Mirko SwillusMar 6

This week the European Commission published the draft for a guidance document for the Cyber Resilience Act (CRA). It is 70 pages, but contains some helpful examples and flowcharts, like this one, making it accessible even to Open Source folks with limited time.

Here: Quick guidance for the question if your FOSS component is in scope for the CRA, and if so, wether you're deemed a steward or manufacturer in regards of the component.

#opensource #cra

Show threadLars WirzeniusMar 6
@mechko Thank you, this helps guide my process in understanding the CRA. I've been thinking that I want to try to offer my time and maybe support contracts for a side project or two. That'd probably make me a manufacturer. I'll be reading the actual CRA text in the near future.
Show threadMirko SwillusMar 6

@liw One interesting distinction already is that manufacturers can only be legal persons. Again, no legal advice ;)

So, no matter if you place something on the market by just offering a support contract (certainly not), as a freelancer you're a natural person, not a legal person. Look at the flowchart, in this case you can't be deemed a manufacturer.

Show threadLars WirzeniusMar 6
@mechko For tax and other reasons I would do this as my company.
Show threadMirko SwillusMar 6
@liw Ahja, but again, you might want to look at page 17 of the draft guidance:
Show threadLars Wirzenius

@mechko Skimming other parts of the draft guidance I get the impression that getting paid for development is also not going to be a problem. But I'll read through everything to make sure I don't miss anything.

Thank you for the pointers. Very helpful.

Mar 6 at 2:14pmWeb