Strategies for complying with CRA when developing groundbreaking technology: What does CRA mean for Swedish organisations?
| Reference number | |
| Coordinator | Högskolan i Skövde |
| Funding from Vinnova | SEK 999 407 |
| Project duration | April 2025 - April 2026 |
| Status | Ongoing |
| Venture | Regulation and cutting-edge technology |
| Call | Rules and instruments for cutting-edge technology |
Purpose and goal
New cybersecurity requirements (CRA) from the EU pose new challenges for Swedish organisations that develop and use software. The CRA poses particular challenges for organisations that develop and use Free and Open Source Software (FOSS). The project investigates CRA with a focus on how CRA affects the conditions for continued use of FOSS within Swedish organisations, and develops concrete strategies and guidelines for how stakeholders who influence and are influenced by CRA should act.
Expected effects and result
The project strengthens Swedish organisations’ ability to comply with the requirements of new EU legislation (CRA) and contributes to continued opportunities to develop and use software within the EU. With a focus on small companies, the project contributes to learning about the consequences of CRA for organisations that depend on software that includes FOSS in cutting-edge technology areas. The project presents strategies for how stakeholders who affect, and are affected by, CRA should act.
Planned approach and implementation
The project is conducted in three sub-projects, which develop: (i) a review of how Swedish organisations that develop and use FOSS perceive CRA and the consequences of CRA for their own operations; (ii) an in-depth analysis of this review through workshops and interviews with experts from the reference group and other invited experts; and (iii) a legal analysis of CRA and develop guidance and recommendations for compliance with CRA when using FOSS.