[OSGeo-Discuss] Cyber Resilience Act staying informed on updates

Jody Garnett jody.garnett at gmail.com
Fri Dec 8 01:14:45 PST 2023 

 Thanks for the context and setting expectations.
--
Jody Garnett


On Dec 8, 2023 at 12:57:53 AM, Luí­s Moreira de Sousa <
luis.de.sousa at protonmail.ch> wrote:

> Dear Jody,
>
> thank you for the update. The last "trilogue" took place on the 30th of
> November and OSS was finally considered. A final document is now closed and
> will proceed through the successive steps towards approval. The CRA will
> come into two force stepwise as discussed before, but now on different
> dates: first tier in January of 2026 and fully in January of 2027.
>
> Various rumours have emmanated out of the last "trilogue", sometimes
> conflicting. In truth the final document is not public, a clear
> understanding of its implications will not emerge before then. There are
> claims that Microsoft's concerns regarding distribution via code forges
> were addressed, but in parallel software stewards such as OSGeo will still
> be required to some form of compliance.
>
> This situation is certainly frustrating, but there is no point in
> speculating before the complete Act is made fully public.
>
> Best regards.
>
> --
> Luís
> On Wednesday, December 6th, 2023 at 4:09 PM, Jody Garnett via Discuss <
> discuss at lists.osgeo.org> wrote:
>
> Follow up to November discussion and blog post
> <https://www.osgeo.org/foundation-news/eu-cyber-resilience-act/> asking
> OSGeo community to be informed.
>
>
>    1. At the end November Europe lawmakers agreed on something:
>    https://www.consilium.europa.eu/en/press/press-releases/2023/11/30/cyber-resilience-act-council-and-parliament-strike-a-deal-on-security-requirements-for-digital-products/
>
>    Free and open source was so far down the priority list that the press
>    release does not even mention it.
>
>
>
>    1. Next there were assurances that free and open-source community
>    concerns were addressed:
>    https://www.europarl.europa.eu/news/en/press-room/20231106IPR09007/cyber-resilience-act-agreement-with-council-to-boost-digital-products-security
>
>    The quote did indicate how our concerns were addressed:
>
>    > We have ensured support for micro and small enterprises and better
>    involvement of stakeholders, and addressed the concerns of the open-source
>    community, while keeping an ambitious European dimension.
>
>
>
>    1. This week I can find a articles providing clarifications that have
>    been added:
>    https://openforumeurope.org/eu-cyber-resilience-act-takes-a-leap-forward/
>
>    Two clarifications:
>
>    > the provision of free and open-source software products with digital
>    elements that are not monetised by their manufacturers is not considered a
>    commercial activity
>
>    > The mere circumstances under which the product has been developed,
>    or how the development has been financed should therefore not be taken into
>    account when determining the commercial or non-commercial nature of [making
>    free and open-source software available on the market].
>
>
>> Jody
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/discuss/attachments/20231208/7159dcde/attachment.htm>

More information about the Discuss mailing list