Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [open-regulatory-compliance] Manufacturer's responsibility
On Mon, Aug 5, 2024 at 4:35 PM Joe Murray via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:
Olle wrote:
Even if the manufacturer can point to an attestation by an open source steward - won’t the manufacturer be fully responsible for the product they are placing on the market. I don’t think
there’s any provision in the CRA to forward the blame upstream in the software supply chain,
regardless if it’s commercial or open source component used.

In terms of liability for an incident, if the manufacturer can show they took reasonable steps to ensure the security of their product then they are not liable under a negligence standard of liability in common law jurisdictions, but they can still be liable under a strict liability standard. I am guessing that what the new European regime is creating is a way to allow manufacturers to show they took reasonable care in creating their digital product so that they are not liable for negligence, and that there is not a strict liability policy in place.

To clarify here, the CRA is focused on conformance requirements when placing products on the market. It says nothing about liability when there is a specific incident involving a defective product. That is the role of the Product Liability Directive, which is an entirely different piece of legislation with different requirements.

--tobie

Back to the top