Python logo
Here on the blog now We have covered a little about the Cyber Resilience Law and as some projects have commented on it, both damages and changes that are forced to be made by said law.
And as we have already mentioned, the Cyber Resilience Law aims to establish requirements additional for software manufacturers, with the aim of improving security and vulnerability management throughout the product life cycle. However, the Debian community expressed concerns about the potential impact on the open source software development ecosystem.
The Cyber Resilience Act (CRA) It is legislation proposed by the European Commission which aims increase cybersecurity of digital products and services in the European Union.
At the time, the Python Software Foundation express concern about some formulations of the policy proposal, given that at the time it put the Free Software Foundation in big trouble, as it could be financially responsible for any product that includes Python code, although it has never received monetary profits from any of these products.
Even the Debian developers had to make some changes by the Cyber Resilience Act since it introduced legal liability for non-compliance with security requirements, which goes against Debian's social responsibility to distribute software for any purpose and without restrictions.
Now with the consolidation of the CRA (which was consolidated on December 1) the Python Software Foundation has come out to give some good comments about it and also to thank the changes made, marking a significant victory for open source. Amid previous concerns about the potential impact on the open source ecosystem, including projects like CPython and PyPI.
The good news is that the final text of the CRA reflects significant changes that address these concerns. Introduces the concept of “open source software manager”, defined as an entity dedicated to providing support for the development of specific products with open source digital elements intended for commercial activities. This demonstrates a clearer understanding of the role and value of open source software in the software development ecosystem.
“'open source software administrator' means any legal entity, other than a manufacturer, that has the purpose or objective of providing systematic and sustained support for the development of specific products with digital elements qualified as free and open source software that are intended for commercial activities, and guarantees the viability of said products;” (p. 76)
Furthermore, it is established that the supply of Free and open source software products are not considered a commercial activity, which recognizes the collaborative and non-monetized nature of many open source projects.
However, the work is not finished, as The concept of "open source administrator" is new in European legislation, and the open source community will be attentive to its implementation and its interactions with other parts of the law to ensure that it reflects the intent and realities of open source development.
Additionally, other laws in the works, such as the “Product Liability Directive” and discussions on standard essential patents, may also impact the Python ecosystem and open source development. PSF and the community will remain vigilant and committed to ensuring that the effects of these laws are positive and beneficial for open source.
La Python Software Foundation:
thanks Open Forum Europe (OFE), especially Ciarán O'Riordan, for leading efforts to coordinate the concerns and perspectives of the free software community. His work was instrumental in communicating PSF concerns to policymakers and ensuring impacts on the open source ecosystem were considered..
finally if you are interested in knowing more about it, you can check the details in the following link