FOSS CMS Projects Issue an Open Letter to EU on Proposed Cyber Resilience Act
A proposed European Union legislation that affects the digital economy is attracting criticism from across the globe. Inter-CMS Working Group (ICWG), a consortium of four major FOSS content management systems, has issued an open letter on the significance of Free and Open Source Software in the EU’s proposed Cyber Resilience Act (CRA).
The letter addressed to EU legislators are signed by Crystal Dionysopoulos, President of Open Source Matters, Inc. (Joomla), Josepha Haden Chomphosy, Executive Director of WordPress Project, Olivier Dobberkau, President of TYPO3 Association and Tim Doyle, CEO of Drupal Association.
The letter opens with a claim that (together), the ICWG ‘represents the Free and Open Source Content Management Systems that power over half of all European websites and that ensure a competitive European Innovation Economy’.
The letter points out that, in its current form, the proposed regulations run the risk of reducing software security and undermining the EU’s core aims and values.
The open letter also endorses the feedback to the CRA submitted by other stakeholders such as eco-Verband der Internetwirtschaft e.V., NLnet Labs, DIGITAL EUROPE, GitHub, German Chamber of Commerce and Industry, Open Source Initiative, Open Forum Europe, The Open Source Security Foundation, The Document Foundation, Developers Alliance, Vrijschrift.org, and Open-Xchange AG.
The Inter-CMS WG points out multiple concerns in this letter.
The primary contention is that the proposed CRA’s “commercial activity” definitions are unclear and problematic. The current non-commercial exemption in the proposed regulations fails to consider the intricate network of relationships underpinning FOSS and its roles in the digital economy, including vendor-consumer, publisher-distributor, contributor-consumer, individual-company-institution, and more.
The ICWG has assessed the risks and adverse effects for the EU. Individuals, SMEs, and institutions will be hampered either by enormous administrative burdens or a chilling effect on their activities (and a potential rush towards the American Tech Giants) for fear of risking penalties under the CRA, warns the working group.
The second contention concerns the flaws in the notion of” unfinished software”. The proposed ban on releasing “unfinished software” contradicts the realities of modern software development, whether FOSS or otherwise. The letter points out that early versions, like alpha and beta releases, are essential for development, innovation, and security. Open Source CMSs generally have a better chance of being secure in their final release versions than software only tested by a limited number of developers inside a proprietary software company. But the proposal makes ‘pre-releases’ impossible as they are non-final. Such restrictions as those suggested in the CRA will potentially force the release of less-secure software, diminish the international competitiveness of EU businesses, and contradict the EU values of freedom, including freedom of expression, movement, and ideas.
Another central contention is that the CRA draft ignores the collaborative and modular nature of the global digital economy, the development of the software that powers it, and the EU’s inextricable ties to both. The Internet’s technical structure does not practically accommodate an EU/non-EU development and distribution model for FOSS software. Hampering international collaboration in favour of an EU-only software development model (even if possible) cuts off EU institutions, all levels of EU government, and every part of the economy connected to digital technologies today. The fear of unintentionally running afoul of complex rule sets that ignore or contradict the interconnected nature of modern digital reality in business and software development will have a chilling effect on European innovation and economic participation.
The letter points out that the proposed CRA is disadvantageous to EU SMEs. Large and enterprise-class businesses may be the only ones able to profitably sustain the administrative burden of CRA compliance, quelling EU innovation, entrepreneurship, and economic livelihoods.
The Working Group also notes that legal responsibility for FOSS products is not accounted for. FOSS code bases are vital to the EU economy, and banning their use would have severe economic and technical consequences.
The open letter has put forward a few recommendations on countering the ill effects of the proposed CRA. They have also invited the European Union Commission members and other interested parties to participate in a seminar in Brussels. The purpose of ‘FOSS CMSs in the EU Economy Seminar’ is to delve into the inner workings of FOSS, explore its alignment with EU aims and values, and discuss how FOSS and CMS web platforms can maintain their status as exemplars of European innovation and prosperity.
The letter can be accessed here.
Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please let us know in the comments below and we will try to address the issue as best we can.
Related People
Related Organizations
Comments
You may also like
