Concerns over the European Union’s Cyber Resilience Act (CRA)

As the world’s most popular open source content management system, WordPress acknowledges the European Union’s initiative to bolster the cybersecurity of digital hardware and software products with the Cyber Resilience Act (CRA). The Act’s effort to counter the increasing threat of cyberattacks and promote informed usage of digital products with increased security updates and transparency is commendable.

While we wholly endorse the objectives of the CRA, we are apprehensive about the Act’s implications on open source software due to unclear terms and definitions.

Specifically, the Act’s prohibition on “unfinished software” and ambiguous definition of “commercial activity” could inadvertently inhibit innovation and economic participation in the European digital landscape.

Open source projects, like WordPress, often rely on continual updates and improvements—a process that may technically fall under the label of “unfinished.” Furthermore, the ambiguous definition of “commercial activity” could unintentionally encompass open source projects that are largely driven by communities and operate on a not-for-profit basis.

Our letter to the EU Commission

We have jointly authored an open letter addressing these concerns alongside fellow open source projects Drupal, Joomla!, and TYPO31. The letter emphasizes the significant contribution of Free and Open Source Software (FOSS) to the EU’s economy and how the proposed regulations might undermine these efforts. Our shared goal is to further bolster the security of digital products without compromising the values of freedom, democracy, and innovation inherent to both the open source community and the EU’s Aims and Values.

The letter invites the EU Commission and interested parties to participate in a seminar in Brussels to discuss how we can align the objectives of the CRA with the realities and needs of the FOSS community. We are optimistic that, with mutual understanding and cooperation, we can achieve secure digital products without limiting the vital contributions of open source projects.

Read the letter

Drupal, Joomla!, TYPO3, and WordPress are the most popular FOSS content management systems on the web today. While all are based on the PHP programming language and distributed under the GPL open source license, each platform takes a different approach to website publishing. With strength in diversity, they form the Inter-CMS Working Group, promoting the values and benefits of free and open source software. ︎

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Our letter to the EU Commission

Leave a Comment Cancel reply