Python software foundation raises concerns over EU cybersecurity laws

Share post:

The Python Software Foundation (PSF) has expressed concern over the potential impact of proposed cybersecurity laws in the European Union (EU) on open-source developers and organizations.

The PSF argues that the current wording of the proposed law would result in open-source developers and organizations being unfairly held liable for distributing incorrect code.

The PSF, along with several other organizations such as the Eclipse Foundation and NLnet Labs, has called for EU lawmakers to clarify the vague language of the legislation, to ensure that open-source developers and organizations are not held accountable for flaws in commercial products that incorporate their code. They warn that such a move would discourage contributors to open-source projects.

Last year, European lawmakers introduced two pieces of legislation aimed at improving software security and liability. The Cyber Resilience Act (CRA) requires product makers to review product security, implement vulnerability mitigation procedures, and disclose security information to customers to promote digital product security. Meanwhile, the Product Liability Act updates product liability rules in Europe to include digital product changes arising from software updates.

The CRA’s public comment period closed in November, and the public consultation period for the law concludes on May 25. If adopted, the maximum fines under the law could reach €15 million or up to 2.5 percent of annual turnover, whichever is greater. However, the CRA has yet to be adopted by the European Parliament and Council.

The PSF has urged EU lawmakers to provide clear exemptions for public software repositories serving the public good and for organizations and developers hosting packages on public repositories. The PSF has also requested lawmakers to clarify the vague language in the proposed legislation to prevent open-source developers and organizations from being unfairly held liable for distributing incorrect code.

The sources for this piece include an article in TheRegister.

SUBSCRIBE NOW

Related articles

TikTok Plans Immediate Shutdown for U.S. Users on Sunday

TikTok is set to shut down its app for American users on Sunday, January 19, coinciding with the...

YouTubers Targeted As Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results

Attackers have found a new way to infect people seeking pirated or cracked software: planting malicious download links...

Researcher Finds Critical Facebook Server Flaw, Warns Other Platforms May Be at Risk

Security researcher Ben Sadeghipour recently discovered a critical vulnerability in Meta’s Facebook ad platform that allowed him to...

TELUS Executive Criticizes Canadian Government’s Reversal of CRTC Ruling

Consumers urged to demand more choice as regulatory decision sparks industry outcry. TELUS Consumer Solutions President Zainul Mawji has...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways