Open Regulatory Compliance
@orcwg.org
Leading regulatory compliance for open source.
Hosted by @eclipse.org
Hosted by @eclipse.org
Pinned
📣 Registration is now open for Code & Compliance 2026!
Join us on 29 January in Brussels, ahead of FOSDEM, for the next edition of Code & Compliance.
Be part of the conversations advancing open source governance, policy, and practical security solutions.
Register now: hubs.la/Q03WGtF40
Join us on 29 January in Brussels, ahead of FOSDEM, for the next edition of Code & Compliance.
Be part of the conversations advancing open source governance, policy, and practical security solutions.
Register now: hubs.la/Q03WGtF40
🎊 Happy New Year from the Open Regulatory Compliance!
2025 was a year of learning, sharing, and steady progress for the Open Regulatory Compliance community.
👏 Thank you to everyone who participated, shared insights, and helped make these conversations clearer and more constructive.
2025 was a year of learning, sharing, and steady progress for the Open Regulatory Compliance community.
👏 Thank you to everyone who participated, shared insights, and helped make these conversations clearer and more constructive.
January 1, 2026 at 10:46 AM
🎊 Happy New Year from the Open Regulatory Compliance!
2025 was a year of learning, sharing, and steady progress for the Open Regulatory Compliance community.
👏 Thank you to everyone who participated, shared insights, and helped make these conversations clearer and more constructive.
2025 was a year of learning, sharing, and steady progress for the Open Regulatory Compliance community.
👏 Thank you to everyone who participated, shared insights, and helped make these conversations clearer and more constructive.
📣 “The weight of compliance falls primarily on manufacturers, not on the open source community.”
Adrian O’Sullivan explains what this means in practice and how the ORC Working Group supports shared understanding across the ecosystem.
Read the article to learn more: orcwg.org/blog/manufac...
Adrian O’Sullivan explains what this means in practice and how the ORC Working Group supports shared understanding across the ecosystem.
Read the article to learn more: orcwg.org/blog/manufac...
The CRA’s Global Impact: Why Manufacturers Hold the Key | Open Regulatory Compliance Working Group
The open source community is collaborating to establish common specifications for secure software development based on open source best practices.
orcwg.org
December 16, 2025 at 12:23 PM
📣 “The weight of compliance falls primarily on manufacturers, not on the open source community.”
Adrian O’Sullivan explains what this means in practice and how the ORC Working Group supports shared understanding across the ecosystem.
Read the article to learn more: orcwg.org/blog/manufac...
Adrian O’Sullivan explains what this means in practice and how the ORC Working Group supports shared understanding across the ecosystem.
Read the article to learn more: orcwg.org/blog/manufac...
9 months left to get ahead!
📉 The #CyberResilience demands security by design across all digital products. But 27% of companies haven’t even started engaging with CRA requirements (ONEKEY).
🔗 Start today! orcwg.org/cra
📉 The #CyberResilience demands security by design across all digital products. But 27% of companies haven’t even started engaging with CRA requirements (ONEKEY).
🔗 Start today! orcwg.org/cra
The European Union's Cyber Resilience Act | Open Regulatory Compliance Working Group
Learn how the EU Cyber Resilience Act (CRA) impacts open source software development. Understand key compliance requirements and what the CRA means for your …
orcwg.org
December 11, 2025 at 10:41 AM
9 months left to get ahead!
📉 The #CyberResilience demands security by design across all digital products. But 27% of companies haven’t even started engaging with CRA requirements (ONEKEY).
🔗 Start today! orcwg.org/cra
📉 The #CyberResilience demands security by design across all digital products. But 27% of companies haven’t even started engaging with CRA requirements (ONEKEY).
🔗 Start today! orcwg.org/cra
In this ORC article, Adrian O’Sullivan, Huawei, shares why the Cyber Resilience Act’s (CRA) impact is global for manufacturers and how early community engagement helped strengthen the regulation.
Learn more: orcwg.org/blog/manufac...
Learn more: orcwg.org/blog/manufac...
December 5, 2025 at 11:17 AM
In this ORC article, Adrian O’Sullivan, Huawei, shares why the Cyber Resilience Act’s (CRA) impact is global for manufacturers and how early community engagement helped strengthen the regulation.
Learn more: orcwg.org/blog/manufac...
Learn more: orcwg.org/blog/manufac...
📣 Registration is now open for Code & Compliance 2026!
Join us on 29 January in Brussels, ahead of FOSDEM, for the next edition of Code & Compliance.
Be part of the conversations advancing open source governance, policy, and practical security solutions.
Register now: hubs.la/Q03WGtF40
Join us on 29 January in Brussels, ahead of FOSDEM, for the next edition of Code & Compliance.
Be part of the conversations advancing open source governance, policy, and practical security solutions.
Register now: hubs.la/Q03WGtF40
December 4, 2025 at 11:09 AM
📣 Registration is now open for Code & Compliance 2026!
Join us on 29 January in Brussels, ahead of FOSDEM, for the next edition of Code & Compliance.
Be part of the conversations advancing open source governance, policy, and practical security solutions.
Register now: hubs.la/Q03WGtF40
Join us on 29 January in Brussels, ahead of FOSDEM, for the next edition of Code & Compliance.
Be part of the conversations advancing open source governance, policy, and practical security solutions.
Register now: hubs.la/Q03WGtF40
📣 The FOSDEM 2026 Freedom, Sovereignty & Regulation Devroom is accepting proposals! Share your perspective on how regulation shapes digital freedom and open ecosystems.
CfP details ➜ softwarefreedom.net/fosdem-2026-...
⏰ Deadline: 1 December
#FOSDEM #FOSDEM2026
CfP details ➜ softwarefreedom.net/fosdem-2026-...
⏰ Deadline: 1 December
#FOSDEM #FOSDEM2026
November 28, 2025 at 12:15 PM
📣 The FOSDEM 2026 Freedom, Sovereignty & Regulation Devroom is accepting proposals! Share your perspective on how regulation shapes digital freedom and open ecosystems.
CfP details ➜ softwarefreedom.net/fosdem-2026-...
⏰ Deadline: 1 December
#FOSDEM #FOSDEM2026
CfP details ➜ softwarefreedom.net/fosdem-2026-...
⏰ Deadline: 1 December
#FOSDEM #FOSDEM2026
🔐 OC for Compliance at #OCX26 will bring together developers, maintainers, and legal experts to share approaches bridging the gap between legislation and implementation.
👉 If you want to stay ahead of evolving regulations, #OCX26 is the place for you.
📆 Register! www.ocxconf.org/event/2026/r...
👉 If you want to stay ahead of evolving regulations, #OCX26 is the place for you.
📆 Register! www.ocxconf.org/event/2026/r...
November 27, 2025 at 8:18 AM
🔐 OC for Compliance at #OCX26 will bring together developers, maintainers, and legal experts to share approaches bridging the gap between legislation and implementation.
👉 If you want to stay ahead of evolving regulations, #OCX26 is the place for you.
📆 Register! www.ocxconf.org/event/2026/r...
👉 If you want to stay ahead of evolving regulations, #OCX26 is the place for you.
📆 Register! www.ocxconf.org/event/2026/r...
Help shape how the #CRA impacts open source. Not sure where to start? Begin with our Deliverables Plan. In a new blog and video, we explain what’s included, how to read the status indicators, and how to contribute.
🎥 www.youtube.com/watch?v=QamK...
📝 orcwg.org/blog/how-to-...
🎥 www.youtube.com/watch?v=QamK...
📝 orcwg.org/blog/how-to-...
November 26, 2025 at 10:11 AM
Help shape how the #CRA impacts open source. Not sure where to start? Begin with our Deliverables Plan. In a new blog and video, we explain what’s included, how to read the status indicators, and how to contribute.
🎥 www.youtube.com/watch?v=QamK...
📝 orcwg.org/blog/how-to-...
🎥 www.youtube.com/watch?v=QamK...
📝 orcwg.org/blog/how-to-...
⏰ Final call! Our ORC has received some amazing name suggestions, but there’s still time to share yours!
We’re collecting ideas until 28 November, so if you haven’t joined in yet, now’s your chance.
💚 Help us give our ORC the perfect name to represent the Open Regulatory Compliance community.
We’re collecting ideas until 28 November, so if you haven’t joined in yet, now’s your chance.
💚 Help us give our ORC the perfect name to represent the Open Regulatory Compliance community.
November 25, 2025 at 8:47 AM
⏰ Final call! Our ORC has received some amazing name suggestions, but there’s still time to share yours!
We’re collecting ideas until 28 November, so if you haven’t joined in yet, now’s your chance.
💚 Help us give our ORC the perfect name to represent the Open Regulatory Compliance community.
We’re collecting ideas until 28 November, so if you haven’t joined in yet, now’s your chance.
💚 Help us give our ORC the perfect name to represent the Open Regulatory Compliance community.
⏰ The call for proposals at Code & Compliance 2026 closes tomorrow!
Share your expertise and experiences with a highly engaged audience in Brussels.
🔗 Submit your talk now: www-eur.cvent.com/c/abstracts/...
#CodeCompliance #CFP #CRA #opensource
Share your expertise and experiences with a highly engaged audience in Brussels.
🔗 Submit your talk now: www-eur.cvent.com/c/abstracts/...
#CodeCompliance #CFP #CRA #opensource
November 24, 2025 at 11:38 AM
⏰ The call for proposals at Code & Compliance 2026 closes tomorrow!
Share your expertise and experiences with a highly engaged audience in Brussels.
🔗 Submit your talk now: www-eur.cvent.com/c/abstracts/...
#CodeCompliance #CFP #CRA #opensource
Share your expertise and experiences with a highly engaged audience in Brussels.
🔗 Submit your talk now: www-eur.cvent.com/c/abstracts/...
#CodeCompliance #CFP #CRA #opensource
👋 Join our speaker lineup for Code & Compliance 2026!
Following the success of our Code & Compliance Community Day, we’re building the next event to go even deeper into #CRA implementation and open source compliance.
📍 Brussels
🔗 Submit your talk by 25 November: www-eur.cvent.com/c/abstracts/...
Following the success of our Code & Compliance Community Day, we’re building the next event to go even deeper into #CRA implementation and open source compliance.
📍 Brussels
🔗 Submit your talk by 25 November: www-eur.cvent.com/c/abstracts/...
November 19, 2025 at 9:37 PM
👋 Join our speaker lineup for Code & Compliance 2026!
Following the success of our Code & Compliance Community Day, we’re building the next event to go even deeper into #CRA implementation and open source compliance.
📍 Brussels
🔗 Submit your talk by 25 November: www-eur.cvent.com/c/abstracts/...
Following the success of our Code & Compliance Community Day, we’re building the next event to go even deeper into #CRA implementation and open source compliance.
📍 Brussels
🔗 Submit your talk by 25 November: www-eur.cvent.com/c/abstracts/...
🔐 OC for Compliance at #OCX26 will bring together developers, maintainers, and legal experts to share practical approaches bridging the gap between legislation and implementation.
📆 Lock in your #OCX26 ticket before prices go up! www.ocxconf.org/event/403bff...
📆 Lock in your #OCX26 ticket before prices go up! www.ocxconf.org/event/403bff...
November 18, 2025 at 10:04 PM
🔐 OC for Compliance at #OCX26 will bring together developers, maintainers, and legal experts to share practical approaches bridging the gap between legislation and implementation.
📆 Lock in your #OCX26 ticket before prices go up! www.ocxconf.org/event/403bff...
📆 Lock in your #OCX26 ticket before prices go up! www.ocxconf.org/event/403bff...
📢 Present at Code & Compliance 2026!
We’re looking for panels, presentations, roundtables, or workshops on topics such as tooling, attestations, stewardship, standardisation, or policy.
👉 Submit your talk before 25 November: www-eur.cvent.com/c/abstracts/...
We’re looking for panels, presentations, roundtables, or workshops on topics such as tooling, attestations, stewardship, standardisation, or policy.
👉 Submit your talk before 25 November: www-eur.cvent.com/c/abstracts/...
November 14, 2025 at 11:35 AM
📢 Present at Code & Compliance 2026!
We’re looking for panels, presentations, roundtables, or workshops on topics such as tooling, attestations, stewardship, standardisation, or policy.
👉 Submit your talk before 25 November: www-eur.cvent.com/c/abstracts/...
We’re looking for panels, presentations, roundtables, or workshops on topics such as tooling, attestations, stewardship, standardisation, or policy.
👉 Submit your talk before 25 November: www-eur.cvent.com/c/abstracts/...
New project!
🔐 The objective of the Cyber Resilience Attestations project is to propose a means to support the due diligence responsibilities of manufacturers who rely on F/OSS components.
Learn more: projects.eclipse.org/projects/tec...
🔐 The objective of the Cyber Resilience Attestations project is to propose a means to support the due diligence responsibilities of manufacturers who rely on F/OSS components.
Learn more: projects.eclipse.org/projects/tec...
November 13, 2025 at 8:34 AM
New project!
🔐 The objective of the Cyber Resilience Attestations project is to propose a means to support the due diligence responsibilities of manufacturers who rely on F/OSS components.
Learn more: projects.eclipse.org/projects/tec...
🔐 The objective of the Cyber Resilience Attestations project is to propose a means to support the due diligence responsibilities of manufacturers who rely on F/OSS components.
Learn more: projects.eclipse.org/projects/tec...
The countdown is on!
Manufacturers have less than a year to comply with the #CyberResilienceAct’s vulnerability reporting requirements.
📘 Explore our resources to help your team prepare: orcwg.org/cra/
#CRA #CyberResilience #ORCWG
Manufacturers have less than a year to comply with the #CyberResilienceAct’s vulnerability reporting requirements.
📘 Explore our resources to help your team prepare: orcwg.org/cra/
#CRA #CyberResilience #ORCWG
November 11, 2025 at 9:45 AM
The countdown is on!
Manufacturers have less than a year to comply with the #CyberResilienceAct’s vulnerability reporting requirements.
📘 Explore our resources to help your team prepare: orcwg.org/cra/
#CRA #CyberResilience #ORCWG
Manufacturers have less than a year to comply with the #CyberResilienceAct’s vulnerability reporting requirements.
📘 Explore our resources to help your team prepare: orcwg.org/cra/
#CRA #CyberResilience #ORCWG
What is an #opensource software steward?
🌐 Open source software steward is a term defined in Article 3(14) of the CRA. However, the discussion on this topic is ongoing.
Check our ongoing #CRAFAQ discussion on GitHub and share your thoughts and contributions!
github.com/orcwg/cra-hu...
🌐 Open source software steward is a term defined in Article 3(14) of the CRA. However, the discussion on this topic is ongoing.
Check our ongoing #CRAFAQ discussion on GitHub and share your thoughts and contributions!
github.com/orcwg/cra-hu...
November 10, 2025 at 9:01 AM
What is an #opensource software steward?
🌐 Open source software steward is a term defined in Article 3(14) of the CRA. However, the discussion on this topic is ongoing.
Check our ongoing #CRAFAQ discussion on GitHub and share your thoughts and contributions!
github.com/orcwg/cra-hu...
🌐 Open source software steward is a term defined in Article 3(14) of the CRA. However, the discussion on this topic is ongoing.
Check our ongoing #CRAFAQ discussion on GitHub and share your thoughts and contributions!
github.com/orcwg/cra-hu...
💻 Open source AI in automotive: legal & compliance implications
Join us on 6 November 2025 at 3 PM CET for a practical briefing with Dr. Lina Böcker.
👉 Register now: www.crowdcast.io/c/ocx-day4-c...
Join us on 6 November 2025 at 3 PM CET for a practical briefing with Dr. Lina Böcker.
👉 Register now: www.crowdcast.io/c/ocx-day4-c...
October 30, 2025 at 9:12 AM
💻 Open source AI in automotive: legal & compliance implications
Join us on 6 November 2025 at 3 PM CET for a practical briefing with Dr. Lina Böcker.
👉 Register now: www.crowdcast.io/c/ocx-day4-c...
Join us on 6 November 2025 at 3 PM CET for a practical briefing with Dr. Lina Böcker.
👉 Register now: www.crowdcast.io/c/ocx-day4-c...
🤔 Can a solo maintainer be considered to be an #opensource software steward? What do you think?
Share your feedback on our CRA FAQ document: github.com/orcwg/cra-hu...
Share your feedback on our CRA FAQ document: github.com/orcwg/cra-hu...
October 29, 2025 at 10:12 AM
🤔 Can a solo maintainer be considered to be an #opensource software steward? What do you think?
Share your feedback on our CRA FAQ document: github.com/orcwg/cra-hu...
Share your feedback on our CRA FAQ document: github.com/orcwg/cra-hu...
✅ Compliance isn’t about ticking boxes; it’s about building trust in open source.
At #OCX26, the Open Community for Compliance invites proposals on regulatory requirements, the CRA, certification, and standardisation.
Send your proposal before 13 November! www.ocxconf.org/event/403bff...
At #OCX26, the Open Community for Compliance invites proposals on regulatory requirements, the CRA, certification, and standardisation.
Send your proposal before 13 November! www.ocxconf.org/event/403bff...
October 28, 2025 at 11:34 AM
✅ Compliance isn’t about ticking boxes; it’s about building trust in open source.
At #OCX26, the Open Community for Compliance invites proposals on regulatory requirements, the CRA, certification, and standardisation.
Send your proposal before 13 November! www.ocxconf.org/event/403bff...
At #OCX26, the Open Community for Compliance invites proposals on regulatory requirements, the CRA, certification, and standardisation.
Send your proposal before 13 November! www.ocxconf.org/event/403bff...
I am NOT subject to the CRA, and want to make this clear to downstream users. What should I say?
Help answer this question in our CRA FAQ document.
Contribute to the discussion 👇
github.com/orcwg/cra-hu...
Help answer this question in our CRA FAQ document.
Contribute to the discussion 👇
github.com/orcwg/cra-hu...
cra-hub/faq/maintainers/transparency.md at main · orcwg/cra-hub
Everything you ever wanted to know about the CRA and its implementation - orcwg/cra-hub
github.com
October 23, 2025 at 9:02 AM
I am NOT subject to the CRA, and want to make this clear to downstream users. What should I say?
Help answer this question in our CRA FAQ document.
Contribute to the discussion 👇
github.com/orcwg/cra-hu...
Help answer this question in our CRA FAQ document.
Contribute to the discussion 👇
github.com/orcwg/cra-hu...
Francisco Carneiro will introduce the @eclipse.org Open Regulatory Compliance WG at #SFSCON in Bolzano.
Join his session on 7 November to explore how the working group brings together key stakeholders to co-develop reusable tools.
Don’t miss it 👉 pretix.eu/noi-digital/...
Join his session on 7 November to explore how the working group brings together key stakeholders to co-develop reusable tools.
Don’t miss it 👉 pretix.eu/noi-digital/...
October 21, 2025 at 10:04 AM
Francisco Carneiro will introduce the @eclipse.org Open Regulatory Compliance WG at #SFSCON in Bolzano.
Join his session on 7 November to explore how the working group brings together key stakeholders to co-develop reusable tools.
Don’t miss it 👉 pretix.eu/noi-digital/...
Join his session on 7 November to explore how the working group brings together key stakeholders to co-develop reusable tools.
Don’t miss it 👉 pretix.eu/noi-digital/...
📢 Contribute to the FAQ on the Cyber Resilience Act (#CRA) and have an impact!
Some questions around open source projects, maintainers, stewards, or CRA standards are still being discussed. We need your input.
👉 Check out the CRA FAQ and share your feedback with us! github.com/orcwg/cra-hu...
Some questions around open source projects, maintainers, stewards, or CRA standards are still being discussed. We need your input.
👉 Check out the CRA FAQ and share your feedback with us! github.com/orcwg/cra-hu...
cra-hub/faq.md at main · orcwg/cra-hub
Everything you ever wanted to know about the CRA and its implementation - orcwg/cra-hub
github.com
October 17, 2025 at 9:14 AM
📢 Contribute to the FAQ on the Cyber Resilience Act (#CRA) and have an impact!
Some questions around open source projects, maintainers, stewards, or CRA standards are still being discussed. We need your input.
👉 Check out the CRA FAQ and share your feedback with us! github.com/orcwg/cra-hu...
Some questions around open source projects, maintainers, stewards, or CRA standards are still being discussed. We need your input.
👉 Check out the CRA FAQ and share your feedback with us! github.com/orcwg/cra-hu...
Discover the ORC’s Cyber Resilience SIG deliverables plan:
✅ Navigate the deliverables plan and see CRA-related projects
✅ Understand the scope of each deliverable
✅ Find ways to get involved and contribute
🎥 Watch video: www.youtube.com/watch?v=QamK...
📝 Read the blog: orcwg.org/blog/how-to-...
✅ Navigate the deliverables plan and see CRA-related projects
✅ Understand the scope of each deliverable
✅ Find ways to get involved and contribute
🎥 Watch video: www.youtube.com/watch?v=QamK...
📝 Read the blog: orcwg.org/blog/how-to-...
How to Contribute to ORC Deliverables
Want to shape how the Cyber Resilience Act (CRA) impacts the open source ecosystem? This video walks you through the ORC’s Cyber Resilience SIG deliverables plan and explains how you can see which…
www.youtube.com
October 16, 2025 at 8:41 AM
Discover the ORC’s Cyber Resilience SIG deliverables plan:
✅ Navigate the deliverables plan and see CRA-related projects
✅ Understand the scope of each deliverable
✅ Find ways to get involved and contribute
🎥 Watch video: www.youtube.com/watch?v=QamK...
📝 Read the blog: orcwg.org/blog/how-to-...
✅ Navigate the deliverables plan and see CRA-related projects
✅ Understand the scope of each deliverable
✅ Find ways to get involved and contribute
🎥 Watch video: www.youtube.com/watch?v=QamK...
📝 Read the blog: orcwg.org/blog/how-to-...
🎤 It’s #CRA time at The Things Conference!
@j-rico.bsky.social, Senior Program Manager @orcwg.org at @eclipse.org is on stage in Amsterdam delivering the keynote “Will the CRA Break Open Source in #IoT, or Make It Stronger?”
#EclipseFdn #opensource #CyberResilienceAct
@j-rico.bsky.social, Senior Program Manager @orcwg.org at @eclipse.org is on stage in Amsterdam delivering the keynote “Will the CRA Break Open Source in #IoT, or Make It Stronger?”
#EclipseFdn #opensource #CyberResilienceAct
September 24, 2025 at 12:20 PM
🎤 It’s #CRA time at The Things Conference!
@j-rico.bsky.social, Senior Program Manager @orcwg.org at @eclipse.org is on stage in Amsterdam delivering the keynote “Will the CRA Break Open Source in #IoT, or Make It Stronger?”
#EclipseFdn #opensource #CyberResilienceAct
@j-rico.bsky.social, Senior Program Manager @orcwg.org at @eclipse.org is on stage in Amsterdam delivering the keynote “Will the CRA Break Open Source in #IoT, or Make It Stronger?”
#EclipseFdn #opensource #CyberResilienceAct
Why attend the Code & Compliance Community Day?
1️⃣ Deepen your understanding of the #CRA
2️⃣ Be part of the discussions shaping CRA compliance
3️⃣ Attend the OpenForum Europe's roundtable “Solving the Standardisation Dilemma”
orcwg.org/blog/code-co...
www.eclipse-foundation.events/event/Code-a...
1️⃣ Deepen your understanding of the #CRA
2️⃣ Be part of the discussions shaping CRA compliance
3️⃣ Attend the OpenForum Europe's roundtable “Solving the Standardisation Dilemma”
orcwg.org/blog/code-co...
www.eclipse-foundation.events/event/Code-a...
September 8, 2025 at 7:21 AM
Why attend the Code & Compliance Community Day?
1️⃣ Deepen your understanding of the #CRA
2️⃣ Be part of the discussions shaping CRA compliance
3️⃣ Attend the OpenForum Europe's roundtable “Solving the Standardisation Dilemma”
orcwg.org/blog/code-co...
www.eclipse-foundation.events/event/Code-a...
1️⃣ Deepen your understanding of the #CRA
2️⃣ Be part of the discussions shaping CRA compliance
3️⃣ Attend the OpenForum Europe's roundtable “Solving the Standardisation Dilemma”
orcwg.org/blog/code-co...
www.eclipse-foundation.events/event/Code-a...