OpenWrt One vs. EU Cyber Resilience Act
Denver Gingerich
denver at ossguy.com
Fri Jan 19 15:32:00 PST 2024
On Fri, Jan 19, 2024 at 09:18:02PM +0100, Hauke Mehrtens wrote:
> The EU is working on a EU Cyber Resilience Act to improve the software
> security of (consumer) software and (consumer) hardware which contains
> software. This should be similar to the CE sign, but for software.
> https://en.wikipedia.org/wiki/Cyber_Resilience_Act
>
> After the successful lobbying of multiple open source organizations non
> commercial open source software developer would be exempt from this
> regulation. As far as I understood the OpenWrt project would not be affected
> by this regulation, but if a vendor uses OpenWrt on a router, this vendor
> has to make sure that his product including OpenWrt is compliant when
> selling onto the EU market. With the OpenWrt One we or Banana Pi could also
> get required to take care of this regulation.
>
> Did someone look into the requirements needed to make OpenWrt compliant to
> the EU Cyber Resilience Act for a commercial entity?
>
> Did someone look into this regulation with the OpenWrt One project in mind?
Yes, per your email, we at SFC looked into this today. SFC believes that the compliance with this regulation will be the manufacturer's responsibility.
Denver Gingerich
Director of Compliance
Software Freedom Conservancy
More information about the openwrt-devel
mailing list