In letter to European Commission, open source bodies say Cyber Resilience Act could have chilling effect on software development

News Summary

  • “If open source software is not offered as a paid or monetized product, it should be exempt.”A growing number of proposed regulations in Europe is raising concerns across the technological landscape, with open source software a recurring theme.
  • It’s estimated that open source components constitute between 70-90% of most modern software products, from web browsers to servers, yet many open source projects are developed by individuals or small teams in their spare time.
  • Open source software represents more than 70% of the software present in products with digital elements in Europe.
  • While the text does seem to exempt non-commercial open source software from its scope, trying to define what is meant by “non-commercial” is not a straight forward endeavor.
  • This is in particular the case for software, including its source code and modified versions, that is openly shared and freely accessible, usable, modifiable and redistributable.
  • The software and other technical artefacts produced by us are unprecedented in their contribution to the technology industry along with our digital sovereignty and associated economic benefits on many levels.
More than a dozen open source industry bodies have published an open letterasking the European Commission (EC) to reconsider aspects of its proposed Cyber Resilience Act (CRA), saying it will have a [+6442 chars]