Eclipse working group to address cybersecurity, AI regulations

The Eclipse Foundation has launched the Open Regulatory Compliance Working Group (ORC WG) to address evolving global regulations aimed at improving software quality and security.

The working group’s formation follows Eclipse’s initial partnering with the Apache Software Foundation and other open source organizations in April. Announced September 24, the initiative looks to support participants globally across the open source community, including developers, enterprises, industries, and open source foundations, in navigating and adhering to evolving regulatory frameworks. In particular, the working group, with members such as the Python Software Foundation and the Rust Foundation, plans on helping companies navigate European Union regulatory requirements such as the Cyber Resilience Act (CRA), along with EU AI and data sovereignty measures.

CRA is a legal framework that describes cybersecurity requirements for hardware and software products with digital elements placed on the market of the EU. Plans call for the working group to engage with regulatory bodies and governments to enhance their understanding of the unique open source development model.

“The Open Regulatory Compliance Working Group was created to bridge the gap between regulatory authorities and the open source ecosystem, ensuring organizations and developers can leverage open source technologies while remaining compliant with evolving global regulations,” said Eclipse Executive Director Mike Milinkovich, in a statement.

The working group will formalize industry best practices and offer resources to help organizations navigate regulatory requirements across multiple jurisdictions. It also intends to assist government entities in providing greater legal certainty to the open source ecosystem and software supply chain. An overall objective is the elevation of software quality and security in open source projects.

As of September 24, participant organizations in the working group included:

Apache Software Foundation

Blender Foundation

Robert Bosch GmbH

CodeDay

The Document Foundation

FreeBSD Foundation

iJUG

Lunatech

Matrix.org Foundation

Mercedes-Benz Tech Innovation GmbH

Nokia

NLnet Labs

Obeo

Open Elements

OpenForum Europe

OpenInfra Foundation

Open Source Initiative (OSI)

Open Source Robotics Foundation (OSRF)

OWASP

Payara Services

The PHP Foundation

Python Software Foundation

Rust Foundation

SCANOSS

Siemens

Software Heritage