Leading the way into CRA compliance: Element’s approach to the incoming regulation (matrix-conf-2025)

The Cyber Resilience Act is a new European regulation that has the main goal to increase European cyber security and resilience, through accountability. A lot has been said about the impacts of the CRA on open source, in particular towards non-profit foundations, but what about organisations - such as Element - that operate complex licensing models with a mix of monetised and non-monetised products? In this talk we endeavour to shine a light on our thinking regarding CRA compliance for our products, as well as implications for the wider ecosystem of vendors and communities building on Matrix. We also introduce our roadmap of communications around the CRA, aimed at those using and building on top of our products. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://cfp.2025.matrix.org/matrix-conf-2025/talk/AS8JHQ/