU CRA and Copyleft

^fosdem.org

We have @carlmalamud to thank for making the European Commission admit that harmonised standards form part of the public law. Now we need to make sure everyone can legally comply without paying royalties to the companies who write the standards.

https://the.webm.ink/patents-and-the-presumption-of-conformity

#CRA #Policy #SoftwareFreedom #Patents

Patents and the Presumption of Conformity

Access to the law includes access to the harmonised standards it predicates. But is it right that those standards can include royalty-due...

^{Webmink In Draft}

With CRA and PLD liability rules for software have been introduced with a broad exception for Free Software. After long and intense debates individual developers and non for profit work are safeguarded. Alexander Sander sheds light on those new rules.

Already at an early stage, the FSFE argued in a hearing in the EU Parliament, for the inclusion of clear and precise exemptions for Free Software development in the legislation and for liability to be transferred to those who significantly financially benefit from it on the market.

In the future, individual developers and non-profit development of Free Software will be exempt from the CRA and the PLD. Nevertheless, the wording in both the regulations are different and a standardisation processes and guidelines are still being drawn up.

In this talk Alexander Sander discusses what this new regulation means for software freedom in future and what happens at this stage and how to be involved in implementation.

The coming EU Cyber Resilience Act will affect all Open Source projects. The Eclipse Foundation has created the Open Regulatory Compliance working group together with a list of other Open Source organisations to jointly develop best current practises and have a continuous dialog with regulatory bodies.

Mikael Barbero will present this important workgroup at the NSSS24!

Register today for the conference - https://nsss.se

@EclipseFdn @owasp @openssf
#EUCRA #CRA #OPENSOURCE