Seth,
Did that party identify any specifics regarding the EU-CRA open-source expectations that they are most concerned about?
Business Cyber Guardian is seeking to understand more details about the EU-CRA, specifically we are interested in knowing who/what is considered an “open-source software steward” and what are the obligations of an open-source software steward.
Thanks,
Dick Brooks

Active Member of the CISA Critical Manufacturing Sector,
Sector Coordinating Council – A Public-Private Partnership
Never trust software, always verify and report! ™
Risk always exists, but trust must be earned and awarded.™
https://businesscyberguardian.com/
Email: dick@xxxxxxxxxxxxxxxxxxxxxxxxx
Tel: +1 978-696-1788
Hello all, hope you are doing well.
I was shared this example by Jarek Potiuk from Airflow, a case where an open source maintainer is planning to completely remove their project from PyPI due to the CRA uncertainty and obligations. I think this shows how important having a factual, up-to-date, TLDR-style blog post about the current state of affairs would be from our group, especially for open source projects under foundations and those maintained by individuals.