Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [open-regulatory-compliance] Draft Technical Descriptions

Olle,

 

Thanks, I wasn’t aware of that open issue. This is exactly what I’m asking for more info.

 

Will someone be assembling comments covering our concerns/issues to submit before the comment period expires, 15 April 2025?

 

Thanks,

 

Dick Brooks

  

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

Risk always exists, but trust must be earned and awarded.

https://businesscyberguardian.com/

Email: dick@xxxxxxxxxxxxxxxxxxxxxxxxx

Tel: +1 978-696-1788

 

 

From: Olle E. Johansson <oej@xxxxxxxxxx>
Sent: Monday, March 17, 2025 3:57 AM
To: dick@xxxxxxxxxxxxxxxxxxxxxxxxx; Open Regulatory Compliance Working Group <open-regulatory-compliance@xxxxxxxxxxx>
Subject: Re: [open-regulatory-compliance] Draft Technical Descriptions

 

There is an open issue on this:

/O

On 16 Mar 2025, at 14:15, Dick Brooks via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:

 

Maybe a comment is in order for the web service api scenario. How does this look:

 

“Under what scenarios should a Web Service API be considered in scope for the EU CRA?”

 

Any others with a better way to phrase this question… 

 

Thanks,

 

Dick Brooks

   

Active Member of the CISA Critical Manufacturing Sector, 

Sector Coordinating Council – A Public-Private Partnership

 

Risk always exists, but trust must be earned and awarded.™

Tel: +1 978-696-1788

 

 

From: Idelberger, Florian (IIWR) <florian.idelberger@xxxxxxx> 
Sent: Saturday, March 15, 2025 6:02 PM
To: Dick Brooks <dick@xxxxxxxxxxxxxxxxxxxxxxxxx>; Open Regulatory Compliance Working Group <open-regulatory-compliance@xxxxxxxxxxx>
Cc: Tobie Langel <tobie@xxxxxxxxxxxxxx>
Subject: Re: [open-regulatory-compliance] Draft Technical Descriptions

 

Within such a product, which is not usable without the WebAPIs and part of the „data processing solution“ as Tobie said would be in scope. However WebAPIs by themselves, offered as a service, might not be in scope. (for example, depends on the context I guess)

 

-- 
Dr. Florian Idelberger


Karlsruher Institut für Technologie (KIT)
Zentrum für Angewandte Rechtswissenschaft (ZAR)
Institut für Informations- und Wirtschaftsrecht
Vincenz-Prießnitz-Str. 3, D-76131 Karlsruhe

E-Mail: florian.idelberger@xxxxxxx

KIT - Universität des Landes Baden-Württemberg und
nationales Forschungszentrum in der Helmholtz-Gemeinschaft




Am 15.03.2025 um 17:41 schrieb Dick Brooks via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx>:

 

Thanks for sharing your insights Tobie. Much appreciated. 

 

Many of the product listed in Annex I and Annex II depend on “Web Service API’s” to function, for example:

 

17. Smart home products with security functionalities, including smart door locks, security cameras, baby monitoring systems and alarm systems 

 

Does this example imply that the Web Service API’s used by these devices are also in scope for the EU CRA requirements?

 

Thanks for your help in understanding these details.

 

Thanks,

 

Dick Brooks

<image012.png>  <image013.png> <image014.png>

Active Member of the CISA Critical Manufacturing Sector, 

Sector Coordinating Council – A Public-Private Partnership

 

Risk always exists, but trust must be earned and awarded.™

Tel: +1 978-696-1788

 

 

From: Tobie Langel <tobie@xxxxxxxxxxxxxx> 
Sent: Saturday, March 15, 2025 12:25 PM
To: dick@xxxxxxxxxxxxxxxxxxxxxxxxx; Open Regulatory Compliance Working Group <open-regulatory-compliance@xxxxxxxxxxx>
Subject: Re: [open-regulatory-compliance] Draft Technical Descriptions

 

Thanks for your question, Dick.

 

The product categories listed in this draft regulation are only for important and critical categories. Most products that are in scope of the CRA are actually not part of those two categories. I opened an FAQ on the topic here: https://github.com/orcwg/cra-hub/issues/166.

 

Additionally, wrt your question about Web APIs, it depends whether they're part of the remote data processing solutions of products who are in scope of the CRA (in which case they're also in scope, see FAQ tmp-2) or not (in which case they're not in scope, see FAQ tmp-156).

 

Hope this helps.

 

--tobie

 

On Fri, Mar 14, 2025 at 6:56PM Dick Brooks via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:

Before I open my big mouth and submit comments, I want to get some help from this group.

 

Looking at the product categories listed in Annex I of the standards request, I can’t determine if a “Web Service API” will be “in scope”.

 

Does anyone have thoughts on this? Are “Web Service API” products considered in scope based on the Annex I and Annex II descriptions?

 

 

Thanks,

 

Dick Brooks

<image012.png> <image015.png> <image016.png>

Active Member of the CISA Critical Manufacturing Sector, 

Sector Coordinating Council – A Public-Private Partnership

 

Risk always exists, but trust must be earned and awarded.™ 

Tel: +1 978-696-1788

 

 

From: open-regulatory-compliance <open-regulatory-compliance-bounces@xxxxxxxxxxx> On Behalf Of Steffen Zimmermann via open-regulatory-compliance
Sent: Thursday, March 13, 2025 7:50 PM
To: open-regulatory-compliance@xxxxxxxxxxx
Cc: Steffen Zimmermann <steffen.zimmermann@xxxxxxxx>
Subject: [open-regulatory-compliance] Draft Technical Descriptions

 

Hi all,

as you might have seen already, the Draft Technical Descriptions have been published on the EC website. 

Time until April 10th for comments. 

The Expert Group CRA of the will then be in charge, together with the Commission, to improve the definitions based on the comments received. 

 

Best Regards,

Steffen Zimmermann
Industrial Security @ VDMA

_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org

_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit 
https://accounts.eclipse.org

 

_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit 
https://accounts.eclipse.org

 


Back to the top