During the discussions around European digital agenda legislation, I have frequently heard people proposing to define “open source” within a draft instrument. But that's a surprisingly difficult thing to do – it turns out that despite being a globally-understood term-of-art, capturing the whole thing in a phrase simple enough to use in a recital requires a great deal of thought and experience.
So people mostly defer to the OSI Open Source Definition, which is not designed for that purpose. This post considers three different ways to consider open source — knowing it when you see it, knowing it by its goals and knowing it by summarising its mechanism — and includes a recital-ready definition of open source for use in legislation that embodies the global consensus of its meaning.
Ultimately software freedom is a matter of personal liberty, however it is framed. Whether you describe it as “open source” or “free software”, the goal is for each individual user of software to be self-sovereign in their software and data. Where the privilege of choice is available, this is a matter of consciously choosing liberty, and it is strictly a matter for each individual to make a set of choices — which will necessarily be inter-related.
Like me you may be surprised to see the suggestion from the IMCO Committee to change “free and open source software” in the CRA to “freeware and open source software” in an amendment from Karen Melchior MEP1. It's not a word I have heard much this decade, so I checked with her team and discovered this was an informed and intentional choice, not a misunderstanding (by them, at least).
I just read a news story about how Chinese tech companies are threatening Europe by registering so many patents. Turns out it's in the context of “open standards” and is actually Chinese companies copying what European multinationals have done for years with patents embedded in standards. That Sword of Damocles cuts both ways.
No, open source advocates are not engaged in “special pleading” to try to get open source given an unreasonable artificial market advantage in Europe, as some are alleging. From the very beginning I have heard people claiming that open source advocates are trying to get open source software per se excluded from the scope of regulation by the Cyber Resilience Act (CRA). Even now it seems people are still hearing this.
