Are you our next OCCTET tester?

February, 12, 2026

We are looking for a new testing round of the OCCTET.eu tooling, and we are looking for pioneering SMEs and Open Source Projects to join.

If you want early access, insights, and the chance to shape a new compliance solution, this is for you!

What you will get

Selected SMEs/Open Source Projects will benefit from an automated analysis of their product or software, including:

• complete dependency analysis within supported technologies
• inspection of dependency versions and management practices
• identification of vulnerabilities across all dependencies
• creation of product-specific, standardised SBOMs
• generation of additional compliance and audit artefacts

All at no cost — we simply ask for your feedback throughout the process.

How it works

Your product source code repository will be analyzed by the OCCTET tooling, powered by the open source OSS Review Toolkit and ORT-server, further developed within the OCCTET project. Your data will be processed confidentially in our European ISO27001-certified hosting.

How to show interest

Please fill out the OCCTET Interest Form below stating your interest and a short description of the product you develop. We will get back to you to let you know if you were selected.

OCCTET Community Surpasses 150 SME Members!

December, 4, 2025

We are proud to announce that the OCCTET Community has passed 150 European SMEs who have already joined our network! 🙌✨

The community is a space where SMEs can:

• Test and validate tools and solutions related to the Cyber Resilience Act
• Connect with a network of companies, experts and stakeholders shaping Europe's cybersecurity landscape
• Contribute real feedback to make solutions SME-friendly and future-proof

In a fast-moving digital environment, it's not enough to react, you need to take part in building Europe's secure and resilient future!

Are you our next cybersecurity changemaker? Join us and become part of the community!

Check Your Cybersecurity Compliance in Minutes

September, 18, 2025

OCCTET is proud to introduce its first self-assessment web-app, created to help SMEs take the first step toward stronger cybersecurity and easier compliance with European regulations such as the Cyber Resilience Act.

This free, easy-to-use tool gives SMEs an instant picture of their current cybersecurity and compliance status, highlights gaps and priorities, and points them toward practical resources from the OCCTET toolkit, including a compliance checklist, automated evaluation tools, a federated OSS assessment database, and reporting features.

By trying the web-app, organisations do not just gain a clearer view of their own readiness; they also join a growing OCCTET Community of early testers and contributors who are shaping the toolkit to reflect real SME needs. Together we are building an open, practical and community-driven approach to cybersecurity compliance, and this web-app marks the first step in that journey.

The Eclipse Foundation Launches OCCTET Project to Speed CRA Compliance

August, 14, 2025

The Eclipse Foundation, one of the world’s largest open source software foundations, today announced the launch of the OCCTET project, a European Commission-funded initiative aimed at helping small and medium-sized enterprises (SMEs) and open source developers navigate compliance with the Cyber Resilience Act (CRA).

The Open Source Compliance: Comprehensive Techniques and Essential Tools (OCCTET) project brings together a consortium of industry leaders, cybersecurity experts, and open source advocates to build free, open source tools that make regulatory compliance more accessible, transparent, and cost-effective.

...

Webinar Replay: Introducing OCCTET – Open Source Compliance & Security in Action

July, 1, 2025

This recorded webinar is a follow-up to the OpenChain & Friends conference held in Stuttgart (April 2025), where the OCCTET project was introduced for the first time.

The session featured presentations by Andreas Kotulla (Bitsea) and Martin von Willebrand (DoubleOpen), and included engaging discussion with participants on best practices for OSS compliance automation.

Watch the full webinar replay online to discover how OCCTET is shaping the future of open source security and compliance.

Webinar - From regulation to solution: How the Cyber Resilience Act is reshaping the cybersecurity landscape

June, 16, 2025 | 2:00pm - 3:00pm CET

Digital regulations like the Cyber Resilience Act (CRA) are reshaping how companies approach cybersecurity. While the goal is to improve the security of digital products and services, small and medium-sized enterprises (SMEs) often struggle with putting these rules into practice.

This is where the OCCTET project comes in. The project is building a practical, open-source toolkit designed to help SMEs meet CRA requirements more easily, without creating unnecessary costs or complexity. The toolkit is being shaped directly by feedback from SMEs and experts to ensure it reflects the real challenges faced by small businesses.

During this online workshop, participants will gain insights into the project’s progress, get an exclusive first look at the forthcoming toolkit, and learn how their feedback can contribute to shaping the final version. Attendees will also have the opportunity to register as early users to test the toolkit and become part of a growing community helping to refine and implement its features.

Deliverable: CRA SME/FOSS Requirements and Self-Assessment

Thursday, April 22, 2025

This OCCTET publication explores the concrete needs and obstacles that SMEs and FOSS contributors face when it comes to complying with the Cyber Resilience Act. The Report is based on input from SMEs and FOSS stakeholders through interviews, surveys, and focus groups. It also draws expert consultations and a broad review of compliance literature and case studies.

Workshop Needs Analysis Report

Thursday, April 03, 2025

The findings of the Needs Analysis Workshop are now available in our report, which outlines the key takeaways and recommendations based on SME input. Just click this news or access the report directly in the Resources/Workshop section of our website.

OCCTET Needs Analysis Workshop

Monday, March 17, 2025

The Cyber Resilience Act (CRA) introduces new cybersecurity requirements for digital products, impacting SMEs, open-source developers, and software vendors across Europe. As compliance deadlines approach, many SMEs face uncertainty about how to meet these obligations, what tools to use, and what steps to take.

As part of its mission to simplify CRA compliance, OCCTET is hosting a Needs Analysis Workshop to gather insights from SMEs and key stakeholders. The goal is to identify compliance challenges, assess cybersecurity preparedness, and ensure that the OCCTET open-source toolkit is built to address real SME needs.

Agenda

• Introduction to the OCCTET Project & Toolkit - Mikael Barbero (Eclipse Foundation)
• Needs Analysis Miro Board Session - Davide Iaccarino (European DIGITAL SME Alliance)
• Conclusion and Q&A

What to Expect from the Workshop

• Introduction to OCCTET: Learn about the project’s mission, its objectives, and how it will help SMEs comply with the CRA.
• Overview of the OCCTET Toolkit: Discover how the open-source compliance toolkit will support SMEs in managing cybersecurity risks and regulatory requirements.
• Interactive MIRO Board Session: Engage in a collaborative discussion to map SME challenges and define the key features that the toolkit should include.
• Q&A & Discussion: Share your thoughts, ask questions, and contribute directly to the project’s development.

This workshop is a key opportunity for SMEs to voice their challenges and influence the development of practical tools that will help them meet CRA requirements. By participating, you will be helping shape an accessible, open-source compliance solution tailored to SME needs.

Webinar - The Cyber Resilience Act and the Open-Source Community: Understanding the Impact and Managing Compliance

Monday, January 27, 2025

On 27 January 2025, OCCTET hosted a webinar diving into the Cyber Resilience Act (CRA) and its impact on SMEs, open-source community, and the broader digital landscape. With expert insights from our partners at the Eclipse Foundation, as well as contributions from the European Cyber Security Organisation (ECSO), the session explored the challenges and opportunities the CRA presents for open-source security and compliance.

The discussion covered key aspects of the CRA, including its new requirements for digital products, what it means for open-source developers, and how SMEs can navigate compliance more effectively. As part of OCCTET’s mission to support businesses in adapting to these changes, we also introduced how our open-source compliance toolkit will help SMEs meet CRA obligations with practical, accessible solutions.