Representatives of member states of the European Union (EU) reached a common agreement yesterday regarding the proposed Cyber Resilience Act (CRA). While the intent of the CRA is to improve cybersecurity and cyber resilience, the seemingly purposeful omission of exemptions for open source would put undue onus on open source foundations and maintainers, posing a serious risk to not just EU innovation and security, but global collaboration and the open source community as a whole.