Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [open-regulatory-compliance] What is the practical drop dead date for knowing specific obligations to satisfy EU-CRA evidentiary materials for open-source stewards

On Wed, Jan 8, 2025 at 4:08 PM Dick Brooks via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:

Given the current EU-CRA timeline, what would people consider to be the “drop dead” date when open-source stewards MUST know what evidentiary materials are expected to be provided to comply?

 

I know that “lead time” will need to consider the level of effort required to produce evidentiary materials, so that will need to be factored into whatever drop dead date is determined.

There is a defined milestone for December 11, 2025. Will the evidentiary requirements for open-source software stewards need to be identified before this deadline?



The one coming up the most quickly is the vulnerability management requirements.

--tobie

Back to the top