[LibreQoS] Fwd: Open-source software vs. the proposed Cyber Resilience Act

Dave Taht dave.taht at gmail.com
Mon Nov 14 05:23:51 EST 2022

---------- Forwarded message ---------
From: Alex Band <alex at nlnetlabs.nl>
Date: Mon, Nov 14, 2022 at 1:56 AM
Subject: Open-source software vs. the proposed Cyber Resilience Act
To: North American Network Operators' Group <nanog at nanog.org>

The NLnet Labs foundation is closely following a legislative proposal by the
European Commission called the Cyber Resilience Act (CRA), affecting almost
all hardware and software offered on the European market.

In the nearby future, manufacturers of toasters, ice cream makers and
(open-source) software will have something in common: to make their products
available on the European market, they will need to affirm their compliance
with EU product legislation by affixing the CE marking.

We have published background information and our views here:


The current proposal would require developers of open-source software deemed
both ‘critical’ and a ‘commercial activity’ to jump through elaborate and
potentially costly compliance hoops to make their software available in the
EU. What defines a 'critical product' and a 'commercial activity' is key for
this discussion.

Please get in touch with us if you have concerns or this affects you. Maarten
Aertsen <maarten at nlnetlabs.nl> is spearheading this initiative.

Kind regards,

Alex Band
NLnet Labs

This song goes out to all the folk that thought Stadia would work:
Dave Täht CEO, TekLibre, LLC

More information about the LibreQoS mailing list