To put it bluntly, it means a significant risk when creating any open source project. It’s a common knowledge that there is no money in open source, but suddenly I am liable. Half of open source licenses is disclaimer of liability. Also a lot of other yet to be defined requirements (harmonised regulations it is called I believe).
Linux, World Wide Web… not worth the risk.
So I am making something in my free time, as a hobby, no monetary gain and suddenly I can easily get sued to oblivion. I need to at least buy insurance. My library is used left and right in commercial activity.
The impact assessment for CRA is a total lie. It assumes 100% decrease in cyber damages and laughably low compliance cost and very small amount of impacted entities (only companies, not individuals and each company makes one product).
TBF, version amended by EP explicitly excludes individual developers, hopefully it makes it through trialogue.
Edit: basically imagine authors of log4j. Remember that security flaw that impacted half the internet? That is what’s called liability. Did they use ‘ apply effective and regular tests and reviews of the security of the product with digital elements;’? Better make it industrial grade product, with no money, in their free time.
Linux, World Wide Web… not worth the risk.
So I am making something in my free time, as a hobby, no monetary gain and suddenly I can easily get sued to oblivion. I need to at least buy insurance. My library is used left and right in commercial activity.
The impact assessment for CRA is a total lie. It assumes 100% decrease in cyber damages and laughably low compliance cost and very small amount of impacted entities (only companies, not individuals and each company makes one product).
TBF, version amended by EP explicitly excludes individual developers, hopefully it makes it through trialogue.
Edit: basically imagine authors of log4j. Remember that security flaw that impacted half the internet? That is what’s called liability. Did they use ‘ apply effective and regular tests and reviews of the security of the product with digital elements;’? Better make it industrial grade product, with no money, in their free time.