Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [open-regulatory-compliance] Is there anything outside the scope of CRA's connection requirement?


On 2 Jan 2025, at 12:05, Daniel Thompson-Yvetot via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:

The following has been on my mind the past few months, and I have been point-blank asked several times:
As have many others

Specifically, where do we draw the line in software distribution / usage method? I have "heard" conflicting perspectives. (i.e. SaaS is to be covered entirely by the DSA, etc.)
 
Here are a few examples (assuming all use network connections above and beyond an updating mechanism)

1. Downloaded DMG / EXE / DEB / AAB / APK / etc. installed on the user's device
2. Webapp loaded and run entirely through a browser
3. The Admin interface for an e.g. wordpress website (is the website itself an app, or just the administrator UI, or neither?)
4. PWA downloaded and run "standalone" as an app with a desktop icon and no "browser-chrome"
5. A REPL in a browser tab
6. SaaS product of any type
7. Discrete tooling to make software, such as a workflow or action in CI/CD
8. A CLI tool like iftop / curl
9. A docker container
n. Others I am probably forgetting.

10. Source-code only distribution (no compiled executables) - like clone from github or download tarball

We also need to clarify “remote data processing”. 

/O
This is likely to keep coming up, so maybe worthwhile workshopping at FOSDEM.

--
Denjell

On Thu, Jan 2, 2025 at 11:06 AM Ilu via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:
Hi Florian,

I'm also interested in this question. A lot of software does not have a
network connection and if it has one, it could be removed.
The network connection is not mentioned in any way in the EC flowchart
from last FOSDEM. I'm almost convinced that it is a remnant from CRA
history.
How do we treat it legally? PLD, which does not have the network clause,
will indirectly enforce CRA for all software so I don't think it matters
much in practice but it's still weird.
If nobody has any insights we should put this question on the FOSDEM agenda.

Am 28.12.24 um 19:58 schrieb Idelberger, Florian (IIWR) via
open-regulatory-compliance:
> Hey All,
>
> One question I have asked myself but haven’t found a satisfactory answer to yet - are there any products that are exempt by not (directly or indirectly) being used with a network connection? Arguably, the product categories are quite broad, so it seems almost this requirement does not really matter. But then why not extend it to all products, independent if they have a network connection or not? Is this just a product of the CRAs legislative history?
>
_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org
_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org

Back to the top