Blog

LPI’s CRA Webinar #11: How It Went

2024 February 06 - By Max Roveri
LPI’s CRA Webinar #11: How It Went

In the dynamic sphere of open-source software and its community, the proposed Cyber Resilience Act (CRA) by the European Commission stands as a pivotal piece of legislation that could significantly influence the European digital market. To dissect the implications and shed light on this legislation, the Linux Professional Institute (LPI) recently convened a panel of experts for an online roundtable discussion.

Max Roveri, the Community Manager at LPI, alongside Elzbieta Godlewska, LPI’s Business Development Specialist, and Alex Lamberton, the Communications and PR Executive, orchestrated the discourse.

The panel featured a diverse lineup:

Iván started the conversation by voicing his concerns about the CRA’s potential impact on developers like him, especially those involved in projects that may inadvertently find their work used in critical applications, such as border monitoring by Frontex. He humorously yet pointedly shared his “nightmare” scenario of being held liable for unforeseen uses of his software, encapsulating the apprehensions of many developers regarding the proposed act.

Moreno shared his trepidation about the liability that could fall on developers for code shared in good will, emphasizing the need for a balanced and fair approach in the CRA that would not stifle the open-source spirit.

Ingo, bringing his perspective as an organizer of large Linux events and a lobbyist for open-source software, shared his involvement with the Open Source Business Alliance. He made a distinction between open software development and offering a product: Software development in the open should be completely excluded from the CRA. The person who puts the software on the market as a product should be the one who is liable.

Andrea approached the discussion with a legal lens, explaining the European Union’s trajectory toward enhancing digital product security through the CRA. He acknowledged the open-source community’s concerns and the recent amendments that sought to address them, signaling a shift toward a more inclusive approach to the legislation.

The conversation delved into the nitty-gritty of what defines a manufacturer and the scope of responsibility, a discussion that Andrea highlighted as crucial under the CRA. He suggested that future dialogues could further unpack the complex definition of the term “manufacturer” and its implications for developers.

Iván pointed out the philosophical dichotomy of software as intellectual versus physical property, challenging the panel and policymakers to consider the unique nature of software in the context of the CRA.

Elzbieta underscored the importance of community activism and the influence it can wield on legislative processes, as seen in past movements within the open-source realm.

Moreno reinforced the sentiment that developers should not bear undue liability for unforeseen uses of their open-source contributions, a stance that resonates with the wider community’s plea for fair and equitable treatment under the law.

Ingo, reflecting on the evolution of open-source development, argued for clear exemptions in the CRA for education and research, highlighting the need for legislation that understands and adapts to the multifaceted nature of open-source software.

The roundtable ended on a note of cautious optimism, with participants agreeing on the need for further discussions to ensure that the CRA aligns with the principles and practices of the open-source community. Andrea, with his legal expertise, and Iván, with his developer’s perspective, both agreed to rejoin the conversation in the future, demonstrating a collective commitment to shaping a law that fosters innovation while safeguarding the community’s ethos.

As we launched the video recording, this blog post is a testament to the engaging and multifaceted dialogue that took place. The Cyber Resilience Act history is far from over: stay tuned on this page for information about the next episode of LPI’s CRA webinars.

About Max Roveri:

Massimiliano "Max" Roveri is a writer, blogger, editor and social media manager. He started writing on the internet in the late '90s and he went back to the digital media in 2009. Since 2014 he lives in Ireland and, since 2015, he has been part of the LPI Italy team. He is professionally involved in cultural mediation projects, with an event management side, and in education projects as a professional and as a volunteer as well.  With a background in humanities and philosophy, he loves to address the ethical and social aspects of Open Source, with an approach that nods to Gregory Bateson and Robert M. Pirsig. Photo: uphostudio

Leave a Reply

Your email address will not be published. Required fields are marked *

Linux Professional Institute is a non profit organization.

Linux Professional Institute (LPI) is the global certification standard and career support organization for open source professionals. With more than 200,000 certification holders, it’s the world’s first and largest vendor-neutral Linux and open source certification body. LPI has certified professionals in over 180 countries, delivers exams in multiple languages, and has hundreds of training partners.

Our mission is to promote the use of open source by supporting the people who work with it.

In case of a content discrepancy between English and the translation, the English version is canonical.
Spot a mistake or want to help improve this translation? Please let us know.

© Copyright 1999-2024 Linux Professional Institute Inc. All rights reserved.
Linux is a registered trademark of Linus Torvalds. Linux Professional Institute and corresponding “L” logo are registered trademarks.