Europe champions digital freedom and its open source community.
We have introduced a tailored approach to boost open source development across EU countries and ensure it is safe from cyber threats.
We only apply security rules to software used in commercial activities.
We are also creating open source software stewards to support security with a light-touch regime and no administrative fines.
Find out more 👇
https://link.europa.eu/Jc7hBy
@thibaultmol @EUCommission
"This is why only free and open-source software that is made available on the market, and therefore supplied for distribution or use in the course of a commercial activity, falls in scope of the Cyber Resilience Act."
Second paragraph of the link.europa.eu/Jc7hBy .
In short, if any FOSS app isn't offer commercialy, sold, etc. it shouldn't be fined.
@The_Universality @thibaultmol @EUCommission
But isn't that contradicted by the next paragraph?
Furthermore, recognising the importance for cybersecurity of many products with digital elements qualifying as free and open-source software that are published, but not made available on the market within the meaning of the CRA, the novel legal category of open-source software stewards is introduced. These are legal persons who provide support on a sustained basis for the development of such products which are intended for commercial activities, and who play a main role in ensuring their viability, and are subject to a light-touch and tailor-made regulatory regime.
So if you have a big non-commercial project (I assume something like curl), you might still fall under the CRA, it's just that you won't be fined.
@thibaultmol @EUCommission also curious about this... From the announcement, I see:
[...] free and open-source software that are published, but not made available on the market [...], the novel legal category of open-source software stewards is introduced. These are legal persons who provide support on a sustained basis for the development of such products [...], and are subject to a light-touch and tailor-made regulatory regime.
So, I believe that if a volunteer project is big enough, the maintainers become "open-source stewards"
Open-source software stewards are subject to the obligations laid down in Article 24, notably [list of obligations]
And it appears that there are some obligations for volunteers... BUT:
In accordance with Article 64(10), open-source software stewards are not subject to administrative fines for infringements of the CRA.
So... Volunteers have obligations, but there are no consequences?
Not sure what to take of this, but I hope the EU doesn't punish volunteers just because their projects became too successful.
@JD557 @thibaultmol @EUCommission
this
"[...] provide support on a sustained basis for the development [...]"
almost makes it sound like these stewards would be dedicated people who'd interface between the regulatory regime (and it's security requirements) and the maintainers, like some sort of dedicated "office for supporting important projects", but that seems too good to be true
@EUCommission Awesome, I really like this.
Lets now repel the mess Digital Omnibus enables with the simplification of GDPR and think of more meaningful way.
(Or if we want to simplify regulations, lets first start with the regulatory mess regarding agriculture)
RE: https://mastodon.social/@Tutanota/116277691327823258
@EUCommission It's funny how this appeared right below this @Tutanota post about how there's people in the EU who are trying to force mass surveillance. Not very open at all.
@707Kat @EUCommission @Tutanota
"It's not surveillance if we do it" syndrome🤷♀️
And what about #ChatControl 1.0 ?
You’re not completely making fun of us, are you?
The Commission (career bureaucrats+indirectly elected officials) proposes laws, Parliament (directly elected) and the Council (member state representatives) pass these into law. They are entirely separate institutions.
The Commission has no control over the opinions of a party group in the Parliament. The only thing we can do to get rid of these people is to vote them out.
@kriom @EUCommission
@sab @kriom Yes, the Commission shouldn’t be blamed for Parliament actions, or individual MEP actions. They should be blamed for their own role in, for example, ChatControl.
They invite criticism of all kinds, though, when they say they speak for ”Europe”. The one muddying the waters can’t really legitimately complain when people can’t see you properly.
@EUCommission If you *really* care about open source, please end Google's use of remote attestation (through Play Integrity) to push open source competitors out of the market.
I can understand that banks and governments want remote attestation, but it should be open to all players, not Google, nor a company cartel.
That's absolutely true, @danieldk, but an entirely different discussion for another discussion thread.
The CRA has been troublesome for open source projects, where there now seems to be some important clarifications to make it possible for smaller open source projects to not break their necks on bureaucratic processes and responsibilities if their project is embraced by various official EU programs. Still there seems to be unclear aspects.
https://blog.joaocosta.eu/o/213114d7e1c5425bb3f7de9f77ca554e
"Europe champions digital freedom and its open source community"
Yeah, meanwhile, support the US Tech-Nazis, follow us on their platforms and add to their wealth. Heil Edolf Muskler.
"Better late than never", a we could say. But isn't too late?
Managers have been informed more than 25 years ago...
European Commission
Thibaultmol 🌈
The_Universality
João Costa
maybenot
Jordan Maris 🇪🇺 🇺🇦 #NAFO
cybard 
707Kat
Tionisla
kriφm 
☮ ⏚🔻
Digol
Stian
Magnus Ahltorp
Daniël de Kok
🐈⬛David Sommerseth
DNKrupinski 🧡🏴☠️
T Lisa B
Martin Kostera
Mr.Mark "The Sharpie King"
Lisa
Fenix
Françoise Beltzung
vlakicas
Dynn
An Anarchist Pigeon
NATALiE.EE