zlacker

>>ahuber+(OP)
This regulation is so shitty. I'm quite sure that it is supported by big actors in the end, because the end goal is to ensure to have a regulatory barrier that will avoid small actors to be able to strive in the software field.

Also, to avoid "dangerous" not yet professional amateurs having a chance against big editors.

>>greatg+2b
Unless you sell critical products as described in Annex III[1] the requirements to fulfill CRA are quite harmless. It's mostly stuff you should be doing anyway like a risk assessment and documentation. An additionally requirement is to provide a conformity assessment, which you can do yourself for non critical software, and you must report vulnerabilities within 24 hours.

Not too bad really.

[1] https://eur-lex.europa.eu/resource.html?uri=cellar:864f472b-...

>>Larisc+4j
> critical products

IANAL but Annex III Class 1.2 states: "Standalone and embedded browsers" which would implicate every electron app. Class 1.5 states: "Products with digital elements with the function of virtual private network (VPN)" is so vague it could apply to video game chat messages.

The problem with regulations like this is they're so vague and will be selectively enforced. They won't affect Big Corp but will affect small business and solo developers.

>>hgs3+Xr
With Electron you are not developing an embedded browser, it is a dependency of your product which means you are responsible to keep this dependency secure and up-to-date.

I don't follow how rules for software with VPN functions could apply to a video game chat, but as with all laws intend and interpretation matters. Successfully convincing a judge that your game chat is a Class I critical product is unlikely.

I also don't think that the CRA is too vague. Rules that are too specific will just be circumvented. Enforcement works like any other market rule. You can sell all sorts of non-compliant products in the EU but if you are found out you pay a fine. It won't be any different with the CRA.