Eclipse Foundation Establishes New Open Source Compliance Initiative

• By John K. Waters
• 09/30/24

The Eclipse Foundation has launched the Open Regulatory Compliance Working Group (ORC WG), dedicated to helping the global open source community navigate increasingly complex regulatory landscapes. As governments worldwide impose new regulations on software technology, including cybersecurity and privacy laws, the ORC WG seeks to offer guidance and best practices to open source participants, including developers, enterprises, and organizations.

The working group will focus on ensuring compliance with evolving legal frameworks while collaborating with regulatory bodies to inform them about the unique nature of open source development. Backed by leading global technology companies and open source foundations, the initiative is designed to safeguard the use of open source software while maintaining compliance with standards.

Mike Milinkovich, executive director of the Eclipse Foundation, highlighted the importance of aligning open source practices with regulatory requirements, particularly as governments impose new legislation such as the European Cyber Resilience Act (CRA).

"Given the impact of software technology on the global economy, it is unsurprising that governments worldwide are enacting new regulations to safeguard privacy, security, and accessibility," Milinkovich said in a statement. "The Open Regulatory Compliance Working Group was created to bridge the gap between regulatory authorities and the open source ecosystem, ensuring organizations and developers can leverage open source technologies while remaining compliant with evolving global regulations."

The group will focus initially on the CRA, aiming to help open source projects comply with its provisions by developing cybersecurity process specifications and collaborating with European authorities to provide timely guidance. The working group has also secured formal liaison status with European standards organizations, signaling its commitment to influencing regulatory standards.

The initiative has already attracted significant support from prominent players, including the Apache Software Foundation, Nokia, Siemens, and Mercedes-Benz Tech Innovation, among others. These organizations emphasize the importance of ensuring that regulations like the CRA are implemented in ways that protect open source innovation while meeting the highest standards of security and compliance.

"The CRA will impact open source users and producers alike," said David Nalley, president of the Apache Software Foundation, in a statement. "Legislators will benefit from the brain trust of open source organizations that Eclipse has brought together to ensure that the legislation is crafted in a way that protects all parties."

In addition to its focus on the CRA, the ORC WG aims to formalize industry best practices for regulatory compliance across jurisdictions and provide essential resources, such as webinars and compliance materials, to educate the broader open source community.