Maarten Aertsen - The EU regulating (open source) software: the proposed Cyber Resilience Act


The Cyber Resilience Act (CRA) a legislative proposal by the European Commission affecting almost all hardware and software on the European market. It intends to ensure cybersecurity of products with digital elements by laying down requirements and obligations for manufacturers. NLnet Labs has voiced concerns about the effects on the open-source ecosystem.

In this talk, Maarten will update the community on what happened since the European Commission presented its proposal. The audience will learn what the CRA is, where the current discusion seems to be at and how the community is likely to be affected going forward.


Maarten Aertsen is senior internet technologist at NLnet Labs. Founded in 1999, NLnet Labs is a small, independent public benefit organisation contributing to the robustness, security and reliability of the Internet and the privacy of its users. The Internet runs on NLnet Labs: its open-source software and work on open standards for the Domain Name System and (safe) inter-domain routing are used globally.

Maarten’s role is to bring NLnet Labs’ expertise to policy making bodies, including governments, regulators and multi-stakeholder forums. As an engineer interested in the legal, social and economic factors underlying the working of the Internet, he enjoys bridging between technical and policy audiences.