Thanks for the context and setting expectations. -- Jody Garnett
On Dec 8, 2023 at 12:57:53 AM, Luís Moreira de Sousa < luis.de.so...@protonmail.ch> wrote: > Dear Jody, > > thank you for the update. The last "trilogue" took place on the 30th of > November and OSS was finally considered. A final document is now closed and > will proceed through the successive steps towards approval. The CRA will > come into two force stepwise as discussed before, but now on different > dates: first tier in January of 2026 and fully in January of 2027. > > Various rumours have emmanated out of the last "trilogue", sometimes > conflicting. In truth the final document is not public, a clear > understanding of its implications will not emerge before then. There are > claims that Microsoft's concerns regarding distribution via code forges > were addressed, but in parallel software stewards such as OSGeo will still > be required to some form of compliance. > > This situation is certainly frustrating, but there is no point in > speculating before the complete Act is made fully public. > > Best regards. > > -- > Luís > On Wednesday, December 6th, 2023 at 4:09 PM, Jody Garnett via Discuss < > discuss@lists.osgeo.org> wrote: > > Follow up to November discussion and blog post > <https://www.osgeo.org/foundation-news/eu-cyber-resilience-act/> asking > OSGeo community to be informed. > > > 1. At the end November Europe lawmakers agreed on something: > > https://www.consilium.europa.eu/en/press/press-releases/2023/11/30/cyber-resilience-act-council-and-parliament-strike-a-deal-on-security-requirements-for-digital-products/ > > Free and open source was so far down the priority list that the press > release does not even mention it. > > > > 1. Next there were assurances that free and open-source community > concerns were addressed: > > https://www.europarl.europa.eu/news/en/press-room/20231106IPR09007/cyber-resilience-act-agreement-with-council-to-boost-digital-products-security > > The quote did indicate how our concerns were addressed: > > > We have ensured support for micro and small enterprises and better > involvement of stakeholders, and addressed the concerns of the open-source > community, while keeping an ambitious European dimension. > > > > 1. This week I can find a articles providing clarifications that have > been added: > https://openforumeurope.org/eu-cyber-resilience-act-takes-a-leap-forward/ > > Two clarifications: > > > the provision of free and open-source software products with digital > elements that are not monetised by their manufacturers is not considered a > commercial activity > > > The mere circumstances under which the product has been developed, > or how the development has been financed should therefore not be taken into > account when determining the commercial or non-commercial nature of [making > free and open-source software available on the market]. > > > — > Jody > > >
_______________________________________________ Discuss mailing list Discuss@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/discuss