The @EUCommission published draft guidance on the #CyberResilienceAct, including a detailed chapter on #FOSS. EC staff has worked on these and previous drafts for quite a while, and have been open for concerns/clarification from #opensource community members. If this topic interests you, be sure to have a look. I would be interested to hear your thoughts, I’ll likely write up some feedback.
Public comment open till March 31st.
@maarten @EUCommission It's pretty good, shows a real understanding of how the FOSS ecosystem works, including several variant arrangements.
There is one situation that I think would be beneficial to clarify: where the exact same software is published under both FOSS and also a (nominally paid) non-FOSS licence - because some consuming organisations' own internal bureaucracy *requires* a paid purchase of supply and a partial supplier-liability licence. The exact same software and support.
This is a thing, used to be especially so when government came knocking, but also large data-procesing shops and universities. It still crops up even these days.
Maarten Aertsen
Mike Spooner