[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [open-regulatory-compliance] A more positive take on CRA FAQs and flowcharts
|
Both CRA and PLD have "commercial activity" as main criterium. I did not
write them. Ranting about their terminology does not help anybody. It is
what it is.
Am 03.01.25 um 09:57 schrieb Federico Leva via open-regulatory-compliance:
You suggested that individuals should decide whether to worry or not
based on whether their activities are commercial
No. I said that CLEAR hobbyists do not need to worry. People that have
absolutely NOTHING to do with any kind of software business - for
example schools, students and universities. This is an extremely small
group. If you have any connection to anything business-like - for
example if you are working as a dev or anywhere in the software business
- you are most probably not a hobbyist.
In that case you have 3 options:
1. Decide that you are not under CRA and hope you are right.
2. Get legal advice and pay for it.
3. Assume that you are under CRA and comply.
I'm arguing against checklists and flowcharts and FAQs that sell the
illusion that there is an easy, reliable and cheap way out of CRA.
Because, as you correctly observed, the text of the law and especially
the recitals is convoluted, barely understandable and the terminology is
tautological. Spending time on trying to make sense of it is futile.
I'm arguing for concentrating on point 3. We need to help projects that
are afraid of being in-scope to prepare. Telling them "you are not in
scope" will not stop any fears. They will think "that information might
be wrong - what then?" - "Better avoid the risk and archive my project
now." Like that python dev someone mentioned, they had exactly that
chain of thought.
If a project wants to play it safe, they should just assume to be in
scope of CRA. If it turns out later that they were actually out of
scope, they'd have "wasted" time on security, best practices and
documentation and I'd say that's bearable.
We need to asure projects that being in scope is not a disaster. That
they are not alone but part of a community. That the communities are
working on guidelines how to comply. That not everything needs to be
immediately perfect. That there is still enough time and that time will
bring clarity. That the EU authorities will not immediately crack down
on FOSS in 2027, especially not on smaller projects. That complying with
CRA is the best way to prepare for PLD.
We need to come up with these guidelines soon-ish. We need to get to
work. If we continue with the "in or out" discussions we will never get
anywhere.