 Okay, so do you remember, and you do, the talk we had about the Cyber Resilience Act, the AU regulation that threatens the whole open source world and free software foundation itself? Well, I have big news for you. So recently I attended the Next Cloud conference in Berlin and I am so enthusiastic to share with you Simon Phipps, that's not how you pronounce it is it, talks about the European Union Regulations and open source movement, as well as his efforts in helping out the parliament, figuring out a better way to approach the solution. For those of you who don't know, Phipps is a computer scientist and most importantly an open source advocate. Phipps is how I chose to pronounce it. In fact, he has been, amongst other things, president of the open source initiative and has served on the advisory boards for projects like GNOME, Open Solaris and Alma Linux. As we saw in the last video, the AU is trying really hard to regulate software products by putting a CE mark on them. However, in doing so, even if they didn't mean it, in the first place, they are hitting the open source community in a collateral way. Since it's important to keep this legislation in mind for a better understanding of this video, I am going to quickly summarize its concept. The Cyber Resilience Act aims to regulate the development of and I quote, secure products with digital elements, which means that every piece of software that is potentially dangerous from the user's security has to follow some strict rules. This is great and all, but since following these directives is going to cost a lot in terms of money, to actually, you know, implement them, some open source communities, not all of them, it doesn't hit everybody, but some open source communities are going to struggle to actually do that. But I said that I had some news, right? And Phipps had an interesting take on that. So firstly, he stated a list of the most important regulations that somehow concern open source organizations and are currently active or being discussed in Europe. There is an European digital agenda establishing what are the next objectives about digital digital regulations. Phipps points out that about 80% of all software and drivers used across Europe is actually open source. So it's only natural that it's getting regulated. I've seen people saying as soon as open source gets regulated, I'll change country, shut up. Of course, software is regulated. All of it already. So not so surprisingly, there are quite a lot of acts and some of them are actually quite interesting. Take, for instance, the Digital Markets Act or DMA. This act introduced a series of obligations to which the so-called gatekeeper companies, so major companies such as Apple, Meta and Microsoft must submit in order to prevent them from abusing their market. However, as we all know, some other regulations are questionable to the open source world. From the writing of these regulations, it feels like nobody from the open source community is actually being consulted. Europe's lawmakers are only listening to what corporations or small-medium businesses have to say, which is a completely different world. And I know what you may be thinking, like, well, since that is the problem, wouldn't it be just enough to have some big company within Europe high-hubs that is actually part of the open source community? And I'm afraid to say this isn't really the solution. Pipps takes as an example Ericsson, which is a Swedish multinational working and networking and telecom, that sort of, you know them, come on. You might be surprised though to learn that they're also a board member of the Linux Foundation, as well as the Eclipse Foundation. They should be a great ally then, right? Well, in 2019, the European Commission was asking for public information on a new legislation on collaborating between competitors. This is called horizontal relationships. These relationships can rise to the level of being anti-competitive. This is what is called antitrust. About this topic, Ericsson asked the commission to check open source software for antitrust regulation as well. To quote directly from their letter to the commission, Ericsson wishes to direct the commission's attention to what it perceives as a significant gap in the horizontal guidelines. In that, they do not cover the development of open source software. That kind of sucks, right? They're trying to put open source in a tough spot. But that's not all. An even more interesting take in Philip Fipp's talk is about what he calls the fourth sector. So you might ask, didn't we only have three sectors? And let's frame it this way. In the normal processing of these legislations, the European Commission searches for counterpoints. These various nuclei with users around them were the monetization of a product or course. And thus is the site of all the consultation and regulation. You can see how this definition isn't really relevant to a lot of circumstances, like open source software. Free and open source projects tend to avoid the concept of counterpoints because of decentralized work. They are made by people who actually enjoy the piece of software and at the same time, they are contributors to the software itself. And on top of that, the vast majority of these realities are non-profit. So the monetization is not happening at all, besides donations like Kickstarter, Patreons and so on. Like, Kerry isn't any different. There's plenty of us people enjoying and using the software every single day and a big community behind it helping with the development. And since we are a non-profit project, no one is funding us besides, as I was saying earlier, donors and sponsors. So that fourth sector, which by the way, I don't really like calling it like that, but are basically the people that are not only some product's customer, but are also actively contributing in the development of it. A distributed network of people who still have a tremendously big impact on society. That can seem something very far from us. But if you think about it, if you ever happen to contribute to some project in the slightest way, you've been part of the fourth sector, even legally, because now there's your contribution and that has legal implication. Or should I say, you are part of the world of open source, which is literally us. That being said, the European Union isn't really considering this mechanism in the making of new legislations, which leads to the reason why the whole CRA or other regulations regarding digital products are completely missing the point of open source communities. Their opinion simply was taken out and we have to take into account another major problem. Besides not being represented properly, free and open open source software is made of a wide range of communities and motivations and different aims. Going towards every one of them is not going to be an easy task. Then we should just accept it and follow the route. Of course, the answer is no and this isn't either the first time that we're faced with something like this. So let's see actually what we can do. But actually, before I do that, this video is not sponsored, no. And yet it took some good hours to write it. Three different people worked on this script and now I'm recording this and then all of this will be sent to the editor which will complain that I'm out of focus and that's going to take hours as well and all of this only works if I'm able to pay all of these people who are most often students without other side jobs to sustain us. So above my head, you should see a progress bar with the money we've received so far this month and how much I actually need to, you know, run the whole channel. And here, I don't know where, you have the team of people that are actually working on these videos. I'm extremely thankful to all of those people who are contributing. You are the reason I'm doing all of this and I would be super grateful if you could just donate if you haven't already even just, you know, a few bucks every month. It goes a long way and you do get some extra content as well just for partions or co-fires or, you know, just like this video, subscribe. You know what helps the algorithm, don't you? So I don't have to spoil it to you. So let's get back to the video. So fighting against bad legislation. We once did it in 2005 to defeat the software patent directive. A directive to harmonize, I'm quoting, national laws on patents for computer-implemented inventions, which gained a lot of opposition from different communities such as the Free Software Foundation or the FSFES, Free Software Foundation Europe, which ultimately led to abandoning Git much to everybody's surprise actually on the day of the vote. And that is what encourages us to keep on working right up until the last minute because if we did it once, then we can achieve the same result again and I'm really faithful in that. So this whole talk comes to our simple question. So can it be done? So can we have the EU understand open source world? And I'm really glad to tell you that I have good news for you or should I say, Fips says because he is part of something magnificent. So he is, in fact, a consultant of the EU for open source topics. And most importantly, he managed to implement an open source-like approach to the system I was criticizing earlier by creating different bodies to ensure an open and transparent work. And what about other realities, I think? So on his blog, Fips gathered all the responses into the CRA from major communities and the software industry representatives, all sharing the same concerns to some degree. Of course, there are the opinions of the most important open source projects including as an example, the document foundation, the gas behind, you know, Libraphis. Quote, for the purposes of the Cyber Resilience Act, there is a real risk that software based on Libraphis technology will be considered to be made in the course of an commercial activity. And thus subject to the legislation. However, you might be surprised to hear that even other software main characters jumped into the game. None other than Microsoft itself stated there is ambiguity resulting from the intersection of open source software with commercial activity, both in the context of infrastructure and the services provided to open source projects. And with regard to activities that open source projects may pursue while building open source software. Commercial services enabling the effective use of open source software, such as technical support and consulting services should also be out of scope and not bring open source software offerings into scope. Sorry for repeating OSS every time, but it's a quote. Even programming languages can't help but being worried about the situation. The Python Software Foundation posted on their blog on April 11th, 2023, their thoughts about the CRE. Could if the proposed law is enforced as currently written, the authors of open source components might be illegal and financial responsibility for the way their components are applied in someone else's commercial product. The existing language makes no differentiation. I don't know. Between independent or the existing language makes no differentiation between independent authors who have never been paid for the supply of software and the corporate tech behemoths. How do you pronounce that? What does it mean? What do you mean by that? Behemoths, selling products in exchange for payment from the end user. So we've seen how the big communities and corporations are facing Europe's decisions. However, I would very much prefer talking about something that you can actually do to contribute in this war and create a better regulation. Firstly, you could check if your community is affiliated with the OSI, Open Source Initiative, or FSFE. And if the answer is yes and hear me out, that's already fantastic, you can join a monthly call to hear and discuss the current findings on the legislations. Or you can be a contact point for your community for an open letter to sign on. There was one just recently. So when a letter is written to the commission, you'll receive an email saying, hey, could you check this out so that if it is okay with your organization, you can sign it? If you want to get real about this cause, FIPS even encourages you to contact him directly to be led to a place where you can actually contribute. By the way, did I mention Caddy? I did, did I? Like at least 10 times. Well, I am a Caddy developer, so sorry about that. So the big question I have right now is, is there any particular bug or little missing feature that annoys you in Caddy? So I created a small commission page on this link and you can actually book some Caddy developer hours to fix it. Of course, we discussed the whole thing beforehand. We see if it's actually fixable, anything that does not get fixed is fully refunded, blah, blah, blah. But yeah, just I thought you should know about that. Sorry about that. So that said, the European Union is surprisingly very, very conscious and open to discussion which isn't pretty obvious. And I am so happy that so many people are doing their part. But as FIPS said, it isn't a closed deal because this kind of sector is an unending evolution and it needs constant regulation. So again, it would be so appreciated if you could help in any possible way and make sure to contact your preferred community to get involved. I think that was everything I had to say.