The OSGeo community has been attentively following the development of the European Cyber Resilience Act. This regulation aimed at mitigating the impact of security vulnerabilities on society (including aspects of economy, digital sovereignty and national security.) In practical terms this act extends the “CE Mark” regulation from devices (such as your toaster or phone) to software products.
This legislation as proposed places onerous obligations onto free and open-source projects and communities with the risk of excluding european participants from open-source leadership. Maintaining access to free and open source technologies is of paramount importance for European digital sovereignty.
The resulting obligations and liabilities will hamper innovation on one side but will also damage an important source of revenue in the EU market.
Our community has been active during this process lending their voice to concern, feedback, and moral objection (not everything is a product) – but also support. Software security is a priority for everyone involved.
How to Help
At the time of writing, regulators have received widespread feedback from the free and open-source community. It is reported that changes on this topic are expected to be endorsed in the upcoming 8 November session.
We ask that our members seek information on these upcoming changes and be informed. Some references and responses are provided at the end of this news announcement. Since this is an active topic we encourage you to seek current information.
As a community member your opinion, viewpoint and experience are valuable. If you are comfortable please contact your Member of the European Parliament and make yourself available to answer questions and share your experience of how free and open-source software works.
The Cyber Resilience Act by design will place considerable strain on the Open Source Geospatial Foundation and the service providers who power so much of our ecosystem. OSGeo is committed to supporting the projects in our care and we look forward to working with our community to meet this challenge.
Our mandate to “Empower everyone with open source geospatial” applies everywhere – including Europe.
For more information
Proposed Regulation :
- Cyber Resilience Act (European Commission, September 2022)
Article 10 Discussion and feedback:
- Euractiv.com, October 2023
- Blog Van Vrijschrift, October 2023
- Iván Sánchez Ortega, October 2023
- GeoCat BV, October 2023
- Linux Foundation,September 2023
- Open Source Initiative, September 2023
- Eclipse Foundation, September 2023
- Even Rouault and others, August 2023 to Present
- Luis de Sousa, August 2023
- osgeo-discuss mailing list, July 2023
- GitHub Blog, July 2023
Article 11 Discussion and feedback:
- Joint Statement, June 2023