The European Cyber Resilience Act

But just bags of money would be nice too.

Anyway, we're focusing on potentially damaging impact on FOSS, but let's not forget the flipside. For example, we don't want to water down the language so much that it's trivial for companies to avoid scrutiny by falsely claiming to be doing open source. Also, as someone already mentioned, we definitely do want to increase costs for those who don't care (in order to make them care). It's the old problem of externalities, which is as old as capitalism (and probably older). The equivalent from the "old" world is a polluter who dumps waste into a community's drinking water reservoirs. This will not get fixed by markets, it can only be fixed by regulation. Yes, it increases the cost of doing business. But the health of the community needs to be more important than your business model.