Bottomley: Solving the Looming Developer Liability Problem
Bottomley: Solving the Looming Developer Liability Problem
Posted Dec 12, 2023 14:03 UTC (Tue) by Wol (subscriber, #4433)In reply to: Bottomley: Solving the Looming Developer Liability Problem by jejb
Parent article: Bottomley: Solving the Looming Developer Liability Problem
The crucial words here are "and markets them". If you look up the definition of marketing, it does not include "making available for J Random Passerby to help themself". In other words, uploading to a download site is definitely not included.
If you're not marketing, you're not liable. If you're sharing stuff with no commercial interest in it, that's not marketing.
Cheers,
Wol
Posted Dec 12, 2023 14:22 UTC (Tue)
by jejb (subscriber, #6654)
[Link] (14 responses)
Well this is what Article 1 section 23 actually says:
‘making available on the market’ means any supply of a product with digital elements for distribution or use on the Union market in the course of a commercial activity, whether in return for payment or free of charge;
So J Random Passerby helping themselves absolutely is included. The problems for us all come from the ambiguity in that phrase "course of a commercial activity", which isn't defined. Lawyers have opined that simply getting paid to work on an open source project could be deemed commercial activity. The open source carve out (Recital 10 in the preamble) is phrased similarly:
In order not to hamper innovation or research, free and open-source software developed or supplied outside the course of a commercial activity should not be covered by this Regulation.
And then goes on to muddy the whole thing by saying:
In the context of software, a commercial activity might be characterized not only by charging a price for a product, but also by charging a price for technical support services, by providing a software platform through which the manufacturer monetises other services, or by the use of personal data for reasons other than exclusively for improving the security, compatibility or interoperability of the software.
but that's not an exclusive definition, it's just a list of examples of what commercial activity might be.
Posted Dec 12, 2023 14:43 UTC (Tue)
by bluca (subscriber, #118303)
[Link] (13 responses)
No, it is most definitely not included, by any definition of the verb "market" as used by the EU.
There is a lot of FUD around this, mostly coming from anarcho-capitalist corners of society for which every regulation is bad and every bad business practice is sacred, but the intent and spirit of the law is extremely clear, as expressed by the legislators, for example:
"A number of stakeholders have submitted their views to the Commission, including arguments pointing to the necessity to correctly distinguish between commercial and non-commercial OSS, particularly in certain grey areas, where making such distinction would not be immediate.
The Commission is therefore fully aware of the characteristics and complexities of the OSS sector and attaches great importance to the issues brought to its attention in this regard."
https://www.europarl.europa.eu/doceo/document/E-9-2023-00...
Posted Dec 12, 2023 15:06 UTC (Tue)
by pizza (subscriber, #46)
[Link] (12 responses)
....Until those words are embodied in a new draft of the CRA, they're barely worth the pixels used to display them.
...We have to judge the CRA on what it actually says NOW, not what a future revision might hypothetically say.
Posted Dec 12, 2023 15:17 UTC (Tue)
by bluca (subscriber, #118303)
[Link] (11 responses)
Posted Dec 12, 2023 16:34 UTC (Tue)
by paulj (subscriber, #341)
[Link] (8 responses)
We will, for quite a while, have all kinds of differences between member states in precisely what "markets" means in different member states. Some may be very trivial differences, some may be more significant. There may be member states whose legislature and/or judiciary creates a law where "markets" has a meaning much wider than any of us here would like. Further, it may take a long time before a case ever gets to the European Court of Justice to decide whether or not that difference is worth addressing/fixing. Indeed, one member state's interpretation of the Directive, as expressed in its implementation may influence others and lead to there being no difference for the ECJ to have to rule on.
Posted Dec 12, 2023 17:27 UTC (Tue)
by pizza (subscriber, #46)
[Link] (3 responses)
That's a distinction without a meaningful difference. if every member state in the EU is required to effectively set fire to F/OSS activities, it doesn't make much of a difference how much (or what type) of accelerant each member state chooses to use.
> We will, for quite a while, have all kinds of differences between member states in precisely what "markets" means in different member states. Some may be very trivial differences, some may be more significant.
In other words, no matter what the CRA looks like when it finally passes, it's going to produce a massive mess that's going to take many, many years to coalesce into a meaningful set of rules that an individual [business] can use as a blueprint to stay out of trouble.
Posted Dec 12, 2023 17:44 UTC (Tue)
by paulj (subscriber, #341)
[Link] (1 responses)
It is not unusual to see a series of "first round" / "early adopter" implementations by a subset of member states, with differences, which then inform the interpretation, and lead to further implementations taking that into account (including some of the "early adopter" member states passing another law). I.e., there may be a legistlative convergence process that goes on, over 5+ years, across member states, where they all look at what each other are passing, with EU committees or industry bodies perhaps criticising some implementations for not meeting some intent.
Least, it is not unusual for the member state I live in to take a few goes at implementing a Directive. Also, it is not that unusual for there to be further Directives on the same matter, to deal with experience from implementations.
And even at the end of all that, there may still be differences, which may take another 5 to 10 years or more to sort out - e.g. cause a member state just disagrees, or didn't prioritise something, and it goes to the ECJ - and only then if there is enough of an issue for someone with standing (EU commission, a member state, or a member state's judicial system) to actually think it should sent to the ECJ.
So yes, it's going to take a good number of years for this to converge on settled and harmonised law across member states.
Posted Dec 21, 2023 16:55 UTC (Thu)
by jepsis (subscriber, #130218)
[Link]
Posted Dec 12, 2023 21:04 UTC (Tue)
by kleptog (subscriber, #1183)
[Link]
They wouldn't do it. No seriously. The EU Commission has no effective enforcement mechanism to ensure countries actually implement the directives faithfully. The whole point of the marathon trilogues and engagement of the Council and Parliament is to get a draft text the member states are actually willing to implement faithfully. If a member state at this point already feels that they'll get push back from their national parliament then they have to keep renegotiating until they get something that will work. (Note: it's up to the member state to organise this feedback loop properly.)
So every national parliament gets to give its own twist to this and no national government is going to "set fire to F/OSS activities" as you put it. This will lead to about a decade of discussion and negotiation while all the kinks get sorted out. The problem with this kind of pioneering legislation is that it's really hard to think of all the corner cases up front and you're better off just doing the best you can and keeping the enforcement light while all the kinks get worked out.
> In other words, no matter what the CRA looks like when it finally passes, it's going to produce a massive mess that's going to take many, many years to coalesce into a meaningful set of rules that an individual [business] can use as a blueprint to stay out of trouble.
Welcome to the EU. We don't want to be a federation, so we do everything the hard way. The alternative, where every state does their own thing without any coordination, would be much much worse.
Posted Dec 12, 2023 21:14 UTC (Tue)
by bluca (subscriber, #118303)
[Link] (3 responses)
Posted Dec 13, 2023 11:41 UTC (Wed)
by paulj (subscriber, #341)
[Link] (2 responses)
Reading the CRA, they appear to be exercising authority to regulate primarily based on Articles 173, and 322(2) (for budgetary things?) of the Treaty on the Functioning of the European Union:
https://www.legislation.gov.uk/eut/teec/article/173 (Industry Competitiveness)
Article 173 is worth reading carefully. Does the CRA follow the objectives of paragraph 1? Does it distort competition? Does it favour or disfavour small and medium-sized businesses?
Posted Dec 13, 2023 11:45 UTC (Wed)
by paulj (subscriber, #341)
[Link]
Posted Dec 13, 2023 16:26 UTC (Wed)
by kleptog (subscriber, #1183)
[Link]
The Act includes a section about why it is a regulation, every act has to specify why it is a directive or regulation and the legal basis for it. While in principle a regulation is effective everywhere at once, the actual enforcement is to be done by entities which don't exist yet and will need to be created by the member states. The entities will be underfunded (they always are) and will not have time to go after anything but the biggest companies.
Also note the fines are actually the sideshow. The primary goal is that the terms get included in B2B contracts and that businesses start holding each other to account. That's the only way to influence suppliers outside the EU.
Posted Dec 28, 2023 10:35 UTC (Thu)
by gfernandes (subscriber, #119910)
[Link] (1 responses)
Posted Dec 28, 2023 12:01 UTC (Thu)
by Wol (subscriber, #4433)
[Link]
Spot on. I like the use of the word *INDIRECTLY*. Which means the legislation does *not* apply to developers.
Sure they have to take it into account - inasmuch as they have a *contractual* relationship with the people to whom the regulation *does* apply.
NO CONTRACT? NO LIABILITY!
As the Europeans here keep saying !!!
I know in America anybody can sue anybody else for any thing. And in America, it can be a business tactic for bankrupting the competition.
But in the UK, the Court's very first question is going to be "Where is the agreement between you? I want to read it". And if that agreement says "here's a freebie, if it breaks you can keep both pieces", the Court is going to be EXTREMELY upset with the plaintiff.
Cheers,
Posted Dec 12, 2023 15:26 UTC (Tue)
by khim (subscriber, #9252)
[Link] (7 responses)
When one discusses bills (that are not yet turned into law) the best way to understand what said bill is supposed to achieve is to… gasp… talk to lawmakers. And Apache foundation did precisely that! They meet these guys and have tried to explain that what they propose would make entities like Apache Foundation or Rust Foundation liable for that they make. And the answer they got was, of course: indeed, that was our intent, why do you think we don't understand that?? I think if people would understand the logic behind that decision instead of trying to glean it from actual preliminary text everyone would be much happier: even if today the text that we have doesn't align with goals lawmaker have it doesn't mean we should go with text. Text may be fixed or altered, intent would remain.
Posted Dec 12, 2023 15:47 UTC (Tue)
by pizza (subscriber, #46)
[Link]
Good intentions do not automatically result in good outcomes.
Posted Dec 12, 2023 17:17 UTC (Tue)
by pizza (subscriber, #46)
[Link] (5 responses)
To be honest, I found that Apache blog post pretty frightening.
Because it appears to show that what most of the doomsayers are saying about the effects of CRA-as-drafted is the actually its legistlated _intent_ , and not collateral damage that could be "fixed" -- in other words, the opposite of what I and many others thought.
...Either you're all-in and treated the same as a multibillion-euro megacorp, or you have to divest yourself of _any_ activities that could be remotely construed as commercially-adjacent -- which is a threshold so low that it's trivial to accidentally cross it.
Posted Dec 12, 2023 23:36 UTC (Tue)
by bluca (subscriber, #118303)
[Link] (4 responses)
Corporations like Google are terrified of this regulations. The Android market, that forms the core of its profit-making, will be decimated once vendors are no longer allowed to throw devices over the wall and forget about them. Good!
Posted Dec 13, 2023 2:19 UTC (Wed)
by pizza (subscriber, #46)
[Link] (3 responses)
Do you have an actual refutation of Apache's citations, or are you just going to spew more unsupported nonsense?
(Seriously. Your consistent position here is "the EU's efforts are well intentioned so it will all work out fine eventually, and any concerns are complete BS and could only possibly benefit the Googles of the world)
Posted Dec 13, 2023 10:39 UTC (Wed)
by Wol (subscriber, #4433)
[Link] (2 responses)
Courts really do not like (thanks, PJ) legislation that completely redefines the legal landscape. That comes into a total vacuum. If things really are as bad as you say, European contract law will collapse, and the legislative panic will be the Eighth Wonder Of The World. If things really are as bad as you say, certainly in the UK the Judges will completely gut it, on the basis that it conflicts with other - long standing - legislation that it was never meant to overturn.
Cheers,
Posted Dec 13, 2023 13:06 UTC (Wed)
by bluca (subscriber, #118303)
[Link] (1 responses)
Posted Dec 18, 2023 16:46 UTC (Mon)
by nim-nim (subscriber, #34454)
[Link]
Someone corp just mistakenly awarded the FUD-ing contract to its Washington lobbying office, forgetting Europe in in another continent. Had it been awarded to its Brussels office, the drivel would be different and better camouflaged.
That or the whole lobbying effect is targeted Washington-side, see, sir, time for a new commercial war, because the Brussels office already lost the first round.
Or else the corp could not figure how to influence US relays from Brussels using people who understood EU law.
There are lots of interpretations. The only sure thing is that it’s a publish-this-thing-we’ve-written-for-you lobbying run that does now reflect well on the ASF.
Bottomley: Solving the Looming Developer Liability Problem
Bottomley: Solving the Looming Developer Liability Problem
Bottomley: Solving the Looming Developer Liability Problem
Bottomley: Solving the Looming Developer Liability Problem
Bottomley: Solving the Looming Developer Liability Problem
Bottomley: Solving the Looming Developer Liability Problem
Bottomley: Solving the Looming Developer Liability Problem
Bottomley: Solving the Looming Developer Liability Problem
Bottomley: Solving the Looming Developer Liability Problem
Bottomley: Solving the Looming Developer Liability Problem
It has immediate and direct effect.
Bottomley: Solving the Looming Developer Liability Problem
https://www.legislation.gov.uk/eut/teec/article/322 (Common Provisions)
Bottomley: Solving the Looming Developer Liability Problem
Just one last comment (just saw corbet's note).
Bottomley: Solving the Looming Developer Liability Problem
Bottomley: Solving the Looming Developer Liability Problem
Bottomley: Solving the Looming Developer Liability Problem
Wol
Bottomley: Solving the Looming Developer Liability Problem
Bottomley: Solving the Looming Developer Liability Problem
Bottomley: Solving the Looming Developer Liability Problem
Bottomley: Solving the Looming Developer Liability Problem
Bottomley: Solving the Looming Developer Liability Problem
Bottomley: Solving the Looming Developer Liability Problem
Wol
Bottomley: Solving the Looming Developer Liability Problem
Bottomley: Solving the Looming Developer Liability Problem