The Eclipse Foundation has announced that it formed the Open Regulatory Compliance Working Group to help the open source community navigate upcoming global regulations.

“Given the impact of software technology on the global economy, it is unsurprising that governments worldwide are enacting new regulations to safeguard privacy, security, and accessibility,” said Mike Milinkovich, executive director of the Eclipse Foundation. “The Open Regulatory Compliance Working Group was created to bridge the gap between regulatory authorities and the open source ecosystem, ensuring organisations and developers can leverage open source technologies while remaining compliant with evolving global regulations.”

To start, the Working Group will focus on the European Cyber Resilience Act (CRA), which will likely be implemented later this year. 

Its current initiatives include: 

  • Developing cybersecurity best practices that align with the CRA requirements
  • Collaborating with European authorities to better understand legislative timelines
  • Pursuing relationships with European and National Standards organizations (it already liaises with the European Committee for Standardization and the European Committee for Electrotechnical Standardization) to contribute to regulatory standards
  • Hosting a series of webinars with European Commission staff
  • Developing a central hub for information related to the CRA, including webinars, glossaries, flowcharts, and FAQs

According to the Eclipse Foundation, a number of organizations have already agreed to participate in this new working group. Current participants include Apache Software Foundation (ASF), Blender Foundation, Robert Bosch GmbH, CodeDay, The Document Foundation, FreeBSD Foundation, iJUG, Lunatech, Matrix.org Foundation, Mercedes-Benz Tech Innovation GmbH, Nokia, NLnet Labs, Obeo, Open Elements, OpenForum Europe, OpenInfra Foundation, Open Source Initiative (OSI), Open Source Robotics Foundation (OSRF), OWASP, Payara Services, The PHP Foundation, Python Software Foundation, Rust Foundation, SCANOSS, Siemens, and Software Heritage.

“Compliance with the Cyber Resilience Act and other upcoming legislation poses a new challenge for the Open Source community,” Stefano Maffulli, executive director at OSI. “The Open Regulatory Compliance Working Group gives us an opportunity to find solutions together, and to work with lawmakers and regulatory bodies to help them better understand Open Source. We very much look forward to contributing to the working group.”