CRA and NIS2: Protecting Free Software ecosystem in implementation
Together with NLnet Labs and the Open Source Security Foundation,
the Free Software Foundation Europe (FSFE) submitted feedback on the
NIS2 implementation act, pointing to the need of protecting the
European Free Software ecosystem.
The NIS2 implementation act, with its cyber security regulations and
implementing decisions, is also addressing Free Software ecosystem in
Europe. It is therefore crucial that these measures, while contributing
to cyber security, do not hamper Free Software development, especially
as Free Software is a strong component in the cyber security area.
“It is important to recognise the special nature of
Free Software development and the Free Software ecosystem and its role
in the software supply chain. Implementation needs to be proportionate
and effective”, states Alexander Sander, FSFE.
In this sense, the FSFE, together with NLnet Labs and the Open
Source Security Foundation, jointly
provided feedback to the consultation on the European Commission’s
draft NIS2
Implementing Act concerning "Cybersecurity risk management & reporting
obligations for digital infrastructure, providers and ICT service
managers" (launched on 27 June).
We raised our concerns about the focus on business to business (B2B)
relationships. Complex software products, which are at the core of
services of the digital infrastructure sector of NIS2, are often
published by independent individuals, not-for-profit actors or academic
organisations. In this case, beyond the freedoms granted by Free
Software licences, no relationship exists between developer ('direct
supplier') and an entity in scope for NIS2.
The FSFE actively participates in regulation processes such as
consultations, attends hearings
and is in close dialogue with decision-makers in the EU to make sure cyber security
regulation does not hamper Free Software development. If you are
negatively affected by the implementation of CRA and NIS2, please
contact us.
Donate now
Support FSFE
Anmelden
