The European Union Cyber Resilience Act (CRA) and its various international analogs are entering fully into force during 2026 and 2027, with new legal requirements that some have found to be perilous or challenging to software developers and possibly for open source developers in particular.
This session takes the approach that the challenging legal requirements provide a wealth of opportunities for software engineers in the free software space to, finally, be allowed to perform proper software engineering. We offer practical advice on what to do and how to navigate the choppy seas of legalisms, and to position yourself with best practices and proper tooling integrated in your development workflow.
The session builds on the earlier "EU CRA: It's Later Than You Think, Time to Engineer Up!" https://nxdomain.no/~peter/eu_cra_its_later_than_you_think_time_to_engineer_up.html, but rewritten with advice specifically for open source developers to manage the challenges and opportunities to be found in the changing legal and technical evironment.