Re: [open-regulatory-compliance] Manufacturer's responsibility

[Tobie Langel <tobie@xxxxxxxxxxxxxx>]

On Mon, Aug 5, 2024 at 4:14 PM Olle E. Johansson <oej@xxxxxxxxxx> wrote:

Even if the manufacturer can point to an attestation by an open source steward - won’t the manufacturer be fully responsible for the product they are placing on the market. I don’t think

there’s any provision in the CRA to forward the blame upstream in the software supply chain,

regardless if it’s commercial or open source component used.

The idea here is for manufacturers to "exercise due diligence" (Art. 13(5)), which attestations "facilitate" (Art. 25). My hope is that the Commission will provide guidelines setting expectations to what "exercising due diligence" implies as it has done for other regulations (e.g. for the metals and minerals supply chains: https://single-market-economy.ec.europa.eu/sectors/raw-materials/due-diligence-ready_en).

--tobie