Like me you may be surprised to see the suggestion from the IMCO Committee to change “free and open source software” in the CRA to “freeware and open source software” in an amendment from Karen Melchior MEP¹. It's not a word I have heard much this decade, so I checked with her team and discovered this was an informed and intentional choice, not a misunderstanding (by them, at least).

Update: This has now graduated to the OSI Blog.

No, open source advocates are not engaged in “special pleading” to try to get open source given an unreasonable artificial market advantage in Europe, as some are alleging. From the very beginning I have heard people claiming that open source advocates are trying to get open source software per se excluded from the scope of regulation by the Cyber Resilience Act (CRA). Even now it seems people are still hearing this.

Update: This post has graduated to the OSI blog and is also available en Français.

Update: This post has graduated to the OSI Blog.

Update: This has now graduated to the OSI Blog.

Update: Graduated to the OSI Blog

Perhaps all the problems we are having with the Cyber Resilience Act (CRA) arise from a misunderstanding of specialist language used by an academic evolving into an imperfect use of the term “commercial” in the exclusion of open source from the CRA?

You're not going to fix Europe's proposed Cyber Resilience Act (CRA) by defining “commercial”. The problem is not a lack of clarity in the term; it is the act of triggering applicability of the regulations on an attribute of the work rather than on the act of deploying it in commerce.

Update: Graduated to the OSI Blog