CRA FAQ

The term Manufacturer is defined in Article 3(13) of the CRA:

‘manufacturer’ means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge;

Yes, a manufacturer can also be an open-source software steward.

This can happen whenever a manufacturer releases open source software and meets the requirements to be the open-source software steward of that project.

A manufacturer of commercial open source software can even be the open-source software steward of the community edition of the same project that it commercializes. In such a case, it has manufacturer obligations to its customers and steward obligations to the users of its community edition.

• If you fail to comply with the CRA, you will likely receive a letter or email from Market Surveillance Authorities asking you to address the issue.
• If you continue to fail to address the issue as a manufacturer, you could receive a fine. The fine will be proportional to the size of your organisation and how severely you broke the law.
• Microenterprises or small enterprises are exempted from fines relating to the obligation to notify authorities about vulnerabilities and severe incidents within 24 hours.

No. How a product is developed or financed does not determine manufacturer status under the CRA.

A company becomes a manufacturer only when it places a product on the market; meaning it supplies the product for distribution or use in the course of a commercial activity under its own name or trademark, whether for payment or free of charge (Article 3(13)).

A key factor is whether the company markets the product under their own name or trademark. Simply funding development or maintenance of an open source project does not make the funder a manufacturer (Recital 18).

No. Companies that get paid for open source development work are service providers, not manufacturers under the CRA.

The CRA applies to products being placed on the EU market, not to development services. A manufacturer is defined as a person who develops or manufactures products with digital elements and "markets them under its name or trademark" (Article 3(14)). A company providing contracted development services for open source software it is not responsible for is not marketing a product under its own name.

This distinction holds regardless of the client's status. Whether the client is an open-source software steward, a manufacturer, or another type of organization, the service provider relationship does not make the contractor a manufacturer. The determining factor is who places the product on the market under their name or trademark, not who performs the development work.