Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [open-regulatory-compliance] hEN for open source software compliance Annex III and Annex IV

I believe ETSI intends to provide the vertical standards that the ESR requests. I am talking to them about including open source projects in this process under the auspices of OSI's ETSI membership..

S.


On Tue, Dec 10, 2024 at 11:03 AM Steffen Zimmermann via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:

Hi all,

 

coming from the standardization meeting last week, I have a question to the group.

 

At WG9 of CEN/CLC/JTC13 the work is on the “horizontal standards” of Annex I, based on the official but not yet published standardization request by the European Commission.

The standardization request of the European Commission is also asking for the development of “vertical standards” for PdE listed in Annex III and Annex IV.

This should be of very high concern, because for products in Annex III (and Annex IV) a manufacturer’s self-declaration is only possible when a harmonized standard (hEN) is fully applied by the manufacturer of the PdE – this is of course also applicable to software.

 

That means: If a hEN is not cited in the OJEU in three years, manufacturers need to go to a third party for conformity assessment with the CRA essential requirements.

 

That means: If no one is working on a hEN for a product category of Annex III, it is likely that products in this category will need a third-party assessment. These standards need to be “homegrown” standards developed and published by either CEN/CENELEC or ETSI. ISO/IEC standards cannot be hENs but can get cited. Industry standards cannot get cited because they are outside of the “accepted path”. You can find more information on hEN here: https://boss.cen.eu/developingdeliverables/pages/en/pages/enforojeu/

 

Therefore, do we have an overview of groups working on hEN for (open source) software products in Annex III?

For example, for:

 

  • IAM Solutions, PAM Solutions
  • Browsers
  • Password Managers
  • Antivirus
  • VPN Software
  • SIEM
  • Boot Manager
  • PKI Software
  • Operating Systems
  • Smart Home Virtual Assistants
  • …?

 

Mit den besten Grüßen,

 

Steffen Zimmermann

Industrial Security @ VDMA

 

 
_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org


--
Simon Phipps
Managing Director, Meshed Insights Ltd.
Open Source and Digital Rights Business Strategy
Office: +1 (415) 683-7660 or +44 (238) 098 7027
Signal/Mobile:  +44 774 776 2816 


Back to the top