Potential Impacts of Cyber Resilience Act on Open Source Projects

After reviewing the proposed Cyber Resilience Act (CRA) and Product Liability Act, the Python Software Foundation (PSF) has found “issues that put the mission of our organization and the health of the open-source software community at risk,” says Deb Nicholson, Executive Director of the PSF.

Specifically, Nicholson states:

We’re concerned that some of the current proposed policy language doesn’t make things clear enough for an ecosystem like Python’s. Under the current language, the PSF could potentially be financially liable for any product that includes Python code, while never having received any monetary gain from any of these products. The risk of huge potential costs would make it impossible in practice for us to continue to provide Python and PyPI to the European public. 

Spread the Word

The Eclipse Foundation and NLnet Labs have also issued statements warning of the adverse effects that the CRA could have on global open source projects. Maarten Aertsen of NLnet Labs urges developers to educate themselves and spread the word about the proposed policy: “Help your fellow developers. Talk to people around you with legal and policy skills. Let them know how the CRA proposal affects them, their organization or society at large.”

Additionally, “PSF members and Python users in Europe may wish to write to their MEP voicing their concerns about the proposed CRA law before April 26th, while amendments that will protect public open source repositories are still being considered,” Nicholson says.

Read more at Python Software Foundation.

See also:
In letter to EU, open source bodies say Cyber Resilience Act could have ‘chilling effect’ on software development — TechCrunch

Contact FOSSlife to learn about partnership and sponsorship opportunities.

woman with dark ponytail in front of computer



Subscribe now to FOSSlife Weekly and get news and features delivered to your inbox.