About the Cyber Resilience Act category

The aim of this discussion is to talk about some terms related to open source software brought up by the CRA and present in the proposed Product Liability Directive, as well as their possible impacts on the development of future projects

The CRA aims to establish cybersecurity requirements for device and software made available on the EU market. In its final version, the Act introduced the figure of the “open source steward”, which distinguishes between the development and supply phases of open source products and limits obligations and liability to the supply phase of software.

On the other hand, the proposal to reform the Product Liability Directive aims to extend the definition of product to include software. But the idea is that open source software is not covered by the directive, as long as its development and supply are not involved in commercial activities - which is also envisaged in the CRA, but now only in relation to supply.