Skip to main content

CRA Integration – How FOSS compliance measures support CRA obligations, especially regarding documentation, security updates, and traceability.

Janson | Day 2 | 13:00 - 13:25 | Speakers: Florian Hackel, Annika Niemann

CRA Integration – How FOSS compliance measures support CRA obligations, especially regarding documentation, security updates, and traceability.
A picture of the main stage at FOSDEM 2024
Open in browser

Notes

Abstract

Introduction – Why FOSS compliance matters today: legal exposure, rising regulatory demands under the Cyber Resilience Act (CRA), and growing supply chain accountability.

Legal Framework – Overview of license obligations, liability risks, and the intersection of open source compliance with regulatory requirements (CRA, AI Act, product safety law).

Risk-Based Approach – How organizations can tailor the depth and scope of compliance to project risk, software use, and supply chain complexity.

Practice and Tools – SBOMs, scanning tools, policy frameworks, and OpenChain implementation: what actually works to make compliance efficient and auditable.

CRA Integration – How FOSS compliance measures support CRA obligations, especially regarding documentation, security updates, and traceability.

Conclusion and Outlook – From obligation to opportunity: compliance as a mark of quality and a driver of market trust.


Notice: The placeholder video image is licensed under CC BY-SA 4.0. The original image can be found hereChanges made to the image are: Cropped the image to a new ratio, part of the image was cut off.