Introduction – Why FOSS compliance matters today: legal exposure, rising regulatory demands under the Cyber Resilience Act (CRA), and growing supply chain accountability.
Legal Framework – Overview of license obligations, liability risks, and the intersection of open source compliance with regulatory requirements (CRA, AI Act, product safety law).
Risk-Based Approach – How organizations can tailor the depth and scope of compliance to project risk, software use, and supply chain complexity.
Practice and Tools – SBOMs, scanning tools, policy frameworks, and OpenChain implementation: what actually works to make compliance efficient and auditable.
CRA Integration – How FOSS compliance measures support CRA obligations, especially regarding documentation, security updates, and traceability.
Conclusion and Outlook – From obligation to opportunity: compliance as a mark of quality and a driver of market trust.