It is completely open, and they produce an installer for people or you can build it yourself from Git.
Can you help me understand now, if there is a bug in NVDA (which is under the GPL) and it causes me trouble, say, it can't read a webpage that I need for some government thing, I could now sue my screen reader, which is actually just a bunch of dudes hacking something together? Is that the new behavior that is enabled by this upcoming law?
Next question, if this is the actual state of things, why would anyone ever make anything open source and allow it to be distributed in the EU now? It sounds like, and please please correct me if I am wrong, but it sounds like you could sue the makers of The Gimp, for instance, if a bug caused ... what, your pictures to come out looking wrong?
> Someone, or some entity, will need to accept financial and legal responsibility for what the project does in consumer hands.
Here's a crazy idea, maybe that person should be the consumer?
Product liability excludes non commercial open source software, see:
https://www.europarl.europa.eu/news/de/press-room/20231205IP...
OK, so let's say you bought a special computer monitor that had screen reading technology built in so it could read out or describe anything displayed on it regardless of operating system, even a raw video feed. And one day it catches fire and burns your house down.
Most people would think it was acceptable to sue the manufacturer of the hardware device. But if using NVDA somehow ended up making your laptop catch fire and your house burned down, in that case, oh well, it's just tough luck, caveat downloador etc?
What if it came out in discovery that the author was previously made aware via numerous emails that their application had a tendency to cause laptops to dangerously overheat, and they chose to disregard the problem? Is that still the consumer's financial and legal responsibility?
(Not saying there's any right answer, just wondering if I understand your position properly.)
EDIT: Just read other comments that clarified that OSS isn't subject to this new directive, so this a moot issue I suppose.
Are you from the US? In New Zealand sueuing is mostly a foreign idea and very rarely occurs.
Occasionally criminally negligent behaviour gets spanked - but even there it's often an idiotic scapegoating farce (local examples: CTV building, fund fraud, Royal Commission of Inquiry into the terrorist attack on Christchurch masjidain).
One alternative system is government insurance against harm e.g. New Zealand has a no-fault ACC system for helping victims of industrial accidents.
OSS is infrastructure and trying to scapegoat an individual developer or company for unforeseen harm is insanity. Finger pointing and a culture of blame seem to be unproductive.
A good place to start thinking about policy would be to look at log4j. What policy would prevent that? Would a culture of victimising creators have prevented that vulnerability?
> sue the manufacturer of the hardware device [that starts a fire].
There's the implicit philosophy that we can use reductionism to find a cause.
Finding cause is getting more difficult as we complexify the world. Read reports on disasters, and then try to imagine how to prevent them? There's an almost Christian religious belief that penalising the person who makes a mistake will fix the system.
Cue blaming the pilot. We still often blame the pilot even after decades of work in aviation management to try and produce safety systems that try to apply a fix in the correct place.
So yes if you sell software, whether it is open source or not, you better have the balls to be liable.
In 1350, people were dying of the plague, and doctors didn’t know how to treat them. That sucks, but medicine wouldn’t exist if they couldn’t have kept trying and failing. That’s where we are.
That was the time the fda got far more rights to sanction and sue medical manufactures and I think we are in a better world for that.
The new law explicitly says what liability it wants to add:
* death or personal injury, including medically recognised psychological harm;
Whether software (including apps) was covered under the existing PLD has always been controversial.i For instance, there is controversy as to whether software should qualify as a product in the sense of the directive, ii or whether it is part of either the services or of the intangible goods category, iii which falls outside the scope of the existing PLD. iv
i) D. Wuyts, The product liability directive – more than two decades of defective products in Europe, 2014, and BEUC position paper on the Review of Product Liability Rules, 2017.
ii) See Article 2 of the existing PLD. A product has to be distinguished from a service and must be understood as 'all movables even if incorporated into another movable or into an immovable'.
iii) See pages 53-54 of the Commission staff working document on the approximation of the laws, regulations and administrative provisions of the Member States concerning liability for defective products, 2018: 'The definition of "product" as per article 2 of the Directive is related to the concept of "movable". This has been interpreted as meaning that only tangible goods shall be considered products [...] the non-tangible nature of some new technological developments (software, applications, Internet of Things, Artificial Intelligence systems) makes it difficult to classify them as products rather than services'.
iv) K. Alheit, The applicability of the EU Product Liability Directive to software, 2001. EPRS | European Parliamentary Research Service 6
* property damage, while removing the threshold of €500 and the possibility for Member States to impose a financial ceiling of €70 million; and
* loss or corruption of data that is not used exclusively for professional purposes
You don't even have to do it flawless, you still have the same defences available as in other product liabilities:
* the defect did not exist when they placed the product on the market;
* or the state of technical knowledge at the time of placing the product on the market made it impossible to discover the defect (i.e., the 'development risk defence').
We all buy medical devices and the companies are fully liable for them and they contain software, so it is quite possible to build software without getting sued.
see:
https://www.europarl.europa.eu/RegData/etudes/BRIE/2023/7393...
edit: formatting
Because open source would then be used as a loop hole you can drive a A380 through. Say I say invent a "house hold chores" robot. The robot has a bug that kills you. But your family can't sue because they made the bulk of it's software open source, and say give it to you for free. You paid for the hardware.
As I understand, if you work making more than 90% of your income as gardener, but on free time develop OSS, you will guaranteed not liable.
But if you are professional software developer, and make for example 50% of your income from software, you will need some powerful proof, that OSS from case and made by you was not part of commercial activity.