As the world’s most popular open source content management system, WordPress acknowledges the European Union’s initiative to bolster the cybersecurity of digital hardware and software products with the Cyber Resilience Act (CRA). The Act’s effort to counter the increasing threat of cyberattacks and promote informed usage of digital products with increased security updates and transparency is commendable.
While we wholly endorse the objectives of the CRA, we are apprehensive about the Act’s implications on open source software due to unclear terms and definitions.
Specifically, the Act’s prohibition on “unfinished software” and ambiguous definition of “commercial activity” could inadvertently inhibit innovation and economic participation in the European digital landscape.
Open source projects, like WordPress, often rely on continual updates and improvements—a process that may technically fall under the label of “unfinished.” Furthermore, the ambiguous definition of “commercial activity” could unintentionally encompass open source projects that are largely driven by communities and operate on a not-for-profit basis.
Our letter to the EU Commission
We have jointly authored an open letter addressing these concerns alongside fellow open source projects Drupal, Joomla!, and TYPO31. The letter emphasizes the significant contribution of Free and Open Source Software (FOSS) to the EU’s economy and how the proposed regulations might undermine these efforts. Our shared goal is to further bolster the security of digital products without compromising the values of freedom, democracy, and innovation inherent to both the open source community and the EU’s Aims and Values.
The letter invites the EU Commission and interested parties to participate in a seminar in Brussels to discuss how we can align the objectives of the CRA with the realities and needs of the FOSS community. We are optimistic that, with mutual understanding and cooperation, we can achieve secure digital products without limiting the vital contributions of open source projects.