Re: [OSGeo-Discuss] Cyber Resilience Act staying informed on updates

[Even Rouault via Discuss]

Hi Jody,

thanks for the update.

The clarification of point 3 is still fuzzy to me. What do they actually 
mean by "monetised by manufacturers". Is monetizing only when the 
software is open source but people have to pay to use it on SaaS or 
similar models ? Otherwise if it is about money being involved in the 
making of the open source software, then that contradicts the second 
point that how the development was financed shouldn't be taken into 
account to determine commercial activity... Is consulting about open 
source software "monetizing" it ... ?


Even

Le 06/12/2023 à 16:09, Jody Garnett via Discuss a écrit :
Follow up to November discussion and blog post 
 
asking OSGeo community to be informed.


 1. At the end November Europe lawmakers agreed on something:

https://www.consilium.europa.eu/en/press/press-releases/2023/11/30/cyber-resilience-act-council-and-parliament-strike-a-deal-on-security-requirements-for-digital-products/


Free and open source was so far down the priority list that the
press release does not even mention it.


 2. Next there were assurances that free and open-source community
concerns were addressed:

https://www.europarl.europa.eu/news/en/press-room/20231106IPR09007/cyber-resilience-act-agreement-with-council-to-boost-digital-products-security


The quote did indicate how our concerns were addressed:

> We have ensured support for micro and small enterprises and
better involvement of stakeholders, and addressed the concerns of
the open-source community, while keeping an ambitious European
dimension.


 3. This week I can find a articles providing clarifications that have
been added:
https://openforumeurope.org/eu-cyber-resilience-act-takes-a-leap-forward/


Two clarifications:

> the provision of free and open-source software products with
digital elements that are not monetised by their manufacturers is
not considered a commercial activity

> The mere circumstances under which the product has been
developed, or how the development has been financed should
therefore not be taken into account when determining the
commercial or non-commercial nature of [making free and
open-source software available on the market].


—
Jody

___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss


--
http://www.spatialys.com
My software is free, but my time generally not.
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss

[OSGeo-Discuss] Cyber Resilience Act staying informed on updates

[Jody Garnett via Discuss]

Follow up to November discussion and blog post
 asking
OSGeo community to be informed.


   1. At the end November Europe lawmakers agreed on something:
   
https://www.consilium.europa.eu/en/press/press-releases/2023/11/30/cyber-resilience-act-council-and-parliament-strike-a-deal-on-security-requirements-for-digital-products/


   Free and open source was so far down the priority list that the press
   release does not even mention it.



   1. Next there were assurances that free and open-source community
   concerns were addressed:
   
https://www.europarl.europa.eu/news/en/press-room/20231106IPR09007/cyber-resilience-act-agreement-with-council-to-boost-digital-products-security


   The quote did indicate how our concerns were addressed:

   > We have ensured support for micro and small enterprises and better
   involvement of stakeholders, and addressed the concerns of the open-source
   community, while keeping an ambitious European dimension.



   1. This week I can find a articles providing clarifications that have
   been added:
   https://openforumeurope.org/eu-cyber-resilience-act-takes-a-leap-forward/


   Two clarifications:

   > the provision of free and open-source software products with digital
   elements that are not monetised by their manufacturers is not considered a
   commercial activity

   > The mere circumstances under which the product has been developed, or
   how the development has been financed should therefore not be taken into
   account when determining the commercial or non-commercial nature of [making
   free and open-source software available on the market].


—
Jody
___
Discuss mailing list
Discuss@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/discuss