As we publish this month’s ORC update, the community is right in the middle of Open Source Week in Brussels. With FOSDEM and a packed schedule of policy, compliance, and community discussions underway, the energy and relevance of our work has never been clearer. That momentum is echoed by the strong response to our Code & Compliance event, which sold out! This signals a community that is growing, engaged, and ready to build on its progress. We are starting 2026 with real traction and look forward to making some real progress on the Cyber Resilience Act (and other emerging regulations) over the coming year.
Timo Perala and Dirk-Willem van Gulik
ORC co-chairs
What’s New
- ORC has published its first whitepaper, Open Source Software Stewards and the Cyber Resilience Act, offering practical guidance on how the CRA defines the steward role, what obligations apply, and where open questions remain. Developed collaboratively by the ORC community, the paper reflects real-world open source experience and aims to support proportionate, workable CRA implementation.
- The full program for the Open Community for Compliance track at OCX 2026 is now live, featuring sessions that explore secure development practices, regulatory trends like the Cyber Resilience Act, and collaborative approaches to compliance within open source communities. This track brings together developers, legal experts, and industry leaders to share insights and practical guidance.
Registration is open. We hope to see you there. - We’re collecting feedback from industry and open source stakeholders to inform the voluntary security attestation efforts. Share your perspective by completing the survey by February 17.
- Roman Zhukov and James Lovegrove’s article “Making the Cyber Resilience Act Work for Open Source” was featured in The New Stack, exploring practical approaches for aligning open source stewardship and compliance with the EU’s Cyber Resilience Act and underscoring the importance of collaboration across the ecosystem as the regulation takes shape.
- We’re looking to collaborate with ORC members on articles and thought leadership that help advance understanding of Cyber Resilience Act. With support from the Eclipse Foundation’s experienced writers, we’re especially eager to work with manufacturers to share real-world perspectives. Interested? Get in touch and let’s tell these stories together.
Blog you might have missed
- FOSDEM and EU Open Source Week 2026: Key Events for the ORC Community
Late January in Brussels has become an important moment for anyone working at the intersection of open source and European regulation. In 2026, FOSDEM and EU Open Source Week again bring together developers, maintainers, policymakers, and organisations that are actively shaping how open source is developed, distributed, and used in Europe. - The ORC Community’s 4 Biggest Achievements of 2025
As we look back on 2025, it’s clear that this has been a year of remarkable growth and maturation for the ORC community. Our membership has expanded to 63 organisations, reflecting both the rising importance of open, collaborative security practices and the trust our stakeholders place in the work we are doing together.
Overheard
Upcoming Events
How to Participate
