Good morning, I just published an extended, written version of my RIPE talk in the open-source wg [1] with NLnet Labs' perspective on the European Commission's proposal for a Cyber Resilience Act vs. Open Source: https://blog.nlnetlabs.nl/open-source-software-vs-the-cyber-resilience-act/ We feel the current proposal misses a major opportunity. The CRA could bring support to open-source developers maintaining the critical foundations of our digital society. But instead of introducing incentives for integrators or financial support, the current proposal will overload small developers with compliance work. At the same time, this is only the Commission's proposal. I hope there is opportunity to raise awareness and influence the coming positions and negotations. I'm very grateful to the many people in the RIPE community that talked to me after my presentation. I feel my understanding of the issue is improving. Curious to hear what you think, how you feel this affects the projects you rely on and what we have yet to learn about the implications. kind regards, Maarten [1] https://ripe85.ripe.net/archives/video/911