The Eclipse Foundation has announced the formation of the Open Regulatory Compliance Working Group (ORC WG), which they say will support participants across the open source community in navigating and adhering to evolving regulatory frameworks.

The group will aim to help developers, enterprises, industries, and open source foundations, and will also work closely with governments and regulatory bodies "to enhance their understanding of the unique open source development model".

The driver for creating the group is the increasingly regulated software supply chain, according to the foundation. Mike Milinkovich, executive director of the Eclipse Foundation, said in a statement:

"Given the impact of software technology on the global economy, it is unsurprising that governments worldwide are enacting new regulations to safeguard privacy, security, and accessibility. The Open Regulatory Compliance Working Group was created to bridge the gap between regulatory authorities and the open source ecosystem."

The group will work to formalise industry best practices and offer resources to help organisations. In practical terms, its immediate focus will be the European Cyber Resilience Act (CRA). The act, which is due to be implemented before the end of 2024, covers products or software with a digital component, and requires the introduction of mandatory cybersecurity requirements.

There has been support for establishing the working group from a broad range of open source organisations and private companies and participant organisations at the time of the launch include:

Apache Software Foundation (ASF), Blender Foundation, Robert Bosch GmbH, CodeDay, The Document Foundation, FreeBSD Foundation, iJUG, Lunatech, Matrix.org Foundation, Mercedes-Benz Tech Innovation GmbH, Nokia, NLnet Labs, Obeo, Open Elements, OpenForum Europe, OpenInfra Foundation, Open Source Initiative (OSI), Open Source Robotics Foundation (OSRF), OWASP, Payara Services, The PHP Foundation, Python Software Foundation, Rust Foundation, SCANOSS, Siemens, and Software Heritage.

The new working group will focus on ensuring compliance with the new legislation, and will look at the development of cybersecurity process specifications and best practices aligned with the requirements of the CRA. The group has already secured formal liaison status with the European Committee for Standardization (CEN) and the European Committee for Electrotechnical Standardization (CENELEC), and is now actively pursuing working relationships with other European and National Standards Organizations to expand its contribution on regulatory standards.

The group is also offering a series of webinars with European Commission staff to help inform the open source community about the EU's legislative process. It is also developing a central resource to house all relevant CRA-related content, including webinars, glossaries, flowcharts, and FAQs. 

More Information

Open Regulatory Compliance Working Group Participation Page

European Cyber Resilience Act

Related Articles

Eclipse Launches Dataspace Working Group

EU Cyber Resilience Act Reduces Python Risk

Python Software Foundation Raises EU Open Source Concerns

Eclipse Foundation Forms Open VSX Working Group

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Comments

Make a Comment or View Existing Comments Using Disqus

or email your comment to: comments@i-programmer.info