Time is ticking. The EU’s Cyber Resilience Act (CRA), which entered into force on 11 December 2024, now demands action.  With vulnerability reporting requirements beginning in September 2026, organisations have less than a year to prepare themselves for cyber resilience compliance. Join the Open Regulatory Compliance (ORC) Working Group to review recent progress, explore updated deliverables, and understand what you need to do, and when, to meet CRA obligations.

A clear timeline of forthcoming CRA compliance milestones and what they mean for your project or organisation

A recap of the ORC Working Group’s deliverables and milestones

Ways to get involved—contribute, collaborate, and shape how the manufacturers and open source projects can work together towards creating a long-lasting relationship.

Who should attend:
Open source contributors, maintainers, project leaders, stewards, and manufacturers of products with digital elements using open source technologies seeking concrete guidance on CRA readiness.

Why now:
With some CRA requirements becoming enforceable as early as September 2026, and others by late 2027, now is the time to prepare. Get the guidance you need to ensure CRA readiness and contribute to the open source community’s response.

Unpacking the CRA: Upcoming Deliverables and Deadlines