Posts by maarten@techpolicy.social
(DIR) Post #AUq1rzGMYXk6a4NrJA by maarten@techpolicy.social
2023-04-19T19:47:07Z
0 likes, 1 repeats
This has been new to both of our organisations: actively engaging with the Brussels policy process.But we feel this is important. If European policy makers want less vulnerable software in the future through the #CRA, they need to be careful about unintended consequences for #opensource.From: @iscdotorghttps://fosstodon.org/@iscdotorg/110226853238464590 @nlnetlabs#CyberResilienceAct
(DIR) Post #AV0p8xuJghtKdNOeCe by maarten@techpolicy.social
2023-04-25T10:57:57Z
0 likes, 1 repeats
RIPE NCC spoke up on the #CRA's implications for #OpenSource in a letter to ITRE MEPs last week, after consulting the RIPE community.Short thread with quotes from the letter.https://www.ripe.net/participate/internet-governance/multi-stakeholder-engagement/ripe-ncc-letter-to-itre-on-cra.pdf#CyberResilienceAct
(DIR) Post #AV0p8zFcgyWqnkNB3I by maarten@techpolicy.social
2023-04-25T10:58:33Z
0 likes, 0 repeats
"The RIPE NCC would like to use this opportunity to reiterate the RIPE community’s concerns regarding the limited exemption, formulated in Recital 10 of the CRA, for the development and making available of open-source software. We do so in our role as secretariat for RIPE, which is an open, inclusive community that welcomes the participation of anyone with an interest in IP- based networking."
(DIR) Post #AV0p90PwM6NMQ2Cvlw by maarten@techpolicy.social
2023-04-25T10:59:23Z
0 likes, 0 repeats
Quoting @webmink:"As open source veteran and expert Simon Phipps has said, ‘Open source is an artefact arising from the interactions of a community of contributors with no contractual binding between them beyond the open source licence itself, which disclaims all warranties and has no conduit for funds’."
(DIR) Post #AV0p91XmASEnucshcm by maarten@techpolicy.social
2023-04-25T11:00:28Z
0 likes, 0 repeats
"For the CRA to reach the goal of reducing product vulnerability, it also needs to reduce vulnerability in open-source software — an aim the RIPE NCC strongly supports.The lack of clarity surrounding the notion of “commercial activity” referred to in Recital 10 however, is what creates uncertainty for, and risks placing undue regulatory burden on, those from the community who contribute to open-source software and its security without the intent of making a profit as a result of its later use."
(DIR) Post #AV0p92XoRnrT11uFJw by maarten@techpolicy.social
2023-04-25T11:00:59Z
0 likes, 1 repeats
"The Blue Guide does not give sufficient clarity as to when open-source software is considered to be developed or supplied in the course of a commercial activity. We therefore urge ITRE / IMCO to provide a clearer definition of what constitutes open-source software that is not within the scope of the proposed CRA."
(DIR) Post #AVKCWpzmkEjVzlXs2a by maarten@techpolicy.social
2023-05-04T21:15:04Z
0 likes, 0 repeats
@webmink@the.webm.ink @webmink@meshed.cloud 🤯
(DIR) Post #AbKe7YXwWoQJWuEgQy by maarten@techpolicy.social
2023-10-30T18:23:20Z
0 likes, 0 repeats
Arrived on my doorstep today! I blame the #CyberResilienceAct for my curiosity in more things #EU and @StevePeers for sharing he worked on this update on Mastodon.
(DIR) Post #AbKe7bDUbIqboLgtTU by maarten@techpolicy.social
2023-10-30T18:31:20Z
0 likes, 1 repeats
@StevePeers And while we are on the subject of EU law, if anyone knows an expert on the #NewLegislativeFramework familiar with the jurisprudence on what constitutes “making available on the market **in the course of a commercial activity**”, me and several others #opensource people would like to better understand the (legal?) underpinnings of the writing in the Blue Guide on the matter. You would help us make sense of the #CyberResilienceAct. Sharing encouraged.
(DIR) Post #AbtPqN1jpbPYWGx0r2 by maarten@techpolicy.social
2023-11-17T07:49:29Z
0 likes, 0 repeats
And now we wait #CyberResilienceAct #opensource
(DIR) Post #AbtPqNtyZwnREUKKOW by maarten@techpolicy.social
2023-11-17T08:04:44Z
0 likes, 1 repeats
Turns out this wild ride started for me just about a year ago https://blog.nlnetlabs.nl/open-source-software-vs-the-cyber-resilience-act/
(DIR) Post #AbtPqPNn4aEtpFHeVM by maarten@techpolicy.social
2023-11-17T08:11:52Z
0 likes, 0 repeats
I understand the topic of #opensource in the #CyberResilienceAct is now under active consideration and will be negotiated in the coming weeks, with the goal of a (political) compromise on the whole package to be reached on Nov 30. I personally like @euractiv_tech’s weekly tech newsletter by Luca Bertuzzi and colleagues as a convenient place to stay up to date, if you want to follow along.
(DIR) Post #AbtPqQyh8rLylzYdfM by maarten@techpolicy.social
2023-11-17T08:22:55Z
0 likes, 0 repeats
Should you wish to understand the mechanics of a relatively recent proposal, I made a picture of my attempted reading here: https://github.com/maertsen/cra-foss-diagram/raw/main/FOSS%20flowchart.drawio.pdf(Note that it covers merely one proposal out of many, there is no guarantee that the final text will be anything like this, so it’s more of a curiosity at this point.)Happy to update it once more/new information becomes available.
(DIR) Post #AmrhefRPtq7A7ceZsW by maarten@techpolicy.social
2024-10-10T12:56:38Z
1 likes, 0 repeats
The council of the EU adopted the #CyberResilienceAct earlier today.“Following today’s adoption, the legislative act will be signed by the presidents of the Council and of the European Parliament and published in the EU’s official journal in the coming weeks. The new regulation will enter into force twenty days after this publication and will apply 36 months after its entry into force with some provisions to apply at an earlier stage.” https://www.consilium.europa.eu/en/press/press-releases/2024/10/10/cyber-resilience-act-council-adopts-new-law-on-security-requirements-for-digital-products
(DIR) Post #AmrhegpYjZ1KQmxN9E by maarten@techpolicy.social
2024-10-10T13:02:29Z
0 likes, 1 repeats
Wondering what the #CyberResilienceAct means for #FOSS? I linked to a lot of good content on #CRA and #OpenSource earlier this year: https://blog.nlnetlabs.nl/what-i-learned-in-brussels-the-cyber-resilience-act/
(DIR) Post #Amrhei81uNOCSMbdZo by maarten@techpolicy.social
2024-10-10T13:13:56Z
0 likes, 0 repeats
And Council of the EU adoption of the #ProductLiabilityDirective is here too:https://www.consilium.europa.eu/en/press/press-releases/2024/10/10/eu-brings-product-liability-rules-in-line-with-digital-age-and-circular-economy/Different timeline though, because this is a directive, which needs to be turned into national law by member states. They have two years to do that.
(DIR) Post #AoOgNu2nS8oB1Acjc8 by maarten@techpolicy.social
2024-11-20T08:50:48Z
0 likes, 1 repeats
#CyberResilienceAct published as Regulation EU 2024/2847 in the Official Journal of the EU: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L_202402847 Full application at 11 December 2027, reporting obligations at 11 September 2026.I wrote on the implications for #opensource and #foss in the past, based on last year’s FOSDEM content, including resources by others:https://blog.nlnetlabs.nl/what-i-learned-in-brussels-the-cyber-resilience-act/
(DIR) Post #AoOgNvPWN8a1FwGOfo by maarten@techpolicy.social
2024-11-20T08:51:42Z
0 likes, 0 repeats
(Please read recent analysis instead of the old headlines from the negotiation phase, there’s quite a lot of nuance to the scope, which is both complicated and improved. Ask me in 2027 how I feel about real-world effects.)
(DIR) Post #AzXWXsZLivAvLyDNJI by maarten@techpolicy.social
2025-10-24T16:30:58Z
0 likes, 0 repeats
@bortzmeyer @jpmens @oli I’ll note in passing that we’re quite lucky at @nlnetlabs that it’s not just men either.