Concerns over the European Union’s Cyber Resilience Act (CRA)


As the world’s most popular open source content management system, WordPress acknowledges the European Union’s initiative to bolster the cybersecurity of digital hardware and software products with the Cyber Resilience Act (CRA). The Act’s effort to counter the increasing threat of cyberattacks and promote informed usage of digital products with increased security updates and transparency is commendable. 

While we wholly endorse the objectives of the CRA, we are apprehensive about the Act’s implications on open source software due to unclear terms and definitions.

Specifically, the Act’s prohibition on “unfinished software” and ambiguous definition of “commercial activity” could inadvertently inhibit innovation and economic participation in the European digital landscape.

Open source projects, like WordPress, often rely on continual updates and improvements—a process that may technically fall under the label of “unfinished.” Furthermore, the ambiguous definition of “commercial activity” could unintentionally encompass open source projects that are largely driven by communities and operate on a not-for-profit basis.

Our letter to the EU Commission

We have jointly authored an open letter addressing these concerns alongside fellow open source projects Drupal, Joomla!, and TYPO31. The letter emphasizes the significant contribution of Free and Open Source Software (FOSS) to the EU’s economy and how the proposed regulations might undermine these efforts. Our shared goal is to further bolster the security of digital products without compromising the values of freedom, democracy, and innovation inherent to both the open source community and the EU’s Aims and Values.

The letter invites the EU Commission and interested parties to participate in a seminar in Brussels to discuss how we can align the objectives of the CRA with the realities and needs of the FOSS community. We are optimistic that, with mutual understanding and cooperation, we can achieve secure digital products without limiting the vital contributions of open source projects.

  1. Drupal, Joomla!, TYPO3, and WordPress are the most popular FOSS content management systems on the web today. While all are based on the PHP programming language and distributed under the GPL open source license, each platform takes a different approach to website publishing. With strength in diversity, they form the Inter-CMS Working Group, promoting the values and benefits of free and open source software. ↩︎