The EU's Cyber Resilience Act aims to improve digital security in the European Union by introducing mandatory cyber security requirements for hardware and software products, a CE marking to signify compliance, and enhanced transparency for consumers. The act applies to most digital products sold in the EU and requires manufacturers to provide security updates, report vulnerabilities, and minimize weaknesses throughout the product lifecycle. While the open-source community has raised concerns about the Act's impact on vulnerability reporting burdens, its final version extends exemptions to non-profit OSS organizations, addressing some of these criticisms.