Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [open-regulatory-compliance] Flowchart from a natural person's perspective -- straw man

On 21 Dec 2024, at 14:19, Daniel Thompson-Yvetot via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:

What I meant is - who in the case of 40 has the requirement of placing the declaration of conformity upon the common open source component… I don’t mean their “final” product, that it needs full compliance is a given…

40:     Are you monetising the work you do on this open source ?

        For example you XXXX?

                        Yes:    Go read the CRA. This flow chart is not for you.

                                END

                        No:     goto 50

My take is that this one is easy -- If you are monetising it - then you are under the CRA -- so the party that is placing it on the EU market (probably you, or some-one down stream from you) is to ensure this.

And it can nicely ask up the chain for evidence until it hits a Steward (in which case it does get all the goodies like an SBOM and decent process/governance) -or- until it hits an except party - in which case the onus is entirely back with that commercial party.

Dw


Back to the top