The EU Cyber Resilience Act (CRA) establishes essential cybersecurity requirements that all businesses and open source communities operating in the EU will have to implement. As the first EU-wide cybersecurity regulation that explicitly defines the separate roles of manufacturers and open source software stewards, it changes the playing field for the collaborative development of open source software and reshapes the relationship between open source foundations and their member companies. Key topics covered by this presentation include who is responsible for being CRA compliant, what the essential requirements and obligations are, and what support the Linux Foundation will provide in the redefined open source software steward role.