Recent searches
Search options
I'm amazed that there has been zero coverage of this:
EU's new Product Liability Directive got voted through last thursday.
No later than two years from now, software, stand-alone, cloud or embedded are subject to "no-fault liability" (ie: doesn't matter how or why, only that it is defective.)
Here's the directive:
https://data.consilium.europa.eu/doc/document/PE-7-2024-INIT/en/pdf
Gentlemen, start your panic…
PS: Yes, there is a FOSS exemption, but only "outside commercial activity". (Ie: The guy in Nebraska but not RedHat)
@bsdphk I found @bert_hubert 's summary showing it's all quite reasonable: https://berthub.eu/articles/posts/eu-cra-what-does-it-mean-for-open-source/
CRA is something entirely different (but also very relevant).
But I'd love to hear Bert's take on this one...
@bsdphk @bert_hubert Apologies. I conflated the two!
I'll wait for a summary somewhere, as 63 pages of legalese is too much 
It's not legalese, it's actually very clear and readable text.
I suggest you read pages 6, 7 and 51 - that's probably all you'll ever need to know about it.
@bsdphk @bert_hubert Oh right.
I think it boils down with what they mean with "commercial activity", which Bert Hubert's summary of the CRA goes into quite depth about.
Whether they are defined with the same meaning in both directives is unclear (to me).
Yes, and I guess that will depend on which EU country you are in, as this will have to be instantiated in each country's law.
@bsdphk @bert_hubert I'm in an ex-EU country (UK), but usually these directives spill over regardless? GDPR applies to EU citizens, and it doesn't matter where a company / organisation is based. Is this different?
It will spill over, and I would be very surprised if USA and UK will not do the same in the next year or two.
For EU what matters who "brought it into the EU market" and I'm sure legislators and lawyers will have a field day with that, but it seems to me that EU has done a great job of avoiding loop-holes.