The EU’s Proposed Cyber Resilience Act Will Damage the Open Source Ecosystem
I believe the European Commission’s Cyber Resilience Act proposal needs an important amendment to avoid damage to the open source software ecosystem. The regulation should be modified to make it clear that software produced under an open source license and distributed on not-for-profit basis is out of scope for the regulation, in line with previously stated objectives of the European Commission.
The Cyber Resilience Act
On 15 September 2022 the European Commission released a proposal for a regulation on horizontal cybersecurity requirements for products with digital elements, in short, the Cyber Resilience Act.