Not Trying To Opt Out

No, open source advocates are not engaged in “special pleading” to try to get open source given an unreasonable artificial market advantage in Europe, as some are alleging. From the very beginning I have heard people claiming that open source advocates are trying to get open source software per se excluded from the scope of regulation by the Cyber Resilience Act (CRA). Even now it seems people are still hearing this.

Facts Not Opinions slogan carved in stone above a door

The European Commission draft of the CRA purported to exclude open source from the scope of the new law throughout community development until it was made available on the market commercially — its author said as much at FOSDEM 2023. This is a good thing as it would be harmful to open source development if merely developing software in the open became subject to regulation — I have written previously about the mistaken use of a proprietary-software frame. However, as drafted the Act has substantial apparent inaccuracies and oversights that would probably lead to regulation of developers pre-market.

Consequently many practitioners have asked those considering the Act to correct these defects. It is proving very challenging, because originally the CRA only applied to physical products with digital elements (like IoT devices, routers and so on), but following the impact assessment (which made a serious error of comprehension with an academic source) the scope was enlarged to include products without physical elements. I regard this as a huge mistake and the origin of the ambiguities which are causing the problems. Unfortunately it appears to be too late to fix, so now we are trying to get an adequate ringfence around the pre-market development cycles of open source by fourth-sector developers.

Some voices have then sought to misrepresent this as an attempt to exclude open source entirely from the regulation even when placed on the market commercially. This meme was already circulating when the draft text was first released (before any advocates I know had even commented). Naming no names, these voices are the kind of “friends of open source” whose agenda is actually to disadvantage it as much as possible. Some parties have then abstracted this misdirection into a general criticism. If you do see anyone asking for open source per se to be excluded rather than just for the development community to be excluded from the scope, please let me know so OSI can intervene.


Notes, Tags and Mentions

To discuss this post please reply from Mastodon etc. (search for the URL) & include @webmink@meshed.cloud as WriteFreely still doesn't display replies. More.