The European Cyber Resilience Act

Posted Sep 20, 2023 14:23 UTC (Wed) by pizza (subscriber, #46)
In reply to: The European Cyber Resilience Act by Wol
Parent article: The European Cyber Resilience Act

> Americans are free to distribute GPL software into Europe, CRA or no CRA. If it's not been advertised in Europe then there is no "placed on the market", and it's a grey import.

As currently drafted, simply being *made available* (even for zero cost) to an EU citizen is sufficient to be considered "placed on the market" for purposes of the CRA.

When the various proposed changes are reconciled together, we shall see what the new text says... But until then...

to post comments

The European Cyber Resilience Act

Posted Sep 20, 2023 15:26 UTC (Wed) by Wol (subscriber, #4433) [Link]

> As currently drafted, simply being *made available* (even for zero cost) to an EU citizen is sufficient to be considered "placed on the market" for purposes of the CRA.

Hmmm ... that's scary.

Because as I understand it, "placed on the market" is a term of art defined elsewhere in other (consumer protection?) legislation, and if the CRA is re-defining it, then that is a massive change - far bigger than just cyber-security and what-not.

Cheers,
Wol