Comment by jeroenhd

I'm not a lawyer, but I believe the EU's Cyber Resilience Act combined with the NIS2 Directive do task governments with setting up bodies to collaborate with security researchers and help deal with reports.

The law seems written to target vendors and products rather than services though, reading through this: https://www.acigjournal.com/Vulnerability-Coordination-under...