State of the E-Union - EU Legislation relevant to Debian, specifically CRA Standardisation

Speaker: Ilu

Track: MiniDebConf Hamburg

Type: Long talk

Room: Dock Europe Seminarraum

Time: May 04 (Sun): 10:30

Duration: 0:45

European legislation has been busy covering software development and distribution, aiming at increasing the security of products sold in the EU single market: Cyber Resilience Act (CRA), Product Liability Directive (PLD), AI Act and - still in legislative limbo - CSAM Regulation. Allthough this legislation is primarily limited to the EU jurisdiction the scope of it all tries to be worldwide.

Now it’s time for the EU and its organisations ETSI, CEN and CENELEC to develop technical standards on how the CRA is supposed to be implemented. Projects - even if exempt from direct CRA oblications - will be affected by these technical standards. The outcome of the standardization process can be good or bad depending on whose interests prevail.

The talk will give an overview of the present state of affairs and of the engagement of the FOSS community. If there is enough time, I would also like to discuss which steps Debian can take to help our downstream users to comply with CRA requirements and standards.