Brussels / 4 & 5 February 2023


How regulating software for the European market could impact FOSS

The abstract

NLnet Labs and Red Hat are closely following two legislative proposals from the European Commission applicable to almost all hardware and software on the European market;

  • The Cyber Resilience Act (CRA), intends to cover products including digital elements, like software, with cybersecurity conformity requirements and obligations.
  • The new Product Liability Directive (PLD) is looking to extend liability for defective products to the world of software.

The audience will learn about the CRA and PLD from different angles: from their respective authors at the European Commission, from a small, public benefit organisation producing and supporting upstream open source software, and from organisations promoting, using and distributing open source software.

The session will be divided in two parts:

  • A series of lightning talks from representatives of the European Commission and NLnet Labs to introduce the subject.
  • A panel, moderated by Red Hat, with participation from Digital Europe, the EC Open Source Program Office, Red Hat and NLnet Labs to share views and opinions about the future of open source software within the current and future legal framework.

The session will be split into two parts as follow:

Lightning Talks (~45min)


  • Introduction to the Cyber Resilience Act by Benjamin Boegel from DG-CNECT at the European Commission
  • The Cyber Resilience Act from a NGO involved in open source by Maarten Aertsen, NLnet Labs
  • Introduction to the new Product Liability Directive by Omar Ennaji from DG-GROW at the European Commision

Panel (~45min)

The panel theme is: How to proceed as a community?


  • Maarten Aertsen, Sr Internet Technologist, NLnet Labs
  • Gijs Hillenius, IT Project Officer, EC DIGIT Open Source Program Office
  • Zoey Stambolliu, Sr Policy Manager, Digital Europe
  • Romuald Vandepoel, Chief Digital Advisor for Public Sector, Red Hat Inc.

supporting the panel:

  • Benjamin Bögel, Policy Officer, EC DG-CNECT
  • Omar Ennija, Legal and Policy Officer, EC DG-GROW

moderated by James Lovegrove, Public Policy Director, Red Hat Inc.


Photo of Romuald Vandepoel Romuald Vandepoel
Photo of Maarten Aertsen Maarten Aertsen