Python Foundation Raises Concerns Over EU's Proposed Cybersecurity Rules

The Python Software Foundation is "concerned that proposed EU cybersecurity laws will leave open source organizations and individuals unfairly liable for distributing incorrect code," according to the Register. The PSF reviewed the EU's proposed "Cyber Resilience Act" and "Product Liability Act" and reports "issues that put the mission of our organization and the health of the open-source software community at risk." From the Register's report:"If the proposed law is enforced as currently written, the authors of open-source components might bear legal and financial responsibility for the way their components are applied in someone else's commercial product," the PSF said in a statement shared on Tuesday by executive director Deb Nicholson. "The existing language makes no differentiation between independent authors who have never been paid for the supply of software and corporate tech behemoths selling products in exchange for payments from end-users...." The PSF argues the EU lawmakers should provide clear exemptions for public software repositories that serve the public good and for organizations and developers hosting packages on public repositories. "We need it to be crystal clear who is on the hook for both the assurances and the accountability that software consumers deserve," the PSF concludes. The PSF is asking anyone who shares its concerns to convey that sentiment to an appropriate EU Member of Parliament by April 26, while amendments focused on protecting open source software are being considered. Bradley Kuhn, policy fellow at the Software Freedom Conservancy, told The Register that the free and open source (FOSS) community should think carefully about the scope of the exemptions being sought. "I'm worried that many in FOSS are falling into a trap that for-profit companies have been trying to lay for us on this issue," he said. "While it seems on the surface that a blanket exception for FOSS would be a good thing for FOSS, in fact, this an attempt for companies to get the FOSS community to help them skirt their ordinary product liability. For profit companies that deploy FOSS should have the same obligations for security and certainty for their users as proprietary software companies do." The article points out that numerous tech organizations are urging clarifications in the proposed regulations, including NLnet Labs and the Eclipse Foundation.

Read more of this story at Slashdot.