Comment by immibis
14 hours ago
Is there a specific risk you're worried about, or just the general risk of doing something wrong that's inherent to all business and is typically mitigated by insurance and by using a limited liability company?
14 hours ago
Is there a specific risk you're worried about, or just the general risk of doing something wrong that's inherent to all business and is typically mitigated by insurance and by using a limited liability company?
So insurance did not offer much before the CRA. They will probably develop this market but it is gonna cost a lot probably and will be complex and imperfect.
Of course an LLC ultimately protect you but you have just multiplied by 10 or 100 the risk of blowing up your livelihood and the one of your employees.
Those regulations are just a nightmare, with "no-fault" liability, a simplified the burden of proof for the claimant, and are just very difficult to decrypt or applied to real world situations in an evolving landscape.
So unless you are big and have legal resources to work on it people are probably not gonna bother or give up.
Anyway your costs and risks have exploded and you are still competing with let's say Microsoft Azure.
Have you talked to an insurer? Business insurance requires a customized quote.
You didn't really answer the question. Do you have a specific risk in mind, or are you only worried about the risk of a random fuckup which all businesses face?
Yes so the problem is this is not about random f-up, the CRA is full of buzzwords concepts like "Cyber security by design", "Cyber security by default" "according to risks" which will be evaluated by the courts if you end up there.
Every software you provide have to be secure and if not you are liable for damage. So this is not just a random f-up, and we know how hard security really is in practice.
I also know that when you are a provider of a software most vulnerabilities and risks are usually requested/created by the client who usually exercise pressure on you (especially if you are a small actor). It is often done in a sneaky manner, putting the provider in an impossible situation. You will need to document this the best you can because now you are liable big time.
EDIT: What I mean is I understand they did that to force big manufacturers of IoT device to care more about security. But if you are now a small provider setting up some customized software you fall under the same rules.
2 replies →