Dear all,
As you have not doubt noticed, there has been less engagement on the Cyber Resilience Act (CRA) from EDRi office side these past weeks. The first reason is that in order to stem the attention required for the large number of policy processes Jan is currently following (DMA and DSA enforcement, Health Data Spaces, Net Neutrality and EDRi IT needs). In addition to our workload, there is a larger number of stakeholders working on CRA compared to other pieces of legislation, especially in the areas of free software exemption, vulnerability handling, and security patch periods... Because of both reasons, we decided to de-prioritise our work on the CRA for the time being.
Jan will participate in one last speaking event on a
Microsoft-led panel on vulnerability handling on Thursday morning
at 9am and then he will be on parental leave in November and
December. In the meantime, please contact me directly for
any immediate questions or actions EDRi should be involved in
regarding the CRA.
Once Jan is back from his leave in January, and following the
(upcoming EDRi) office and EDRi network discussions on the EDRi
office 2024 work plan, we can re-discuss what kind of priority we
can allocate to this file.
I hope this will work for you. Jan and I thank you for your
understanding for this kind of difficult decisions. Any feedback
is of course most welcome!
Best regards,
Diego
Head of Policy
EUROPEAN
DIGITAL RIGHTS
www.edri.org |
@_DiegoNaranjo |
Phone:
+32 489 229 779 (Signal/WhatsApp)