Github raised this potential problem about the Cyber Resilience Act of the EU:

Problem 1: The CRA regulates open source projects receiving donations

Open source sustainability is a problem: maintainers of popular software projects are often overwhelmed by issues and pull requests to the point of burnout. Donations have emerged as one solution, and are regularly provided by governments, foundations, companies, and individuals. Yet, as excerpts of recent drafts of the CRA (Recital 10b quoted below) indicate, it could threaten to undermine sustainability by potentially introducing a burdensome compliance regime and potential penalties if a maintainer decides to accept donations. The result will be less resources flowing to already under resourced maintainers.

Resolves YES if an OSS project publically announces that they stop taking donations due to the CRA. The project must have relied on regular donations before.

Resolves NO if the CRA is abandoned or if no such announcement is posted in the comments.

Closes one year after the CRA regulation becomes active (which seems to be two years after the EU formally adopts). Close date will be adapted accordingly.