.. SPDX-License-Identifier: CC-BY-4.0 Copyright 2026 The Linux Foundation Step 1: Categorize Your Project =============================== *Determine whether your project develops materials that are primarily intended for use in an “important” or “critical” product.* While this first step is not mandatory for open source projects, it can help inform how relevant the CRA may be to the project itself, as well as your downstream community of users. The CRA includes a greater degree of obligations for products with digital elements that are considered **"important products"** or **"critical products"**: * "Important products" are of the types specified in `Annex III of the CRA `__. They are subject to additional requirements as described in `Article 7 `__ and elsewhere. * "Critical products" are of the types specified in `Annex IV of the CRA `__. They are subject to even greater requirements as described in `Article 8 `__ and elsewhere. Note that the types of products specified in Annexes III and IV are extremely high-level. During 2025, the European Commission and its working groups are in the process of developing more detailed technical descriptions of the applicable categories of products. As noted above, for an open source project, determining whether your project is relevant to "important" or "critical" products is not mandatory. It should not directly affect your project's compliance obligations under the CRA. However, those projects intended for use in important or critical products are likely to receive more scrutiny, due to greater obligations on *downstream* products that incorporate or use them. So if your project is focused on--or very likely to be used for--downstream products on the "important" or "critical" list, then attending to CRA considerations will be very helpful to your user community.