The text discusses the Cyber Resilience Act (CRA) and its proposal for European standards bodies to develop standards for simplifying conformance. It raises concerns about the accessibility and control of European Standardisation Organizations (ESO) by corporate entities, which may impact Open Source projects. The three designated ESOs - CEN, CENELEC, and ETSI - are described as controlled by national industries and telecoms industries, with high membership fees and secret proceedings. Additionally, ETSI’s use of FRAND licensing is considered incompatible with Open Source communities. The text emphasizes the need for effective consultation and inclusion of the Open Source community in the development of related standards. Failure to do so may result in costly third-party process auditors for conformity assessment procedures.
| Signal | Change | 10y horizon | Driving force |
|---|---|---|---|
| European standards bodies to develop standards for simplifying conformance | From complex to simplified conformance | Conformance process will be easier and more streamlined | Need to address the accessibility and cost issues of European Standardisation Organizations (ESO) |
| European Standardisation Organizations (ESO) are corporate-controlled and expensive to engage | Need for more accessible and affordable ESOs | ESOs will be more accessible and affordable for Open Source projects | Desire to accommodate Open Source in EU policies |
| CEN, CENELEC, and ETSI are not accessible to Open Source projects | Need for Open Source-friendly standards development organizations | Open Source-friendly standards development organizations will be established | Lack of representation and compatibility of existing standards bodies with Open Source communities |
| European standards may not consider the development workflow of Open Source software | Need for standards that consider Open Source development process | Standards will take into account the workflow of Open Source software development | Lack of functional relationships and consultation between standards bodies and Open Source charities |
| Open Source community needs to be included in the standards development process | Need for effective consultation and inclusion of Open Source community | Open Source community will have a voice in the development of standards | Ensuring representation and avoiding fundamental errors in standards development process |
| Conformity assessment procedures may become costly for Open Source developers | Need for affordable conformity assessment procedures for Open Source | Affordable alternatives for conformity assessment will be available for Open Source developers | Financial constraints of Open Source developers in conformity assessment process |