Connect with us

Hi, what are you looking for?

Tech & Science

EU Cyber Resilience Act is set to herald in a new generation of data privacy

European institutions have successfully concluded negotiations on the Cyber Resilience Act (CRA), paving the way for its anticipated completion in early 2024.

Tech giants have been targeted by the EU for a number of allegedly unfair practices - Copyright AFP/File FAROOQ NAEEM
Tech giants have been targeted by the EU for a number of allegedly unfair practices - Copyright AFP/File FAROOQ NAEEM

Our everyday lives are dominated by digital devices, from baby-monitors to smart-watches. What is often neglected to many users is the security risk such products and software may present.

To address this, the European Commission has presented the EU Cyber Resilience Act, which is set to go before the European Parliament and become enforceable throughout member states.

In developing the Act, the European Commission engaged with open-source advocacy groups leading up to its latest version released in December 2023. To assess the importance of the legislation, there is public forum on the present draft taking place at FOSDEM in Brussels shortly.

Thierry Carrez, general manager of the Open Infrastructure Foundation participated in the public comment process for CRA. OpenInfra is an international group of more than 100,000 developers and users focused on the creation and protection of open source communities and projects. Carrez is set to play a key role at FOSDEM as well as the EU Open Source Policy Summit. 

In a message sent to Digital Journal, Carrez explains the evolution of the Act: “It’s clear from reading the CRA version published on 20 December that the engagement of many open source advocacy groups—including the OpenInfra Foundation—has led to multiple clarifications regarding the openly developed open source model.”

The Act will apply to all products connected directly or indirectly to another device or network except for specified exclusions.

In terms of these changes, Carrez thinks they are workable noting: “We’re cautiously optimistic that those clarifications will reduce the risk of CRA having global chilling effects around open source development and participation. We will continue to be proactive and urgent in our advocacy for open source as CRA implementation plans and timelines are determined. In the near term, we’ll be participating in discussions at the EU Open Source Policy Summit and FOSDEM.”

Carrez provides a few examples of amended language in the 20 December version of CRA, influenced by input from the OpenInfra community as well as the Open Source Initiative and others:

  • The funding of essential project support functions, without the intention to make a profit, does not constitute “commercial activity” and therefore is not within the scope of this regulation (see recital 10 on page 10 and recital 10c on page 12)
  • There is now a clear distinction between the development and the supply phases, with the regulation clearly triggering at the supply phase (when the software is put on the market in the course of a commercial activity) (recital 10c, page 12)
  • Foundations should be considered “open-source software stewards” (as defined in Article 3 point (18a), page 76), and should be subject to a light-touch and tailor-made regulatory regime (recital 10d, page 13), exempted from penalties (article 53(10a), page 159)

Carrez hopes these changes will lead to a stronger and more focused Act and one of benefit to the wider EU populace overall.

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:


Read the fine print carefully and understand the implications of acquiring credit card debt before signing up, check the legitimacy.

Tech & Science

This meant that the trust in that key was a forever kind of trust, one you couldn’t suddenly revoke.

Social Media

Conspiracy theories about the assassination attempt on Donald Trump received tens of millions of views on X, researchers said.


The brand managed to change the meaning of the word 'pilota' in the Michaelis dictionary.