Thanks to the advocacy of SZ Lin, OpenChain ISO/IEC 18974 has been officially referenced in the EU Cyber Resilience Act (CRA) harmonized standards discussion.
You will find OpenChain ISO/IEC 18974 cited in Slide 67 of the “CRA Standards Unlocked: Unlocking CRA Security Controls: preparation for UNE Event” from CEN CENELEC:
https://www.cencenelec.eu/media/CEN-CENELEC/Events/Webinars/2025/2025-09-08_webinar_unlocking_cra_security_controls_preparation_for_une_event.pdf
We are referenced alongside:
• ISO/EC TR 5895:2022 – Cybersecurity – Multi-party coordinated vulnerability disclosure and handling
• SO/EC 30111:2019 – Information technology – Security techniques – Vulnerability handling processes
• ISO/IEC 29147:2018 – Information technology – Security techniques – Vulnerability disclosure
What this means:
The value of our security standard has been positively recognized by the parties bringing together the official CRA standards / requirements portfolio.
It provides a door to both continue and expand our collaboration in this space. The precise next steps will be determined in collaboration with our community and the governing board.
Ideas welcome!
