SAN FRANCISCO, CA – April 29, 2025 – The Open Source Security Foundation (OpenSSF), in collaboration with LF Education, announces the general availability of LFEL1001, a free online course designed to help software developers understand and prepare for the requirements of the European Union (EU) Cyber Resilience Act (CRA). In just one week, the course…
The European Union’s Cyber Resilience Act (CRA) is a piece of legislation that covers all countries within the EU and the EAA and entered into force on 10th December 2024. It covers many types of devices and applications that are either sold or otherwise made commercially available in Europe and the intention behind it is…
SAN FRANCISCO – March 18, 2024 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the publication of two groundbreaking research reports, both in partnership with the Open Source Security Foundation (OpenSSF) and Linux Foundation Europe (LF Europe), that explore community-driven strategies to address open source security and the European Union’s Cyber Resilience Act (CRA). Authored by…
The European Union’s Cyber Resilience Act (CRA) is a piece of legislation that covers all countries within the EU and the EEA and entered into force on 10th December 2024. It covers many types of devices and applications that are either sold or otherwise made commercially available on the European market and the intention behind…
BRUSSELS – JANUARY 31, 2025 – Linux Foundation Europe and OpenSSF are excited to announce a global joint initiative to help prepare maintainers, manufacturers, and open source stewards for the implementation of the EU Cyber Resilience Act (CRA) and future cybersecurity legislation targeting jurisdictions around the world. This effort aims to help develop and formalize…
Last week the Linux Foundation Europe and OpenSSF teams held a workshop focused on the implications of the recently published Regulation (EU) 2024/2847, commonly known as the Cyber Resilience Act or CRA. The 2024 Stewards and Manufacturers Workshop in Amsterdam was a highly successful event where members from across the Linux Foundation, other upstream open…
Here's a little breakdown of the current CRA expert group composition by country and category. The biggest non-institutional groups are companies, and trade and business associations, most of which are listed as European. Not sure why Philips is listed as a trade organisation, I would put them into the same category as Ericsson and Nokia,…
In Part 1, we provided a general overview of the CRA and highlighted OpenSSF’s current activities related to its implementation. In Part 2, we’ll take a closer look at the three-year implementation timeline and what lies ahead.
With publishing as Regulation (EU) 2024/2847 in the Official Journal of the European Union, the Cyber Resilience Act (CRA) enters into force (EIF) on December 10, 2024. The CRA will fully apply three years later, on December 11, 2027. The CRA will obligate all products with digital elements, including their remote data processing, put on…
