Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[open-regulatory-compliance] hEN for open source software compliance Annex III and Annex IV
  • From: Steffen Zimmermann <steffen.zimmermann@xxxxxxxx>
  • Date: Tue, 10 Dec 2024 11:01:57 +0000
  • Accept-language: de-DE, en-US
  • Arc-authentication-results: i=3; mx.microsoft.com 1; spf=pass (sender ip is 52.17.62.50) smtp.rcpttodomain=eclipse.org smtp.mailfrom=vdma.org; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=vdma.org; dkim=pass (signature was verified) header.d=vdma.org; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=vdma.org] dkim=[1,1,header.d=vdma.org] dmarc=[1,1,header.from=vdma.org])
  • Arc-authentication-results: i=2; mx.avanan.net; arc=pass; dkim=none header.d=none
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=vdma.org; dmarc=pass action=none header.from=vdma.org; dkim=pass header.d=vdma.org; arc=none
  • Arc-message-signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4EzoD0CIAToJuXw4t24OlJN3EbfalLh2pO3ncVwUcHg=; b=EWnBB9vqTuJ8dXjJrUs3OulxJdqcg3RD49OV7YIIPSqN2eeLUhSwU9KctJqO2EvZD9t7kTiZRtEeYfHnkKEdqy045BRtpt8atqzQB7I3DLkGKC0WYy+G7plgjggeOTGNb/p+gpHVzZ51BWV2IYFdcFAx2/R+aWKxT6ocep5eoyoWqq5E4UhhoI+bD8Sbmq/j6l4w7UwYG3+KEdOXP73HMDe9hDiHHh0kzuZcAOgfcSPpyMKUAci0DNP2pfg6fj2VNlStpj3Ie6fuQtwzEu1PzKWjDdlMNS9kPZTUneu8TGjBa9UHevdA3yRK8Zbc8qudLjbgAmwEI/HA/VypAqyyjw==
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=avanan.net; s=arcselector01; t=1733828566; h=from : to : subject : date : message-id : content-type : mime-version; bh=4EzoD0CIAToJuXw4t24OlJN3EbfalLh2pO3ncVwUcHg=; b=I4kzIJcthxjB4UbrvJVspYbqjPxOu4kVlMtjS+qhaZGsh8O627OMQT4GJS0H/oXDtmcfL GPzNxDhGUqtWC8KLN5bIB1AkbuVmwVKVdZItEzqRe7itdaHzcFVitrkeHMYOx60wYxwb6eV jORZXfyva9PEDMSS0V+J1/0ZyG5o+6A=
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4EzoD0CIAToJuXw4t24OlJN3EbfalLh2pO3ncVwUcHg=; b=X9I266BhQqETDRnXjrjFzyFZvjrHzHbjXORwL2Ye3jobxDRMDkhImPtTV/TRsFmMoTTmSpw3gZLGulu9YHyB2Z7aR9m/FRGsdTzhJFc6t2k7n/NjCLD/YYdBs6c7Nn9Tc3k3ZjjpIKyHMvihJktyYfdgDLIScx6XSCnQ6wzO1oX00y7eQaAmCeY95EVZ+sCNYvXew57bAeiyg2A0EbJQe1GNAf6thXytlory2FD0nALw7jgd8oINUP8IPvT932Huu9VxXbys6H1bN8U03Kdl4niED/ka4/oCUYIOY/5vYd/RhW24UCAmgUC8MF6L/5pvhe5w1nLTiLwNLaTIZzG7ww==
  • Arc-seal: i=3; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=UHNvA47okxsSF5GSaK0VNsQVD7Zd8pZe7tG8Ci5Rbsd3miqxhZ3n3XUYBLRFDUxSqYp0UbCVXjHEHEHMzwcO+dpuJ0kcl5+IfRCQAk0ex1XM3QIC6G+wEIyYVfVrQUG4ZSl4kW3vB/4GojYKF0LII+l4E7fwvcnOQAUVOhPhImpJXO1NjbKXYLAnoNS0sZretoOajnF22Ym3Eh5Cw9tG6gbv4zAXgQFh0pVDZt/JMJBKiW7/LOGFHqpQQqfC55CjrdkxKRFe4u3OKTB+Of54GPZCyp2xui3xI0Y9CrmwOZLLh/sYAuDrt8UIfCLpoMd6MWeOpNHqJiHq1jyTE8HpUQ==
  • Arc-seal: i=2; cv=pass; a=rsa-sha256; d=avanan.net; s=arcselector01; t=1733828566; b=e/oI+pHieiTqpP+NsZ87dmogJMh5DGjnUF8LbFRbUu+r1Dcrrm8MtvD8MH5XiLyHDk/Za +6qnXSoN8gnyJ2Aq9ZdS9L4q6eIVUZsQbTfZNbgEcJP/KbB0+Kfz7j7IID+nJ+2eBgVLJix 7xHBlzgnwmzcyrl0GV2Xx5Km9NwNHmA=
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=EulEstjevFSxYWlIDGmCLw92tViNHkDEdyekIIr6sKrpzKtVew6w0kpz5fd2c4US7qMrxZwj1TxtXkeMQfQZY98hM3MkHzzAX9yWr+XyQL3gOsG+UUFzQPSHRcWVNKMvaK4a+o5FvC4dOX71cKjIWAUutdSrFi28Rb3jpP5gC+4sl2vzsxBCbxb2yWlyCh96Nz/sFxsmRuuhbU9wKEZXB2IgNW8hqWyUO8pfEpuDFROmus8sYiJVYcaKh6Mz+dXhBfHGwOrYVfS1A3Pf/qc+Itxnauph+ioxkvnqxPlzR+od2RQCXo42+d/F4RwSARX6D/C1NecMKMAraO6zzSlhpg==
  • Delivered-to: open-regulatory-compliance@xxxxxxxxxxx
  • List-archive: <https://www.eclipse.org/mailman/private/open-regulatory-compliance/>
  • List-help: <mailto:open-regulatory-compliance-request@eclipse.org?subject=help>
  • List-subscribe: <https://www.eclipse.org/mailman/listinfo/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=subscribe>
  • List-unsubscribe: <https://www.eclipse.org/mailman/options/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=unsubscribe>
  • Thread-index: AQHbSvLtBuT8zq6kjEKwMRsqKxiGGw==
  • Thread-topic: hEN for open source software compliance Annex III and Annex IV

Hi all,

 

coming from the standardization meeting last week, I have a question to the group.

 

At WG9 of CEN/CLC/JTC13 the work is on the “horizontal standards” of Annex I, based on the official but not yet published standardization request by the European Commission.

The standardization request of the European Commission is also asking for the development of “vertical standards” for PdE listed in Annex III and Annex IV.

This should be of very high concern, because for products in Annex III (and Annex IV) a manufacturer’s self-declaration is only possible when a harmonized standard (hEN) is fully applied by the manufacturer of the PdE – this is of course also applicable to software.

 

That means: If a hEN is not cited in the OJEU in three years, manufacturers need to go to a third party for conformity assessment with the CRA essential requirements.

 

That means: If no one is working on a hEN for a product category of Annex III, it is likely that products in this category will need a third-party assessment. These standards need to be “homegrown” standards developed and published by either CEN/CENELEC or ETSI. ISO/IEC standards cannot be hENs but can get cited. Industry standards cannot get cited because they are outside of the “accepted path”. You can find more information on hEN here: https://boss.cen.eu/developingdeliverables/pages/en/pages/enforojeu/

 

Therefore, do we have an overview of groups working on hEN for (open source) software products in Annex III?

For example, for:

 

  • IAM Solutions, PAM Solutions
  • Browsers
  • Password Managers
  • Antivirus
  • VPN Software
  • SIEM
  • Boot Manager
  • PKI Software
  • Operating Systems
  • Smart Home Virtual Assistants
  • …?

 

Mit den besten Grüßen,

 

Steffen Zimmermann

Industrial Security @ VDMA

 

 

Back to the top