With the introduction of the EU Cyber Resilience Act a number of interesting questions are raised. This talk focus on the EU CRA and discuss some of the implication when applied to Free and Open Source Software licensed under Copyleft licenses such as the GPL.

The EU CRA introduces, under some circumstances, an obligation to contribute upstream if there are vulnerabilities, what will best practices be to manage this obligation in permissively licensed project respective in Copyleft licensed projects, how will this impact customer agreements, R&D collaborations and similar.