[open-regulatory-compliance] Update to the Stewards white paper

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[open-regulatory-compliance] Update to the Stewards white paper

From: Juan Rico <juan.rico@xxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 12 May 2026 22:33:47 +0200
Arc-authentication-results: i=1; mx.google.com; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=to:subject:message-id:date:from:mime-version:dkim-signature; bh=0FOnV+svh6ljQjJYVcxSXO/Zvi3dg6SMERxHrKGeeSE=; fh=SCfeUaMlYc9/iNAUMxpUglgsJjMoeGKGo7vVVMAVqg8=; b=hFFfgPsKyl1S0+WZisjeHd9z0O7giQuF9NRW2ZrZIVr3AesO2AhfzzwUD66sltQoC+ 8aotQ1B9EsN/YCOj07thLXiXpEkeYjKmfpLSUVHKSL0OjmanWE1U6ISh0JzInAYXs7ss Jh1ShQxrqgKFOfn4VK0dVPT6VhsvfUoYGGlRm6YTeUw2mO/DHOzDu+/cImpMi7pEZLqo RHmTwrztjeurDq0qOfSUT+HNqcocsJBSYXL1a+Pia4rQrO6xaLVqDnDOtrQ6ERoHUMUn 9fx34ee7yXs3AXqhg1wbHL+ftok3fo8zpINwheAQvVpTo04l4Zpx780brhyeIUCyxwpk /asw==; darn=eclipse.org
Arc-seal: i=1; a=rsa-sha256; t=1778618039; cv=none; d=google.com; s=arc-20240605; b=lRQZVwGpz5m9t+f2xkuVmhy0TMexRXbz0/bB9G/1sN057sdTFS3v/QQNK9P4xNNzwg ++SByOeETZ37imZd6rb29fQUeOHfrzhH5IYlcKLg4We/xWBPwkMMeUscFJCb9jsIJk2T 7nc7XPoWM2YBzGSC2T8W+zjgFdtnmBqGdROAivv4l1KRUP2uDLJYg7MIS2wakfnpIqe1 G0G3pXed+dYoQcDb5gkDgiy7qgJlhPt3Uz49EvvZNP9z2QaDi8al7HcUorMzzVTAepIC uin2JmwyNriW+GqOAOmAoaCPyMmVzkWLH4NxzDNfDmLc1aU1Qmd9XclMsi5mTKIkWozu W5Yg==
Delivered-to: open-regulatory-compliance@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/open-regulatory-compliance/>
List-help: <mailto:open-regulatory-compliance-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=unsubscribe>

Dear ORC Community,

I'm happy to share that Mikael Barbero has updated the Stewards white paper to include the latest pieces of information available after the release of the last CRA guidance package.

Please take a look at the current version here, and share your thoughts and comments.

"Version 2.0 incorporates clarifications from the European Commission's draft guidance on the application of the CRA (Ares(2026)2319816, published 3 March 2026 for public consultation). Key additions and changes:

Steward definition context expanded: sustained support taxonomy, per-project determination, dual roles, not-for-profit exemption (Definition and Context)
Graduated reporting framework: three-tier model linking reporting duties to support type: non-technical, IT infrastructure, or engineering (Reporting Obligations Scaled by Type of Support)
"Becoming aware" threshold: aligned with NIS 2 and GDPR precedent (Becoming Aware)
Upstream reporting and sharing security fixes: Article 13(6) obligations and their interaction with the steward role (Upstream Reporting)
Contributors and downstream uses: contributor protection and manufacturer due diligence (Contributors and Downstream Uses)
Illustrative scenarios expanded: eight concrete cases covering all three reporting tiers (Illustrative Scenarios)
Open questions updated: split into resolved vs. remaining (Open Questions)"

Best regards,

Juan

Juan Rico

Eclipse Foundation: The Community for Open Collaboration and Innovation

Berliner Allee 47, 64295 Darmstadt

Handelsregister: Darmstadt HRB 92821

Managing Directors: Gaël Blondelle, Mike Milinkovich, Michael Plagge

Prev by Date: [open-regulatory-compliance] Minutes from the last SIG call - Attestations - due diligence discussion
Previous by thread: [open-regulatory-compliance] Minutes from the last SIG call - Attestations - due diligence discussion
Index(es):
- Date
- Thread

Breadcrumbs