Re: [open-regulatory-compliance] CRA discussion topics and activities

["Idelberger, Florian (IIWR)" <florian.idelberger@xxxxxxx>]

I cannot really say for sure, but I would assume that then at least for those parts that form a product on the market, you would have to adhere to those for that part.

It could also be that it’s not applicable because it’s covered by some other regulation that already regulates f.e. SaaS. (But no guarantee)

Am 17.06.2024 um 17:12 schrieb Joe Murray via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx>:



Is there explanatory material on the legal text, specifically what 'other than a manufacturer' means in the OSS Steward definition?

For example, does it means that the steward organization cannot have any revenue of a specific type, or maybe significant revenue of certain types? My main open source community has a central organization that ensures the software gets published every month including as necessary security releases and CVEs. The software is at the centre of an ecosystem of professional services providers. But the central organization cobbles together its $450k budget from many sources including a few that are more in the area of a manufacturer like hosting, fee for service to develop features, and fees to maintain integrations that are used across the ecosystem.

Joe Murray, PhD
President, JMA Consulting

On Mon, Jun 17, 2024 at 9:12 AM Dirk-Willem van Gulik via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:

On 17 Jun 2024, at 09:16, Olle E. Johansson via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:

I have been working with Open Source for many years, but not with any project that was hosted by a foundation. It is important to keep the scope wide to cover everything from one-person projects to large industry collaboration - without (as you point out) grading projects.

Agreed with the sentiment - but I think there is a fairly specific ‘line in the sand’ here — and that is if you go to Article 3 — that you basically are, by default, someone that places things on the market, a manufacturer — and you need to comply with the whole CRA. 

Regardless if you are a one-person project/company or a mega enterprise. 

If you place things on the market for others - you need to comply.

And then there is a very narrow area for a very well “behaved” and organisationally quite mature open source steward that can (proof how they) provide sustained, systematic support for the development of open source that is intended for commercial activities*. And have the organisational maturity to govern this capability well. I.e. it does not rely on happenstance or good intentions.

But that is a fairly tall order - and quite narrow compared to the default.  Most entities will be the default - and not classified as open source stewards. 

Dw.

*) “open-source software steward means a legal person, other than a manufacturer, that has the purpose or objective of systematically providing support on a sustained basis for the development of specific products with digital elements, qualifying as free and open-source software and intended for commercial activities, and that ensures the viability of those products;

Art 3, paragraph 18a

_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org

_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org