← Back to context

Comment by immibis

12 hours ago

The CRA literally excludes free software developers from the obligations. Because if you're doing something for free you should have no obligations either. Instead, the obligations fall on commercial users of free software. Turns out regulations are sensible sometimes. Who knew.

However, this only happened because free software developers made an uproar about the act while it was a bill and was missing this provision. In a previous proposed version of the act, free software developers would have been liable for security vulnerabilities. So stay connected with politics!

5 comments

immibis

Reply
sunshine-o  11 hours ago

Yes, I believe the Eclipse Foundation and others lobbied for that.

But here is the problem: if you now have a small business selling service around free software you are now facing the full wrath of the regulation and legal risk. In the end only IBM, RedHat, Microsoft and big companies have the strength and the resources to monetize open source it but smaller actors don't. And it is becoming very difficult and risky even for most ~100 employees companies.

So you still have the right to develop and use free software but you can't really make a living out of it anymore unless you work for RedHat or others.

And yes it makes no sense. The EU is doing to the software industry what they did to agriculture a few decades ago.

  • immibis  7 hours ago

    Is there a specific risk you're worried about, or just the general risk of doing something wrong that's inherent to all business and is typically mitigated by insurance and by using a limited liability company?

    • sunshine-o  6 hours ago

      So insurance did not offer much before the CRA. They will probably develop this market but it is gonna cost a lot probably and will be complex and imperfect.

      Of course an LLC ultimately protect you but you have just multiplied by 10 or 100 the risk of blowing up your livelihood and the one of your employees.

      Those regulations are just a nightmare, with "no-fault" liability, a simplified the burden of proof for the claimant, and are just very difficult to decrypt or applied to real world situations in an evolving landscape.

      So unless you are big and have legal resources to work on it people are probably not gonna bother or give up.

      Anyway your costs and risks have exploded and you are still competing with let's say Microsoft Azure.

      2 replies →