2026-09-12 –, D.0.02
The European Union Cyber Resilience Act (CRA) and its various international analogs are entering fully into force during 2026 and 2027, with new legal requirements that some have found to be perilous or challenging to software developers and possibly for open source developers in particular.
This session takes the approach that the challenging legal requirements provide a wealth of opportunities for software engineers in the free software space to, finally, be allowed to perform proper software engineering. We offer practical advice on what to do and how to navigate the choppy seas of legalisms, and to position yourself with best practices and proper tooling integrated in your development workflow.
This talk is based on the article with the same name, https://nxdomain.no/~peter/what_hascan_eu_cra_donedo_for_you.html which was also the base for my presentation at BSDCan 2026. This talk will come with any relevant updates that happen by the time of the EuroBSDCon 2026 conference.
Peter N. M. Hansteen is a devops and network security consultant, writer, and sysadmin based in
Bergen, Norway. In addition to writing The Book of PF (4th ed forthcoming), Hansteen is longtime free unixlikes advocate, a frequent lecturer on OpenBSD and FreeBSD topics, an occasional contributor tech magazines and websites and co-organizer of Unix user groups and BSD-themed conferences. Fun fact: Before setting out to write about PF and BSDs in general, Hansteen was a participant in the original RFC 1149 implementation team.