Cyber Resilience Act & Free Software: Parliament waters down its own position
The European Parliament today voted on its position on the Cyber Resilience Act (CRA). While the position improves on the Commission's exemption to protect Free Software, it fails to introduce a proper protection . We call on the institutions to put the burden of liability only on those who significantly financially benefit from the market, while protecting developers and non-profit work.
The Commission’s proposal to exclude Free Software “outside the course of a commercial activity” would fail to address a large part of software that will not be covered but is deployed. At the same time, smaller and non-profit projects would be harmed as they would have to bear major costs.
Therefore we have already proposed a solution that will lead to more security while safeguarding Free Software:
- Liability should be shifted to those deploying Free Software instead of those developing Free Software and
- Those who significantly financially benefit from this deployment should make sure the software becomes CE-compliant
While the Internal Market and Consumer Protection Committee (IMCO), a committee for opinion in CRA, backed our demand and voted for the protection of Free Software developers in the Cyber Resilience Act, the Committee on Industry, Research and Energy (ITRE) introduced less far reaching protections with today's vote. Regular corporate donations or contributions by corporate employees to a project could turn non-profit work into a “commercial activity”, and thus lead to liability.
Alexander Sander, FSFE Senior Policy Consultant explains:"With today's vote, the EU Parliament has watered down its own position. Placing the burden of liability on small or non-profit entities that rely on regular donations would harm the Free Software and thus society and business alike. Due to the lack of funding and resources to go through the proposed procedures to become CE compliant, some of these projects might have to stop completely. We call on the institutions to find a compromise that safeguards the Free Software ecosystem while shifting liability to those who significantly financially benefit from the deployment” .
Interinstitutional negotiations will start start soon and should be concluded this year if possible. You can read more here.