The Eclipse Foundation Launches OCCTET Project to Speed CRA Compliance

August, 14, 2025

The Eclipse Foundation, one of the world’s largest open source software foundations, today announced the launch of the OCCTET project, a European Commission-funded initiative aimed at helping small and medium-sized enterprises (SMEs) and open source developers navigate compliance with the Cyber Resilience Act (CRA).

The Open Source Compliance: Comprehensive Techniques and Essential Tools (OCCTET) project brings together a consortium of industry leaders, cybersecurity experts, and open source advocates to build free, open source tools that make regulatory compliance more accessible, transparent, and cost-effective.

...

Webinar Replay: Introducing OCCTET – Open Source Compliance & Security in Action

July, 1, 2025

This recorded webinar is a follow-up to the OpenChain & Friends conference held in Stuttgart (April 2025), where the OCCTET project was introduced for the first time.

The session featured presentations by Andreas Kotulla (Bitsea) and Martin von Willebrand (DoubleOpen), and included engaging discussion with participants on best practices for OSS compliance automation.

Watch the full webinar replay online to discover how OCCTET is shaping the future of open source security and compliance.

Webinar - From regulation to solution: How the Cyber Resilience Act is reshaping the cybersecurity landscape

June, 16, 2025 | 2:00pm - 3:00pm CET

Digital regulations like the Cyber Resilience Act (CRA) are reshaping how companies approach cybersecurity. While the goal is to improve the security of digital products and services, small and medium-sized enterprises (SMEs) often struggle with putting these rules into practice.

This is where the OCCTET project comes in. The project is building a practical, open-source toolkit designed to help SMEs meet CRA requirements more easily, without creating unnecessary costs or complexity. The toolkit is being shaped directly by feedback from SMEs and experts to ensure it reflects the real challenges faced by small businesses.

During this online workshop, participants will gain insights into the project’s progress, get an exclusive first look at the forthcoming toolkit, and learn how their feedback can contribute to shaping the final version. Attendees will also have the opportunity to register as early users to test the toolkit and become part of a growing community helping to refine and implement its features.

Deliverable: CRA SME/FOSS Requirements and Self-Assessment

Thursday, April 22, 2025

This OCCTET publication explores the concrete needs and obstacles that SMEs and FOSS contributors face when it comes to complying with the Cyber Resilience Act. The Report is based on input from SMEs and FOSS stakeholders through interviews, surveys, and focus groups. It also draws expert consultations and a broad review of compliance literature and case studies.

Workshop Needs Analysis Report

Thursday, April 03, 2025

The findings of the Needs Analysis Workshop are now available in our report, which outlines the key takeaways and recommendations based on SME input. Just click this news or access the report directly in the Resources/Workshop section of our website.

OCCTET Needs Analysis Workshop

Monday, March 17, 2025

The Cyber Resilience Act (CRA) introduces new cybersecurity requirements for digital products, impacting SMEs, open-source developers, and software vendors across Europe. As compliance deadlines approach, many SMEs face uncertainty about how to meet these obligations, what tools to use, and what steps to take.

As part of its mission to simplify CRA compliance, OCCTET is hosting a Needs Analysis Workshop to gather insights from SMEs and key stakeholders. The goal is to identify compliance challenges, assess cybersecurity preparedness, and ensure that the OCCTET open-source toolkit is built to address real SME needs.

Agenda

• Introduction to the OCCTET Project & Toolkit - Mikael Barbero (Eclipse Foundation)
• Needs Analysis Miro Board Session - Davide Iaccarino (European DIGITAL SME Alliance)
• Conclusion and Q&A

What to Expect from the Workshop

• Introduction to OCCTET: Learn about the project’s mission, its objectives, and how it will help SMEs comply with the CRA.
• Overview of the OCCTET Toolkit: Discover how the open-source compliance toolkit will support SMEs in managing cybersecurity risks and regulatory requirements.
• Interactive MIRO Board Session: Engage in a collaborative discussion to map SME challenges and define the key features that the toolkit should include.
• Q&A & Discussion: Share your thoughts, ask questions, and contribute directly to the project’s development.

This workshop is a key opportunity for SMEs to voice their challenges and influence the development of practical tools that will help them meet CRA requirements. By participating, you will be helping shape an accessible, open-source compliance solution tailored to SME needs.

Webinar - The Cyber Resilience Act and the Open-Source Community: Understanding the Impact and Managing Compliance

Monday, January 27, 2025

On 27 January 2025, OCCTET hosted a webinar diving into the Cyber Resilience Act (CRA) and its impact on SMEs, open-source community, and the broader digital landscape. With expert insights from our partners at the Eclipse Foundation, as well as contributions from the European Cyber Security Organisation (ECSO), the session explored the challenges and opportunities the CRA presents for open-source security and compliance.

The discussion covered key aspects of the CRA, including its new requirements for digital products, what it means for open-source developers, and how SMEs can navigate compliance more effectively. As part of OCCTET’s mission to support businesses in adapting to these changes, we also introduced how our open-source compliance toolkit will help SMEs meet CRA obligations with practical, accessible solutions.