Europe champions digital freedom and its open source community.
We have introduced a tailored approach to boost open source development across EU countries and ensure it is safe from cyber threats.
We only apply security rules to software used in commercial activities.
We are also creating open source software stewards to support security with a light-touch regime and no administrative fines.
Find out more 👇
https://link.europa.eu/Jc7hBy
@thibaultmol @EUCommission also curious about this... From the announcement, I see:
[...] free and open-source software that are published, but not made available on the market [...], the novel legal category of open-source software stewards is introduced. These are legal persons who provide support on a sustained basis for the development of such products [...], and are subject to a light-touch and tailor-made regulatory regime.
So, I believe that if a volunteer project is big enough, the maintainers become "open-source stewards"
Open-source software stewards are subject to the obligations laid down in Article 24, notably [list of obligations]
And it appears that there are some obligations for volunteers... BUT:
In accordance with Article 64(10), open-source software stewards are not subject to administrative fines for infringements of the CRA.
So... Volunteers have obligations, but there are no consequences?
Not sure what to take of this, but I hope the EU doesn't punish volunteers just because their projects became too successful.
@JD557 @thibaultmol @EUCommission
this
"[...] provide support on a sustained basis for the development [...]"
almost makes it sound like these stewards would be dedicated people who'd interface between the regulatory regime (and it's security requirements) and the maintainers, like some sort of dedicated "office for supporting important projects", but that seems too good to be true
European Commission
Thibaultmol 🌈
João Costa
maybenot