The Open Regulatory Compliance Working Group will assist open source participants with adhering to global regulatory requirements such as the EU's Cyber Resilience Act. Credit: / Shutterstock The Eclipse Foundation has launched the Open Regulatory Compliance Working Group (ORC WG) to address evolving global regulations aimed at improving software quality and security. The working group’s formation follows Eclipse’s initial partnering with the Apache Software Foundation and other open source organizations in April. Announced September 24, the initiative looks to support participants globally across the open source community, including developers, enterprises, industries, and open source foundations, in navigating and adhering to evolving regulatory frameworks. In particular, the working group, with members such as the Python Software Foundation and the Rust Foundation, plans on helping companies navigate European Union regulatory requirements such as the Cyber Resilience Act (CRA), along with EU AI and data sovereignty measures. CRA is a legal framework that describes cybersecurity requirements for hardware and software products with digital elements placed on the market of the EU. Plans call for the working group to engage with regulatory bodies and governments to enhance their understanding of the unique open source development model. “The Open Regulatory Compliance Working Group was created to bridge the gap between regulatory authorities and the open source ecosystem, ensuring organizations and developers can leverage open source technologies while remaining compliant with evolving global regulations,” said Eclipse Executive Director Mike Milinkovich, in a statement. The working group will formalize industry best practices and offer resources to help organizations navigate regulatory requirements across multiple jurisdictions. It also intends to assist government entities in providing greater legal certainty to the open source ecosystem and software supply chain. An overall objective is the elevation of software quality and security in open source projects. As of September 24, participant organizations in the working group included: Apache Software Foundation Blender Foundation Robert Bosch GmbH CodeDay The Document Foundation FreeBSD Foundation iJUG Lunatech Matrix.org Foundation Mercedes-Benz Tech Innovation GmbH Nokia NLnet Labs Obeo Open Elements OpenForum Europe OpenInfra Foundation Open Source Initiative (OSI) Open Source Robotics Foundation (OSRF) OWASP Payara Services The PHP Foundation Python Software Foundation Rust Foundation SCANOSS Siemens Software Heritage Related content opinion The dirty little secret of open source contributions It isn’t the person making the contributions—it’s how easy the contributions make it to use the software. By Matt Asay Nov 18, 2024 4 mins Technology Industry Open Source news ‘Package confusion’ attack against NPM used to trick developers into downloading malware Attackers gunning for supply chains again, deploying innovative blockchain technique to hide command & control. By John E. Dunn Nov 06, 2024 4 mins Vulnerabilities Open Source Security news Meta offers Llama AI to US government for national security US government agencies and private sector partners can now use the Llama model, but many other restrictions on its use remain. By Prasanth Aby Thomas Nov 05, 2024 1 min Generative AI Open Source Artificial Intelligence news OSI unveils Open Source AI Definition 1.0 The Open Source AI Definition will provide a reference for determining whether an AI system is truly open source AI, OSI said. By Lynn Greiner Oct 28, 2024 7 mins Generative AI Open Source Artificial Intelligence Resources Videos