Comment by sunshine-o
10 hours ago
Yep you are basically describing the EU Cybersecurity Act if anybody care to read it and try to understand how things work in reality.
10 hours ago
Yep you are basically describing the EU Cybersecurity Act if anybody care to read it and try to understand how things work in reality.
The CRA literally excludes free software developers from the obligations. Because if you're doing something for free you should have no obligations either. Instead, the obligations fall on commercial users of free software. Turns out regulations are sensible sometimes. Who knew.
However, this only happened because free software developers made an uproar about the act while it was a bill and was missing this provision. In a previous proposed version of the act, free software developers would have been liable for security vulnerabilities. So stay connected with politics!
Yes, I believe the Eclipse Foundation and others lobbied for that.
But here is the problem: if you now have a small business selling service around free software you are now facing the full wrath of the regulation and legal risk. In the end only IBM, RedHat, Microsoft and big companies have the strength and the resources to monetize open source it but smaller actors don't. And it is becoming very difficult and risky even for most ~100 employees companies.
So you still have the right to develop and use free software but you can't really make a living out of it anymore unless you work for RedHat or others.
And yes it makes no sense. The EU is doing to the software industry what they did to agriculture a few decades ago.
Is there a specific risk you're worried about, or just the general risk of doing something wrong that's inherent to all business and is typically mitigated by insurance and by using a limited liability company?
2 replies →