Hi, I’ve dived a bit into the Cyber Resilience Act (CRA) and would like to share some useful resources, for those interested in this topic.
- Webinar ’ The Cyber Resilience Act and Open Source: What Maintainers Really Need to Know’, 27 May 2025
- Can really recommend this one, they clearly describe what the CRA is and what effect it has on FOSS projects/maintainers
- CRA FAQ, with many often asked questions answered
- Recommended (and made) by the experts of the webinar
- Linux Foundation course on CRA
General advice from the webinar experts: Read up to date resources. Many blog posts written 2 years ago are outdated and many issues raised back then are solved (so no need to panic 
).