Europe champions digital freedom and its open source community.
We have introduced a tailored approach to boost open source development across EU countries and ensure it is safe from cyber threats.
We only apply security rules to software used in commercial activities.
We are also creating open source software stewards to support security with a light-touch regime and no administrative fines.
Find out more 👇
https://link.europa.eu/Jc7hBy
@thibaultmol @EUCommission
"This is why only free and open-source software that is made available on the market, and therefore supplied for distribution or use in the course of a commercial activity, falls in scope of the Cyber Resilience Act."
Second paragraph of the link.europa.eu/Jc7hBy .
In short, if any FOSS app isn't offer commercialy, sold, etc. it shouldn't be fined.
@The_Universality @thibaultmol @EUCommission
But isn't that contradicted by the next paragraph?
Furthermore, recognising the importance for cybersecurity of many products with digital elements qualifying as free and open-source software that are published, but not made available on the market within the meaning of the CRA, the novel legal category of open-source software stewards is introduced. These are legal persons who provide support on a sustained basis for the development of such products which are intended for commercial activities, and who play a main role in ensuring their viability, and are subject to a light-touch and tailor-made regulatory regime.
So if you have a big non-commercial project (I assume something like curl), you might still fall under the CRA, it's just that you won't be fined.
European Commission
Thibaultmol 🌈
The_Universality
João Costa