Hello Dan and all,

 

On the content of the CRA - one of my favorite topic 😉. A few things to pinpoint:

-EU published earlier this month a “CRA guidelines document” -> https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/16959-Draft-Commission-guidance-on-the-Cyber-Resilience-Act_en 
with especially section 3 “ free and open-source software” and so part of section 7 related to due diligence for cybersecurity risk assessment.

-Eclipse ORC has also published recently on  voluntary security Attestations: Attestations in Progress | Open Regulatory Compliance Working Group and associated template proposal: cra-attestations/proposals/gen-two-tier-approach.md at main · orcwg/cra-attestations

-Zephyr project published also recently a good information page on CRA including a section about Zephyr as an open source steward : EU Cyber Resilience Act (CRA) — Zephyr Project Documentation

 

Regards,

 

Eric Finco

 

 

Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: logo_big5

Eric FINCO | Tel: +33 (0)2 4402 7154

MDG | Technical Specialist

Fellow, Technical Staff College (TSC) France Board Chairman

 

 

From: Dan Handley via TSC <tsc@lists.trustedfirmware.org>
Sent: Thursday, March 19, 2026 11:03 AM
To: tsc@lists.trustedfirmware.org
Subject: [TF-TSC] TSC agenda 2026-03-09

 

Hi all

 

I only have a few small topics for today's TSC so I'm not expecting a long meeting (yes, I know I've said that before). Please let me know if you have anything else.

 

 

Regards

 

Dan.