Effects of Cyber Resilience Act(CRA) on Open Source Ecosystem #323
Closed
OnkarRuikar
started this conversation in
General
Replies: 2 comments 1 reply
-
Hi @OnkarRuikar. It looks like MDN is not affected by this. |
Beta Was this translation helpful? Give feedback.
1 reply
-
JYP has answered this in https://github.com/orgs/mdn/discussions/323#discussioncomment-4826200 so I'm closing now. Thank you for raising it, Onkar! |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
What is it?
The Cyber Resilience Act (CRA) is a piece of legislation proposed by the European Commission to protect consumers and businesses from inadequate cybersecurity features of hardware and software products with digital elements. It makes manufacturers, importers, and distributors responsible for the cybersecurity of a product during the whole lifecycle of the product.
After the European Parliament and Council approves it, manufacturers of hardware and software products will have 24 months to comply and 12 months to start reporting the product vulnerabilities.
The discussion is mostly about how it will affect open source ecosystem.
What is affected?
There is a list of types of products that will come under CRA. They’ve been grouped in classes based on criticality.
Here are some of the types:
They have asserted that CRA will also be applicable to any software that involves commercial activity.
What is required?
Following are some of the requirements:
Above activity is to be done only on the final product that is making money. The obligation falls on the main manufacturer/seller/importer.
For more details refer the official Cyber Resilience Act page.
Repercussions
Apart from critical software(like OS and browsers), CRA will be applicable to other open source software because of involvement of commercial activity. For example, paid technical support, sponsorships, donations, and any sort of monetization. They’ve asserted that if anyone is making money with an open source product then it falls under CRA.
Following issues may arise:
Beta Was this translation helpful? Give feedback.
All reactions