CRA Integration – How FOSS compliance measures support CRA obligations, especially regarding documentation, security updates, and traceability.
Janson | Day 2 | 13:00 - 13:25 | Speakers: Florian Hackel, Annika Niemann
Abstract
Introduction – Why FOSS compliance matters today: legal exposure, rising regulatory demands under the Cyber Resilience Act (CRA), and growing supply chain accountability.
Legal Framework – Overview of license obligations, liability risks, and the intersection of open source compliance with regulatory requirements (CRA, AI Act, product safety law).
Risk-Based Approach – How organizations can tailor the depth and scope of compliance to project risk, software use, and supply chain complexity.
Practice and Tools – SBOMs, scanning tools, policy frameworks, and OpenChain implementation: what actually works to make compliance efficient and auditable.
CRA Integration – How FOSS compliance measures support CRA obligations, especially regarding documentation, security updates, and traceability.
Conclusion and Outlook – From obligation to opportunity: compliance as a mark of quality and a driver of market trust.
Speakers
Florian Hackel is an attorney at JUN Legal GmbH and specializes in IT, data protection, and commercial law, particularly software licensing law. He reviews and evaluates open source licensing of software products and supports companies in introducing and implementing compliance processes for free and open source software. He also advises clients on regulatory issues in the field of artificial intelligence, particularly the EU AI Act. He develops tailor-made solutions for complex legal issues and communicates them in a clear and understandable manner. He is also co-author of the “Praxishandbuch Open Source” (Practical Handbook on Open Source).
Annika Niemann is a solicitor at JUN Legal GmbH, specialising in IT and data protection law. She advises on open source compliance, particularly supporting companies in the legally compliant use of open source software. Another aspect of her work involves advising clients on AI compliance. This involves advising on the legal requirements and practical implementation of generative AI in companies, with regard to the EU AI Act and the GDPR.
Links
External Links
Notice: The placeholder video image is licensed under CC BY-SA 4.0. The original image can be found hereChanges made to the image are: Cropped the image to a new ratio, part of the image was cut off.
