Blog

Formation of the Open Regulatory Compliance Working Group 

By: Dirk-Willem van Gulik, ASF VP Public Affairs

Today the Eclipse Foundation announced the official formation of the Open Regulatory Compliance Working Group (ORC WG). This initiative will first and foremost capture current best practices around software security to help the open source ecosystem prepare itself for global regulatory compliance in general and the European Cyber Resilience Act (CRA) in particular. The work will simultaneously inform governments, public, and regulatory bodies about the impact regulations will have on the unique open source development model and the innovation that it drives.

The Apache Software Foundation (ASF) is one of dozens of open source foundations, individuals, and organizations who have joined to formalize our current industry best practices and offer essential resources to help organizations navigate regulatory requirements across multiple jurisdictions. Additionally, ORC WG aims to assist government entities in providing greater legal certainty to the open source ecosystem and software supply chain.

ASF president David Nalley said, “The CRA will impact open source users and producers alike. Legislators will benefit from the brain trust of open source organizations that Eclipse has brought together to ensure that the legislation is crafted in a way that protects all parties. The ASF is committed to safeguarding our digital future by addressing the multifaceted challenges of cybersecurity in the open source ecosystem, and cooperating with and implementing the CRA.” 

ORC WG’s immediate focus is the European Cyber Resilience Act (CRA) including:

  1. Process Specifications: Development of cybersecurity process specifications and best practices aligned with the requirements of the CRA.
  2. Collaboration with European authorities: The working group actively engages with the various European institutions to understand legislative timelines and produce timely compliance materials, with a primary focus on the CRA.
  3. Formalising Standards Participation: Having secured formal liaison status with the European Committee for Standardization (CEN) and the European Committee for Electrotechnical Standardization (CENELEC), the working group is actively pursuing working relationships with other European and National Standards Organizations to expand its contribution on regulatory standards.
  4. Community and Industry Education: A series of webinars with European Commission staff aims to keep the open source community informed about the EU’s legislative process. Recordings and materials, including sessions like “How to Read the CRA” led by Enzo Ribagnac, Associate Director of European Policy at Eclipse Foundation, are available here. 
  5. Centralized Information Hub: The working group is developing a central resource to house all relevant CRA-related content, including webinars, glossaries, flowcharts, and FAQs to inform EU guidelines.

For more information on joining the Open Regulatory Compliance Working Group, visit the participation page.

The post Formation of the Open Regulatory Compliance Working Group  appeared first on The Apache Software Foundation Blog.