News

Eclipse Foundation Launches EU-Funded Project to Aid Cyber Resilience Act Compliance

• By John K. Waters
• August 20, 2025

The Eclipse Foundation said on Wednesday it has launched a European Commission-funded initiative to help small businesses and software developers comply with the EU's Cyber Resilience Act through free open-source tools.

The OCCTET (Open-Source Compliance: Comprehensive Techniques and Essential Tools) project will develop compliance checklists, automated evaluation tools, and a database for assessing open-source software components, the Brussels-based foundation said.

The Cyber Resilience Act, which entered force in December 2024, mandates cybersecurity requirements for all digital products sold in the EU. The legislation requires manufacturers and software vendors to adopt secure development practices and handle vulnerabilities transparently across their supply chains.

"Compliance with the CRA is a multi-year journey that organizations need to prioritize now," said Mike Milinkovich, executive director of the Eclipse Foundation, in a statement.

The regulation poses particular challenges for small and medium-sized enterprises, which often lack in-house compliance expertise. Open-source software, present in an estimated 96% of commercial software according to Harvard Business School research, complicates compliance efforts as it is typically developed by decentralized communities rather than single vendors.

OCCTET's toolkit will include conformity assessment specifications, automated dependency analysis tools, and reporting capabilities for generating compliance documentation.

The Eclipse Foundation, which hosts more than 400 open-source projects and is supported by over 300 members, is also developing additional compliance resources through its Open Regulatory Compliance Working Group.

The project consortium includes industry partners, cybersecurity experts, and open-source advocates, though the foundation did not specify the funding amount or project timeline.