The European Cyber Resilience Act (CRA) has undergone substantial revisions, bringing relief to the open-source community.
Back in April, the Python Software Foundation (PSF) had expressed concerns about potential repercussions for CPython and PyPI if the initial form of CRA were to be enacted.
The primary worry was that, in the course of providing open-source software, the PSF and the Python community might assume legal responsibility for security issues in products built using the code components they provide freely. Seeking clarity, the PSF called for language exempting public software repositories – such as PyPI – from legal responsibilities.
The good news is that the final text of the CRA, solidified on December 1st, introduces the concept of an “open source steward.” This term refers to any legal entity dedicated to providing sustained support for the development of specific products with qualifying free and open-source software elements, ensuring their viability for commercial activities.
Crucially, the revised text demonstrates a clearer understanding of how open-source software operates and its value within the broader software development ecosystem. It explicitly states that the provision of free and open-source software products without monetisation is not considered a commercial activity.
While this marks a positive step forward, the Python community remains vigilant. The notion of an “open source steward” is a novel concept in European law, necessitating monitoring to ensure its implementation aligns with the intent and realities of open-source development. Additionally, ongoing attention is required as other legislative pieces – such as the Product Liability Directive – may impact the Python ecosystem.
The PSF has extended gratitude to Open Forum Europe (OFE) – particularly Ciarán O’Riordan – for facilitating collaboration within the FOSS community. The PSF says OFE’s coordination efforts played a crucial role in ensuring that its concerns were effectively communicated to legislators.
(Photo by Guillaume Périgois on Unsplash)
See also: Brave Search now answers coding queries
Looking to revamp your digital transformation strategy? Learn more about Digital Transformation Week taking place in Amsterdam, California, and London. The comprehensive event is co-located with IoT Tech Expo, AI & Big Data Expo, and Cyber Security & Cloud Expo.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
