EU Cyber Resilience Act

European regulation extending “CE Mark” to software including free and open source software.

The OSGeo community has been attentively following the development of the European Cyber Resilience Act. This regulation aimed at mitigating the impact of security vulnerabilities on society (including aspects of economy, digital sovereignty and national security.) In practical terms this act extends the “CE Mark” regulation from devices (such as your toaster or phone) to software products.

This legislation as proposed places onerous obligations onto free and open-source projects and communities with the risk of excluding european participants from open-source leadership. Maintaining access to free and open source technologies is of paramount importance for European digital sovereignty.

The resulting obligations and liabilities will hamper innovation on one side but will also damage an important source of revenue in the EU market.

Our community has been active during this process lending their voice to concern, feedback, and moral objection (not everything is a product) – but also support. Software security is a priority for everyone involved.

How to Help

At the time of writing, regulators have received widespread feedback from the free and open-source community. It is reported that changes on this topic are expected to be endorsed in the upcoming 8 November session.

We ask that our members seek information on these upcoming changes and be informed. Some references and responses are provided at the end of this news announcement. Since this is an active topic we encourage you to seek current information.

As a community member your opinion, viewpoint and experience are valuable. If you are comfortable please contact your Member of the European Parliament and make yourself available to answer questions and share your experience of how free and open-source software works.

OSGeo Commitment

The Cyber Resilience Act by design will place considerable strain on the Open Source Geospatial Foundation and the service providers who power so much of our ecosystem. OSGeo is committed to supporting the projects in our care and we look forward to working with our community to meet this challenge.

OSGeo will participate in the upcoming EU Open Source Policy Summit 2024, asking Iván Sánchez Ortega to attend on our behalf.

Our mandate to “Empower everyone with open source geospatial” applies everywhere – including Europe.

For more information

Proposed Regulation :

Article 10 Discussion and feedback:

Article 11 Discussion and feedback:

OSGeo Sponsors

View all sponsors