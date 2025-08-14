MENAFN - GlobeNewsWire - Nasdaq) EU-funded open source initiative delivers free tools to help SMEs and developer teams meet Cyber Resilience Act requirements

BRUSSELS, Aug. 14, 2025 (GLOBE NEWSWIRE) -- The Eclipse Foundation , one of the world's largest open source software foundations, today announced the launch of the OCCTET project , a European Commission-funded initiative aimed at helping small and medium-sized enterprises (SMEs) and open source developers navigate compliance with the Cyber Resilience Act (CRA).

The Open Source Compliance: Comprehensive Techniques and Essential Tools (OCCTET) project brings together a consortium of industry leaders, cybersecurity experts, and open source advocates to build free, open source tools that make regulatory compliance more accessible, transparent, and cost-effective.

“Compliance with the CRA is a multi-year journey that organisations need to prioritise now,” said Mike Milinkovich, executive director of the Eclipse Foundation.“Even companies that understand the urgency often lack the in-house expertise required to navigate this process. OCCTET is designed to make the path to compliance as easy as possible, and it complements our broader efforts to ensure the open source community has the resources it needs to thrive under this new regulatory landscape.”

The Cyber Resilience Act introduces mandatory cybersecurity requirements for all digital products, including software, sold in the EU. It applies to manufacturers, software vendors, and maintainers, requiring them to adopt secure development practices and handle vulnerabilities transparently across their entire software supply chains. The CRA entered into force as of December 2024, and organisations now face a pressing timeline to meet the new requirements before they take effect.

For many SMEs, the biggest challenge is knowing where to begin. With limited resources and little in-house compliance expertise, they often find themselves overwhelmed. Open source software, now estimated to be present in as much as 96% of all commercial software (Harvard Business School, March 2025 ), further complicates compliance efforts, as it is typically developed and maintained by decentralised communities rather than controlled by a single vendor.

OCCTET addresses these challenges by delivering open, collaborative solutions that reduce the complexity and cost of CRA compliance, allowing SMEs to focus on innovation without sacrificing security.

The OCCTET toolkit will provide a comprehensive suite of resources tailored to the needs of SMEs, including:



CRA Compliance Checklist

Conformity Assessment Specifications

Automated Evaluation Methods and Tools

A Federated Database platform for publishing OSS component assessments, allowing contributions from multiple stakeholders

Inventories of Automatic Dependency Analysis Tools A Reporting Tool for generating documentation and evidence

Full details on the toolkit, participating organisations, and how to get involved can be found at . For project news and updates, sign up for the OCCTET mailing lis .

The Eclipse Foundation is also advancing other CRA-focused efforts, including the Open Regulatory Compliance (ORC) Working Group , which is actively developing community-driven resources and specifications to support CRA implementation across open source ecosystems. To learn more and get involved, visit orcwg.org or explore the CRA Hub on GitHub .

