The article is attempting to create a scare about things that have always been true. If a telco's services crash the telco has to compensate customers even if it was a postgres failure that caused it by failing to authorise handsets for a connection in a cell. For example.
The telco has service agreement with customers and it's clear exactly what service it was supposed to do and failed. Where is such agreement for a random github repository? To put it a bit ad absurdum, say user supplies parameter to your math function so that it divides by zero and it results in some injury or loss. Who is liable for that? Shold judge try to parse some piece of code for whether it was reasonable for user to expect passing zero will work?
The article directly contradicts this:
> What if an open source project is used directly by consumers, and causes them harm? The public policy is clear: they must be compensated. Does it matter if they signed a license or didn’t pay someone? Their business is bankrupt, their files are in a hacker’s hands, or their own customers are suing them. Someone should be strictly liable.
If you sell a product e.g. a car and the brakes don't work you are liable
If you sell a product e.g. a medical software which calculates and runs your insulin pump and it responds to a division by zero error with injection 1000x the amount of insulin your are liable.
You don't have to focus on the how, only on if it was your product and was sold to a customer.
Who was at fault (product or customer) will be decided in a lawsuit.
If you don't sell anything then these laws don't apply to you, even if the article seems to be unclear about that.[1]
https://www.europarl.europa.eu/news/de/press-room/20231205IP...
Edit: Somebody linked the full EU briefing: https://www.europarl.europa.eu/RegData/etudes/BRIE/2023/7393...
On Page 5 there is a passage about how free-of-charge open source software is excluded and also who is liable in a commercial activity:
With the aim of not hampering innovation: (i) free and open-source software developed or supplied outside the course of commercial activity, as well as (ii) the source code of software, should be excluded from the definition of products covered under the proposal.
As far as the broader scope of the proposal compared to the existing PLD on liable parties is concerned, Article 7 of the revised PLD lists the types of 'economic operators' which can be held liable for defective products, by introducing a layered approach to liability depending on the different qualification of the economic operator.
Among the list of economic operators are:
(i) the manufacturer of a product or component,
(ii) the provider of a related service, (iii) the authorised representative, (iv) the importer, and (v) the fulfilment service provider or the distributor. The manufacturer should be liable for damage caused by a defect in their product or components. An innovation introduced in the revised PLD is considering any economic operator who has substantially modified the product outside the control of the manufacturer liable for any defect. Such a party is then considered as a manufacturer.
When a manufacturer is established outside the EU, the revised PLD would further attribute liability for a defective product to the importer and the authorised representative in the EU. As a last resort, the fulfilment service provider (offering at least two of: warehousing, packaging, addressing and dispatching of a product, without having ownership of the product), will be held liable when the importer and authorised representative in the EU are based outside the EU.
Distributors of a defective product (offline and online sellers) can also be held liable upon request by a claimant and when the distributor fails to identify any of the above operators.
Online platforms should be liable in respect of a defective product on the same terms as such economic operators when performing the role of manufacturer, importer or distributor.
There's a reference to "Decision No 768/2008/EC of the European Parliament and of the Council of 9 July 2008", which does not distinguish for-profit activity at all. Just "all poducts on market and all who manufacture and distribute shall conform".
(if you receive donations, it isn't commercial activity. If you display ads like Firefox or Brave, it is)
I don't understand why you want to know what the provider is?
For the purpose of liability and open source the definition is that any open source free of charge software is excluded from the proposed changes, so the provider doesn't matter.
This can be seen in the first link,on the third headline bullet point "Not applicable to free-of-charge open-source software" as well as the second paragraph.
The provisional agreement on the liability of economic operators for damage caused by defective products aims to respond to the increase in online shopping (including from outside the EU) and the emergence of new technologies (such as AI) as well as to ensure the transition to a circular economic model. In order not to stifle innovation, the rules will not apply to open-source software developed or supplied outside of a commercial activity.
I also added the the briefing of the proposed EU law with the details
Then somebody linked it in a comment below and then it was fairly easy as I knew what to search for from the short description in the first link.
It's not exactly such way.
This is only case, if you are 21 or 25 years old (depend on country/state) and if you have insurance which cover this case, or if you have some juridical document for exactly this case.
For example if you toddler/teenager, NOT accompanied by an adult, will be responsible people, who have responsibility to restrict your appearance (entrance) in this park.
So in EU, usage of OSS or products with OSS dependencies, will be effectively prohibited for teenagers. This is not very large share of customers, but approximately 7% of EU residents.