EU's product liability directive (Was: Re: The Case for Rust (in the base system))
- In reply to: fvalasiad : "Re: The Case for Rust (in the base system)"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 03 Sep 2024 07:07:45 UTC
fvalasiad writes: > If only people bothered using the mature ecosystem of tools around C. I know I have mentioned it before, but: Software quality will go through a paradigm shift when the new EU product liability directive lands: (6) In order to ensure that the Union’s product liability regime is comprehensive, no-fault liability for defective products should apply to all movables, including software, including when they are integrated into other movables or installed in immovables. ("no-fault liability" means that the consumer does not need to show that the manufacturer knew or should have known about the defect, showing it is defect is enough.) A lot of the force behind this new directive is Microsofts "Even if our software caused a genocide because of the way we designed it, and we did that on purpose, you can only recover $5.00" license terms. The EU council of ministers still need to vote on it, but that is expected to be a formality, and then the EU member countries have two short years to put it into effect in their own legislation. The current text as it applies to FOSS has: (13) Free and open-source software, where the source code is openly shared and users can freely access, use, modify and redistribute the software or modified versions thereof, can contribute to research and innovation on the market. Such software is subject to licences that allow anyone the freedom to run, copy, distribute, study, change and improve the software. In order not to hamper innovation or research, this Directive should not apply to free and open-source software developed or supplied outside the course of a commercial activity, since products so developed or supplied are by definition not placed on the market. Developing or contributing to such software should not be understood as making it available on the market. Providing such. This is in particular the case for software on open repositories should not be considered as making it available on the market, unless this occurs in the course of a commercial activity. In principle, the supply of free and open-source software by non-profit organisations should not be considered as taking place in a business-related context, unless the supply occurs in the course of a commercial activity, including its source code and modified versions, that is openly shared and freely accessible, usable, modifiable and redistributable. However, where software is supplied in exchange for a price or personal data is used other than exclusively for improving the security, compatibility or interoperability of the software, and is therefore supplied in the course of a commercial activity, the Directive should apply. (13a) If free and open-source software supplied outside the course of a commercial activity is subsequently integrated by a manufacturer as a component into a product in the course of a commercial activity and that is therefore placed on the market, it would be possible to hold that manufacturer liable for damage caused by the defectiveness of such software, while not the manufacturer of the software itself because they would have not fulfilled the conditions of placing a product or component on the market. Full text: https://data.consilium.europa.eu/doc/document/ST-5809-2024-INIT/en/pdf As far as anybody will tell me, we should all be in the clear under article 13, as far as our activities relate to freebsd.org But 13a, means that anybody who sells a product built around FOSS is on the hook for defects in that FOSS software. FOSS software quality will come under a lot more scrutiny going forward. Poul-Henning PS: Here is one insurance company who finally got the memo a week ago: https://www.zurich.com/commercial-insurance/sustainability-and-insights/commercial-insurance-risk-insights/risk-managers-must-prepare-now-for-eu-product-liability-shakeup -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.