Cyber Resilience Act: it’s time to act!

The European Union’s Cyber Resilience Act (CRA) legislation is making its way through the legislative process, currently being discussed within the European Parliament (Rapporteur is Nicola Danti) and the European Council. Several key milestones in the coming weeks and the potential to be approved within the year, so time is of the essence.

While the Linux Foundation vehemently shares the goal to bolster security of the software supply chain, with the Open Source Security Foundation being the most concrete example of our commitment, there's broad consensus that the way the Act is currently drafted inadvertently risks imposing a major burden on open source contributors and non-profit foundations. If you are not familiar with this, please take a look at this comprehensive list of reactions compiled by the Open Source Initiative.

Linux Foundation Europe, part of the Linux Foundation, a Community which maintains the largest shared technology investment in the world, has been active on multiple fronts to prevent the risk of the CRA stifling open source innovation, a pillar the EU itself has identified as critical to achieving its human-centered technology and social goals.

Our response was articulated in 5 areas:

• We worked alongside other open source organization under the Open Forum Europe (OFE) auspices to support concrete common sense proposed amendments
• We engaged with Linux Foundation Europe participants to educate on the potential issues with the legislation and instigate action.
• We co-signed an open letter together with a broad coalition open source foundations, calling on the EU for a closer collaboration and consultation with open source communities on CRA and on future legislation.
• We organized a panel and birds-of-a-feather session to discuss the issue with the European Community which will take place on Friday 21st April at Kubecon Europe
• We are actively working to create venues for cross-foundation collaboration, aimed to provide broad representation of the open source community and an interlocutor for ongoing dialogue with policy makers
  
  

Today we are calling for the broader community to take immediate action. Whether you are an individual contributor, a corporation contributing / relying on open source, or a public sector representative, your active participation matters.

If you want to engage further with this effort, either individually or on behalf of your organisation (e.g. through your public affairs department), please fill out the form below to get in touch with Linux Foundation Europe. You can also join our CRA dedicated Discord channel.

Open source is critical to modern society, in Europe and beyond. Make sure your voice is heard.