- Edri-cra-discussion - mailman.edri.org

by Jan Penfrat (EDRi)

Hi all, Sorry this list has fallen silent a bit. The final CRA is going to be approved in Plenary soon and I as wondering if we all agree with what most of the FOSS community has said about the result: that it is OK. I understand it's not great and in particular wrt security updates we would have wanted more, but is it correct to tell people who ask that we're generally rather supportive of the CRA as it has been agreed, or at least that we don't have any major issues with it? Thanks for any issues you'd like to flag! Jan -- JAN PENFRAT (he/him) Senior Policy Advisor Mobile/Signal: +32 470 839 044 Matrix: @jan:penfrat.net EUROPEAN DIGITAL RIGHTS www.edri.org <https://www.edri.org>| Mastodon <https://eupolicy.social/@ilumium>| PGP <https://edri.org/files/pgp-keys/janpenfrat.asc> /Working days are Monday-Thursday/ <https://edri.org/take-action/stay-up-to-date-with-edris-newsletters/>

1 month, 2 weeks

3
4
0 0

CRA trialogue

by Walter van Holst

Apparently there is progress on the Cyber Resilience Act: https://www.consilium.europa.eu/en/press/press-releases/2023/11/30/cyber-re…

4 months, 3 weeks

1
0
0 0

Reducing EDRi office engagement on CRA

by Diego Naranjo

Dear all, As you have not doubt noticed, there has been less engagement on the Cyber Resilience Act (CRA) from EDRi office side these past weeks. The first reason is that in order to stem the attention required for the *large number of policy processes Jan is currently following* (DMA and DSA enforcement, Health Data Spaces, Net Neutrality and EDRi IT needs). In addition to our workload, there is a *larger number of stakeholders working on CRA compared to other pieces of legislation*, especially in the areas of free software exemption, vulnerability handling, and security patch periods... Because of both reasons, we decided to de-prioritise our work on the CRA for the time being. Jan will participate in one last speaking event on a Microsoft-led panel on vulnerability handling on Thursday morning at 9am and then *he will be on parental leave in November and December*. In the meantime, please contact me directly for any immediate questions or actions EDRi should be involved in regarding the CRA. Once Jan is back from his leave in January, and following the (upcoming EDRi) office and EDRi network discussions on the EDRi office 2024 work plan, we can re-discuss what kind of priority we can allocate to this file. I hope this will work for you. Jan and I thank you for your understanding for this kind of difficult decisions. Any feedback is of course most welcome! Best regards, Diego -- DIEGO NARANJO Head of Policy EUROPEAN DIGITAL RIGHTS www.edri.org <https://www.edri.org>| @_DiegoNaranjo <https://twitter.com/_DiegoNaranjo>| Phone: +32 489 229 779 (Signal/WhatsApp) *From July 2023 EDRi is trialing a four-day week. Our working days are Monday-Thursday*

6 months

1
0
0 0

Vrijschrift to Dutch Parliament: EU Cyber Resilience Act will harm competitiveness

by Ante Wessels

Dear all, Vrijschrift to Dutch Parliament: EU Cyber Resilience Act will harm competitiveness The EU Cyber Resilience Act (CRA) proposal aims to make products containing software and software itself more secure. [1] This objective is endorsed by Vrijschrift. The Minister of Economic Affairs and Climate has written to the Senate that concerns regarding open source software have been “extensively addressed” by means of a recital. However, recitals do not have independent legal force; the amendments of the Council of the EU are ineffective. The CRA, if adopted in this form, will seriously harm the open source ecosystem and the competitiveness of the European economy. https://www.vrijschrift.org/serendipity/index.php?/archives/262-Vrijschrift… kind regards, Ante

6 months, 2 weeks

2
2
0 0

Status? Timelines

by Walter van Holst

Hi all, Do we know what opportunities are left for amendments? What the timelines are now? Regards, Walter

8 months

1
0
0 0

[Sign-on] Open letter on vulnerability disclosure in the CRA

by Jan Penfrat (EDRi)

Dear EDRis, Thank you for allowing me to cross-post this so everyone has seen it: While the overall work on the Cyber Resilience Act <https://edri.org/our-work/the-cyber-resilience-act-how-to-make-europe-more-…> is going rather well (as compared to other legislative dossiers I assume), one of the problems that still persists: The EP wants to compel manufacturers of connected devices to notify the EU's Agency for Cybersecurity ENISA <https://en.wikipedia.org/wiki/European_Union_Agency_for_Cybersecurity> about details of unpatched security vulnerabilities. Given EU member states' track record of state-sanctions hacking, we believe it's a bad idea to create government-run databases full of zero-day exploits. I have therefore drafted an open letter to lawmakers working on the CRA <https://cloud.edri.org/index.php/s/aK6BJD2DpTs2JkF> to fix that problem and would like to kindly ask you to *co-sign it individually if you can _by Monday, 12 June at noon_*. Please also let me know should you have any major concerns with the draft letter. Thanks a lot! Jan -- JAN PENFRAT SENIOR POLICY ADVISOR EUROPEAN DIGITAL RIGHTS Rue Belliard 12, B-1040 Brussels Matrix: @jan:penfrat.net Phone: +32 2 274 25 76 www.edri.org <https://www.edri.org>| Mastodon <https://eupolicy.social/@ilumium>| PGP <https://edri.org/files/pgp-keys/janpenfrat.asc> Subscribe to the EDRi-gram to become a digital rights connoisseur! <https://edri.org/take-action/edri-gram/> Subscribe to the EDRi-gram. <https://edri.org/take-action/edri-gram/>

10 months, 2 weeks

5
6
0 0

Re: Danti AMs CRA

by Walter van Holst

On 09-05-2023 11:34, Jan Penfrat (EDRi) wrote: > Hi Alex, > > I have only skimmed the Danti report > <https://www.europarl.europa.eu/doceo/document/ITRE-PR-745538_EN.pdf> so > far, but here is my first impression. I'm also CC'ing PI, Epicenter and > Vrijschrift.org to get their views. Dear Jan, Thank you, will try to dive into this between now and the Belgrade GA. Regards, Walter P.S. There is a mailinglist for the CRA now (see cc)

11 months, 3 weeks

1
0
0 0

by Walter van Holst

Going by https://single-market-economy.ec.europa.eu/system/files/2022-09/COM_2022_49… I see the same problems as with the CRA. Is this part of our ongoing discussions with BEUC, OFE and MEPS? Regards, Walter

1 year, 1 month

2
1
0 0

2024

2023

Edri-cra-discussion ----- 2024 ----- April 2024 March 2024 February 2024 January 2024 ----- 2023 ----- December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023

Edri-cra-discussion