The European Commission revealed on December 11 the members of its Cyber Resilience Act (CRA) Expert Group, following a public call for applications that ran in October of this year. This diverse group brings together individual experts, industry leaders, Member State agencies, and non-governmental organizations (NGOs), reflecting the wide-ranging impact of the Cyber Resilience Act.
The tasks of the CRA Expert Group
The CRA Expert Group has been tasked with supporting European Commission’s Directorate-General for Communications Networks, Content, and Technology (DG CONNECT) in several critical areas:
- Assisting in the preparation of policy initiatives and delegated acts related to the cybersecurity of digital products. Delegated acts are non-legislative acts adopted by the European Commission that serve to amend or supplement the non-essential elements of the legislation.
- Facilitating collaboration between Member States, stakeholders, and the European Commission on the implementation of cybersecurity policies.
- Offering guidance to stakeholders to aid compliance with Union legislation and ensure a smooth implementation process.
- Sharing best practices and experiences, particularly in areas like standardization, security marks, and support for small and medium-sized enterprises (SMEs).
These tasks underline the importance of broad stakeholder participation in shaping cybersecurity policy, ensuring that new regulations align with industry realities and address the evolving challenges of the digital landscape.
A broad and diverse membership
The CRA Expert Group is composed of representatives from multiple sectors:
- Individual experts, selected for their specialized knowledge in cybersecurity.
- Industry stakeholders, including major International European companies and trade associations but also International American companies such as Cisco and Microsoft (with GitHub as a key subsidiary).
- Member State representatives, with countries like Spain and Belgium contributing multiple agencies, while others such as Germany and Denmark have no representation.
- 4 NGOs, of which three are open source software foundations: The Apache Software Foundation, OpenSSF, and the Eclipse Foundation.
The inclusion of open source foundations underscores the essential role of open source software in the global digital ecosystem. These NGOs bring valuable insights into the unique challenges and opportunities of open source security, contributing to a well-rounded perspective on the CRA's implementation.
Collaboration as the cornerstone of strengthened security
The makeup of the CRA Expert Group reflects the EU's dedication to a collaborative, multi-stakeholder approach to cybersecurity. By engaging voices from industry, government, and civil society, the group is positioned to tackle the CRA’s objectives while addressing the growing complexity of cybersecurity threats.
The Eclipse Foundation welcomes the opportunity to work closely with fellow NGOs and other stakeholders in the Expert Group. This collective effort aims to ensure the CRA fosters a dynamic, secure, and innovative open source ecosystem—one that benefits not only Europe but also the global community.
Achieving these goals will require ongoing dialogue, technical expertise, and a shared resolve to meet cybersecurity challenges head-on. The Eclipse Foundation is committed to advancing solutions that reconcile regulatory demands with the core principles of openness and innovation that drive the open source model.
Eclipse Foundation and Open Regulatory Compliance WG
The Eclipse Foundation, through the Open Regulatory Compliance Working Group (ORC WG), serves as a collaborative hub where the open source community is warmly invited to share their insights, concerns, and contributions regarding regulatory compliance. Recognizing that the voice of the open source ecosystem is critical in shaping policies like the CRA, the ORC WG acts as a bridge between the community and key stakeholders, including industry leaders, policymakers, and regulatory bodies.
By fostering an open and inclusive environment, the ORC WG ensures that the thoughts and contributions of the open source community are heard and effectively communicated to the institutions that matter most. Together, we aim to advocate for an open, secure, and innovation-friendly future while addressing the challenges posed by new regulations.
Join the ORC WG and Make Your Voice Heard!
We invite you to join us in Brussels during FOSDEM week! On January 29th, we’ll be hosting our event, “The EU Cyber Resilience Act is Here! Now What?”, where we’ll discuss the implications of the CRA. Then, on January 30th, we’ll dive into the “Open Regulatory Compliance Working Group Activities”, showcasing our ongoing efforts and opportunities for collaboration. We look forward to welcoming you!
For further details on the CRA Expert Group and its members, visit the European Commission's Expert Groups Register. To get involved with the Open Regulatory Compliance Working Group, visit https://orcwg.org.
