The Open Regulatory Compliance Working Group will be at Embedded World 2026!
π Visit the #EclipseFdn booth 4-554 in hall 4 to dive deeper into how #ORCWG is driving meaningful change in the world of open source compliance.
#embeddedworld #ew26 #CRA
Did you know? According to ONEKEY:
ποΈ 37% of companies see the 24-hour reporting rule as their number 1 challenge.
π 29% say creating a Software Bill of Materials (SBOM) is the hardest requirement.
Get started with the #CyberResilienceAct today: orcwg.org/cra/
π Happy New Year from the Open Regulatory Compliance!
2025 was a year of learning, sharing, and steady progress for the Open Regulatory Compliance community.
π Thank you to everyone who participated, shared insights, and helped make these conversations clearer and more constructive.
π£ βThe weight of compliance falls primarily on manufacturers, not on the open source community.β
Adrian OβSullivan explains what this means in practice and how the ORC Working Group supports shared understanding across the ecosystem.
Read the article to learn more: orcwg.org/blog/manufac...
9 months left to get ahead!
π The #CyberResilience demands security by design across all digital products. But 27% of companies havenβt even started engaging with CRA requirements (ONEKEY).
π Start today! orcwg.org/cra
In this ORC article, Adrian OβSullivan, Huawei, shares why the Cyber Resilience Actβs (CRA) impact is global for manufacturers and how early community engagement helped strengthen the regulation.
Learn more: orcwg.org/blog/manufac...
π£ Registration is now open for Code & Compliance 2026!
Join us on 29 January in Brussels, ahead of FOSDEM, for the next edition of Code & Compliance.
Be part of the conversations advancing open source governance, policy, and practical security solutions.
Register now: hubs.la/Q03WGtF40
π£ The FOSDEM 2026 Freedom, Sovereignty & Regulation Devroom is accepting proposals! Share your perspective on how regulation shapes digital freedom and open ecosystems.
CfP details β softwarefreedom.net/fosdem-2026-...
β° Deadline: 1 December
#FOSDEM #FOSDEM2026
π OC for Compliance at #OCX26 will bring together developers, maintainers, and legal experts to share approaches bridging the gap between legislation and implementation.
π If you want to stay ahead of evolving regulations, #OCX26 is the place for you.
π Register! www.ocxconf.org/event/2026/r...
Help shape how the #CRA impacts open source. Not sure where to start? Begin with our Deliverables Plan. In a new blog and video, we explain whatβs included, how to read the status indicators, and how to contribute.
π₯ www.youtube.com/watch?v=QamK...
π orcwg.org/blog/how-to-...
β° Final call! Our ORC has received some amazing name suggestions, but thereβs still time to share yours!
Weβre collecting ideas until 28 November, so if you havenβt joined in yet, nowβs your chance.
π Help us give our ORC the perfect name to represent the Open Regulatory Compliance community.
β° The call for proposals at Code & Compliance 2026 closes tomorrow!
Share your expertise and experiences with a highly engaged audience in Brussels.
π Submit your talk now: www-eur.cvent.com/c/abstracts/...
#CodeCompliance #CFP #CRA #opensource
π Join our speaker lineup for Code & Compliance 2026!
Following the success of our Code & Compliance Community Day, weβre building the next event to go even deeper into #CRA implementation and open source compliance.
π Brussels
π Submit your talk by 25 November: www-eur.cvent.com/c/abstracts/...
π OC for Compliance at #OCX26 will bring together developers, maintainers, and legal experts to share practical approaches bridging the gap between legislation and implementation.
π Lock in your #OCX26 ticket before prices go up! www.ocxconf.org/event/403bff...
π’ Present at Code & Compliance 2026!
Weβre looking for panels, presentations, roundtables, or workshops on topics such as tooling, attestations, stewardship, standardisation, or policy.
π Submit your talk before 25 November: www-eur.cvent.com/c/abstracts/...
New project!
π The objective of the Cyber Resilience Attestations project is to propose a means to support the due diligence responsibilities of manufacturers who rely on F/OSS components.
Learn more: projects.eclipse.org/projects/tec...
The countdown is on!
Manufacturers have less than a year to comply with the #CyberResilienceActβs vulnerability reporting requirements.
π Explore our resources to help your team prepare: orcwg.org/cra/
#CRA #CyberResilience #ORCWG
What is an #opensource software steward?
π Open source software steward is a term defined in Article 3(14) of the CRA. However, the discussion on this topic is ongoing.
Check our ongoing #CRAFAQ discussion on GitHub and share your thoughts and contributions!
github.com/orcwg/cra-hu...
π» Open source AI in automotive: legal & compliance implications
Join us on 6 November 2025 at 3 PM CET for a practical briefing with Dr. Lina BΓΆcker.
π Register now: www.crowdcast.io/c/ocx-day4-c...
π€ Can a solo maintainer be considered to be an #opensource software steward? What do you think?
Share your feedback on our CRA FAQ document: github.com/orcwg/cra-hu...
β
Compliance isnβt about ticking boxes; itβs about building trust in open source.
At #OCX26, the Open Community for Compliance invites proposals on regulatory requirements, the CRA, certification, and standardisation.
Send your proposal before 13 November! www.ocxconf.org/event/403bff...
I am NOT subject to the CRA, and want to make this clear to downstream users. What should I say?
Help answer this question in our CRA FAQ document.
Contribute to the discussion π
github.com/orcwg/cra-hu...
Francisco Carneiro will introduce the @eclipse.org Open Regulatory Compliance WG at #SFSCON in Bolzano.
Join his session on 7 November to explore how the working group brings together key stakeholders to co-develop reusable tools.
Donβt miss it π pretix.eu/noi-digital/...
π’ Contribute to the FAQ on the Cyber Resilience Act (#CRA) and have an impact!
Some questions around open source projects, maintainers, stewards, or CRA standards are still being discussed. We need your input.
π Check out the CRA FAQ and share your feedback with us! github.com/orcwg/cra-hu...
Discover the ORCβs Cyber Resilience SIG deliverables plan:
β
Navigate the deliverables plan and see CRA-related projects
β
Understand the scope of each deliverable
β
Find ways to get involved and contribute
π₯ Watch video: www.youtube.com/watch?v=QamK...
π Read the blog: orcwg.org/blog/how-to-...
π€ Itβs #CRA time at The Things Conference!
@j-rico.bsky.social, Senior Program Manager @orcwg.org at @eclipse.org is on stage in Amsterdam delivering the keynote βWill the CRA Break Open Source in #IoT, or Make It Stronger?β
#EclipseFdn #opensource #CyberResilienceAct
Why attend the Code & Compliance Community Day?
1οΈβ£ Deepen your understanding of the #CRA
2οΈβ£ Be part of the discussions shaping CRA compliance
3οΈβ£ Attend the OpenForum Europe's roundtable βSolving the Standardisation Dilemmaβ
orcwg.org/blog/code-co...
www.eclipse-foundation.events/event/Code-a...
π Are you interested in the #CRA? September is packed with events!
1οΈβ£ Comply.Land β Malta, 11-12 September
2οΈβ£ Bitkom Open Source Forum β Erfurt, 18 September
3οΈβ£ The Things Conference β Amsterdam, 23β24 September
π Connect with Juan Rico, from the ORC, at Bitkom & The Things Conference.
With more than 600 videos relevant to the #Java community, #JakartaEE's YouTube channel has something for everyone.
Check it out and be sure to subscribe.
www.youtube.com/channel/UC4M...
π Why attend Comply.Land 2025? Because regulatory frameworks are shaping the future of technology, and this is your chance to be part of the conversation.
The #ORC community will be there, sharing our work on aligning open source practices with evolving compliance requirements.
π hubs.la/Q03FqKSK0
