EU Cyber Resilience Act Reduces Python Risk
Written by Kay Ewbank   
Tuesday, 23 January 2024

The European Union has revised the Cyber Resilience Act (CRA), reducing the concerns of the open-source community.

pfsbanner23

Concerns were raised by the Python Software Foundation (PSF) when the act was being reviewed after its initial definition last year. PSF was specifically worried about the provisions of the related Product Liability Act, which provides consumers with the ability to seek damages for defective products. Under the CRA, producers of digital products will be required to improve the security of their products; set up a cybersecurity framework; mitigate security vulnerabilities; and disclose security problems to customers.

Organizations breaching the terms could be fined up to €15 million or 2.5 percent of annual turnover, whichever is the greater. PSF was particularly worried about libraries such as CPython and PyPI, as the phrasing of the act could mean the PSF and the Python community could be liable for security issues in products built using the code components they provide for free.

The final text of the CRA has now been released, and it includes the concept of an open source steward, by which the CRA means a legal entity that provides free and open-source software that is then used by other developers. The act now says explicitly that the provision of free and open-source software products without monetisation is not considered a commercial activity.

This is in addition to the clarification that:

"The mere circumstances under which the product has been developed, or how the development has been financed should therefore not be taken into account when determining the commercial or non-commercial nature of [making free and open-source software available on the market]."

Open Forum Europe (OFE) said in a statement that:

"This wording will give clarity to a lot of contributors, both commercial and non-commercial, and will prevent the obligations from extending to certain areas where they could be counterproductive."

Council EU

 

More Information

Open Forum Europe

Python Software Foundation

European Cyber Resilience Act

Related Articles

Python Software Foundation Raises EU Open Source Concerns

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner

Udacity's Offer To Recently Unemployed
01/05/2024

Layoffs, across the board from major tech companies to struggling small businesses, are constantly in the news. Today Udacity has announced a special offer to help the recently unemployed professional [ ... ]


+ Full Story
OpenSilver 2.2 Adds LightSwitch Compatibility Pack
30/04/2024

OpenSilver 2.2 has been released with the addition of a LightSwitch Compatibility Pack designed to provide a way to run legacy Visual Studio LightSwitch applications on modern browsers. The open-sourc [ ... ]


+ Full Story
More News

raspberry pi books

 

Comments




or email your comment to: comments@i-programmer.info