On November 20, 2024 the Cyber Resilience Act (CRA) was published in Official Journal of the European Union, starting a three year race for compliance by the global technology industry. This legislation sets new cybersecurity requirements that manufacturers and the open source projects they rely upon must meet.

In this presentation, we will provide an overview of these compliance requirements and outline how the Open Regulatory Compliance (ORC) Working Group of the Eclipse Foundation is collaborating in the open with numerous open source foundations, SMEs, and the industry to address them.