Follow up to November discussion and blog post <https://www.osgeo.org/foundation-news/eu-cyber-resilience-act/> asking OSGeo community to be informed.
1. At the end November Europe lawmakers agreed on something: https://www.consilium.europa.eu/en/press/press-releases/2023/11/30/cyber-resilience-act-council-and-parliament-strike-a-deal-on-security-requirements-for-digital-products/ Free and open source was so far down the priority list that the press release does not even mention it. 1. Next there were assurances that free and open-source community concerns were addressed: https://www.europarl.europa.eu/news/en/press-room/20231106IPR09007/cyber-resilience-act-agreement-with-council-to-boost-digital-products-security The quote did indicate how our concerns were addressed: > We have ensured support for micro and small enterprises and better involvement of stakeholders, and addressed the concerns of the open-source community, while keeping an ambitious European dimension. 1. This week I can find a articles providing clarifications that have been added: https://openforumeurope.org/eu-cyber-resilience-act-takes-a-leap-forward/ Two clarifications: > the provision of free and open-source software products with digital elements that are not monetised by their manufacturers is not considered a commercial activity > The mere circumstances under which the product has been developed, or how the development has been financed should therefore not be taken into account when determining the commercial or non-commercial nature of [making free and open-source software available on the market]. — Jody
_______________________________________________ Discuss mailing list Discuss@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/discuss
