[1] Products with digital elements mainly are hardware and software whose "intended and foreseeable use includes direct or indirect data connection to a device or network".[8] The background, purposes and motivations for the proposed policy include:[9] According to The Washington Post, the CRA could make the EU a leader on cybersecurity and "change the rules of the game globally".[10] About 90% of products with digital elements fall under a default category, for which manufacturers will self-assess security, write an EU declaration of conformity, and provide technical documentation.[27][26] The Council text further stipulates that prior to seeking compulsory certification, the European Union executives must undertake an impact assessment to evaluate both the supply and demand aspects of the internal market, as well as the member states' capacity and preparedness for implementing the proposed schemes.This is the first time this has appeared in a regulation, and it will be interesting to see how this evolves.The OSI noted Debian's statement that many small businesses and solo developers would have trouble navigating the act when redistributing open source software[6] remained unaddressed.[5] Apache reviewed the changes positively while worrying about applicability of the CRA on potentially critical open-source components and stressing the importance of collaboration with international standards bodies to ease certification of software.
FSFE
Policy Consultant Alexander Sander summarizes key concerns in March 2023.
[
36
]