Open Source Bodies Warn European Commission of Negative Impact of Cyber Resilience Act on Software Development

Date:

More than a dozen open source industry organizations have collectively published an open letter directed towards the European Commission (EC), urging them to reconsider certain aspects of their proposed Cyber Resilience Act (CRA). The participants claim that if enacted in its current condition, it will have a “chilling effect” on open source software developers.

The signatories of the open letter included the Eclipse Foundation, The Linux Foundation Europe, and the Open Source Initiative (OSI), noting in the letter that these organisations do not have an established relationship with the European legislators. They also point out that open source software is estimated to represent more than 70% of digital products across Europe, and that the CRA seeks to regulate this without any form of genuine consultation with the involved stakeholders.

The aim of the Cyber Resilience Act (CRA) is to establish best cybersecurity practices for vendors of connected products that are sold in the European Union, with potential fines of up to €15M, or 2.5% of global turnover, in the event of non-compliance. The current draft of the legislation appeared in September.

The open source community is alarmed at the regulation as it is, pushed on because it exempts “free and open source software developed or supplied outside the course of a commercial activity” from the CRA’s scope—however, this wording places a major burden on the open source developers, as they struggle to define what is meant by “non-commercial”. In some cases developers may receive sponsorships or grants, while in others they are working in corporate, government, academic, or non-profit roles.

See also  Tech Giants Pledge to Combat Deceptive AI Content Ahead of Global Elections

To assuage these fears, Mike Linksvayer, the policy director at GitHub, argued that the exemption should be clarified to focus on finished products that are not available for sale or which are otherwise monetized and that if open source software does not meet this criteria, it should be excluded from the scope of the CRA.

This sentiment is echoed in the second paragraph of the letter, pushing for the voices of the open source community to be heard and taken into consideration during the legislative process. While the letter notes that legislation such as the CRA could have far-reaching benefits, they stress that open source developers should not bear the brunt of it if they are not creating or distributing commercial or monetized ROS software.

Given the sheer importance of open source software in the European Union, and its ubiquity everywhere from web browsers to servers, the letter beseeches the European Commission to recognize the value and importance of open source software development, protecting it from unnecessary economic and technological risks that could be introduced by the CRA it its current form. It also suggests that the EU should consult closely with the open source software industry bodies throughout the co-legislating process in order to take into account their distinct expertise from traditional software.

In addition to the Eclipse Foundation, Linux Foundation Europe, and Open Source Initiative (OSI), the full list of signatories also includes OpenForum Europe (OFE), Associaçāo de Empresas de Software Open Source Portuguesas (ESOP), CNLL, The Document Foundation (TDF), European Open Source Software Business Associations (APELL), COSS- Finnish Center for Open Systems and Solutions, Open Source Business Alliance (OSBA), Open Systems and Solutions (COSS), OW2 and the Software Heritage Foundation.

See also  Jack Dorsey's Bitcoin Legal Defense Fund: Championing the Future of Open Source Software

The letter, therefore, puts the open source community in the spotlight, pushing for a louder voice in the legislative process for long-term benefits for everyone concerned. The European Commission must keep in mind the potential risks posed by the CRA on the open source developer ecosystem, and assess the impact it could have if left unaddressed.

Frequently Asked Questions (FAQs) Related to the Above News

Please note that the FAQs provided on this page are based on the news article published. While we strive to provide accurate and up-to-date information, it is always recommended to consult relevant authorities or professionals before making any decisions or taking action based on the FAQs or the news article.

Share post:

Subscribe

Popular

More like this
Related

Obama’s Techno-Optimism Shifts as Democrats Navigate Changing Tech Landscape

Explore the evolution of tech policy from Obama's optimism to Harris's vision at the Democratic National Convention. What's next for Democrats in tech?

Tech Evolution: From Obama’s Optimism to Harris’s Vision

Explore the evolution of tech policy from Obama's optimism to Harris's vision at the Democratic National Convention. What's next for Democrats in tech?

Tonix Pharmaceuticals TNXP Shares Fall 14.61% After Q2 Earnings Report

Tonix Pharmaceuticals TNXP shares decline 14.61% post-Q2 earnings report. Evaluate investment strategy based on company updates and market dynamics.

The Future of Good Jobs: Why College Degrees are Essential through 2031

Discover the future of good jobs through 2031 and why college degrees are essential. Learn more about job projections and AI's influence.