Stackable
Stackable develops open source software that makes building and operating scalable data and streaming infrastructures for modern data warehouses, event streaming, machine learning (ML) and AI with open source products as easy as possible.
ID: 600437495011-11
Lobbying Activity
Response to Revision of the Standardisation Regulation
15 Jul 2025
Context: IT startup (~20 employees), Germany, open-source company. Co-Founder/CTO active in DIN/CEN standardisation for Cyber Resilience Act (CEN JTC 13 WG 1 & 9). Thank you for this call for evidence. I read the June 2025 evaluation with great pleasure as it identifies the exact pain points I've encountered over the past year. Key Issues 1. Outdated Working Methods & SME Participation Barriers Multiple weekly meetings, often in-person, with travel costs SMEs can't sustain. The bigger cost is opportunity cost - participation can't be effectively selective (you never know when issues of interest are discussed). Unlike big companies with 3-4 people in meetings, we can't dedicate full-time staff to standardisation. Current model systematically excludes non-native speakers, part-time workers, different timezones, people with disabilities/caregiving obligations. Word files with specific naming conventions remind me of early 2000s practices. When we can't attend meetings, our contributions risk being denied without opportunity to defend them. 2. Unreadable Standards Standards use insider terminology ("documented information", "essential requirement") requiring specialized knowledge to decode. SMEs need actionable guidance, not expert-only language. This connects to paywalled access - if standards were free, communities could generate better guidance instead of forcing people into consulting contracts. 3. Paywalled Standards Block Everyone Standards cost hundreds of euros, creating compliance barriers. When multiple standards are needed, costs become prohibitive. This affects consumers, employees, open-source communities - anyone wanting to understand standards affecting their work/life. Portals established after public.resource.org court case are cumbersome and inadequate. NSB inconsistencies make it hard to guide newcomers because you'd need to know how the system works in all European NSBs. 4. Can't Reference Industry Standards Our internet runs on W3C, IETF, OASIS, Ecma International, OWASP standards. ESOs can't reference these, forcing wasteful duplication and creating artificial separation from technical reality. Articles 13 & 14 haven't worked since 2017 - they need reworking. Most knowledgeable practitioners contribute to industry consortia, not ESOs. 5. Open Source Community Ignored Open source developers implement software running modern digital infrastructure, but lack formal pathways to contribute. These communities dwarf traditional standardisation participants in numbers and experience, yet ESOs complain about resource constraints while ignoring this expertise. Principles for Legal Codification European standardisation legislation should codify these principles: Inclusive & Proportional Participation: Based on technical merit alone, not limited by financial means, time, or language proficiency Accessibility: All harmonised standards publicly accessible without financial barriers Technical Interoperability: Capability to reference existing consortia standards (W3C, IETF, etc.) Transparency & Accountability: Public visibility of decision-making and progress Comprehensibility: Standards understandable by everyone affected Policy Options Assessment Against Baseline: Current framework inadequately serves SMEs and innovation needs. Support Amendments: Simplifying processes, supporting diverse stakeholder participation, digitisation measures, and regular ESO review align with our needs. Support Further Options: Selecting existing standards and open-source implementation solutions directly address our consortia standards and community participation concerns. Strong Opposition to In-House Development: Vehemently against Commission-developed standards or mandates to private/public organisations not following inclusive principles. Open-source community demonstrates standards can be written in reasonable timeframes with inclusive participation. Fix current system, don't replace it.
Read full response