Re: [open-regulatory-compliance] CRA discussion topics and activities

[Dirk-Willem van Gulik <dirkx@xxxxxxxxxxxxxx>]

On 17 Jun 2024, at 09:16, Olle E. Johansson via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:

I have been working with Open Source for many years, but not with any project that was hosted by a foundation. It is important to keep the scope wide to cover everything from one-person projects to large industry collaboration - without (as you point out) grading projects.

Agreed with the sentiment - but I think there is a fairly specific ‘line in the sand’ here — and that is if you go to Article 3 — that you basically are, by default, someone that places things on the market, a manufacturer — and you need to comply with the whole CRA. 

Regardless if you are a one-person project/company or a mega enterprise. 

If you place things on the market for others - you need to comply.

And then there is a very narrow area for a very well “behaved” and organisationally quite mature open source steward that can (proof how they) provide sustained, systematic support for the development of open source that is intended for commercial activities*. And have the organisational maturity to govern this capability well. I.e. it does not rely on happenstance or good intentions.

But that is a fairly tall order - and quite narrow compared to the default.  Most entities will be the default - and not classified as open source stewards. 

Dw.

*) “open-source software steward means a legal person, other than a manufacturer, that has the purpose or objective of systematically providing support on a sustained basis for the development of specific products with digital elements, qualifying as free and open-source software and intended for commercial activities, and that ensures the viability of those products;

Art 3, paragraph 18a