Post Syndicated from original https://lwn.net/Articles/914840/

NLnet Labs has put up a
blog entry warning about the possible effects of the “Cyber Resilience
Act” proposal in the European Commission.

We feel the current proposal misses a major opportunity. At a high
level the ‘essential cybersecurity requirements’ are not
unreasonable, but the compliance overhead can range from tough to
impossible for small, or cash-strapped developers. The CRA could
bring support to open-source developers maintaining the critical
foundations of our digital society. But instead of introducing
incentives for integrators or financial support via the CRA, the
current proposal will overload small developers with compliance
work.