This regulation ensures that whoever sells the software to the consumer is responsible, and that's the way it should be. The creator of a library doesn't know how his library will be used in the wild, he can't anticipate all possible problems, the product maker can. It is the product maker's responsibility to integrate external components properly, having validated that they are up to standard.
If you're a manufacturer, you can't just pick components at random and then say it's not your fault if your product doesn't work. That's why manufacturers have whole teams of people working to ensure that what they receive from a supplier is up to spec.
1 - This regulation only concerns commercial activity. So you could only sue the company I work for, and only if you've bought their products. Also by definition that excludes my personal projects.
2 - You can only sue for defects (in this legal context it means unsafe to use) or damage (physical or material). You can't sue for simple bugs.
These kinds of liabilities already exist for all the objects in your life and yet you don't spend your time suing people every time something does not work as expected I imagine
Hypothetical:
I write a nifty alarm clock app. To cover some costs I charge a nominal fee. Some unknown condition occurs a user misses a flight and loses their job.
According to your position I should be sued.
Why should I be held liable?
Daniel Stenberg has a blog post somewhere about all the hate mail he gets over the fact that curl is bundled in some software. You don't think some litigious person won't attempt to go after him over it?
My family has personally impacted by a dumb lawyer trying to subpoena information incorrectly. Dealing with this was 7k in lawyer fees, covered by an insurance policy. Technically he could legally held for this terrible usage of the courts but it would have been an even bigger mess.
He's got many other examples of emails he gets from people. They find his name or whatever in some apps attribution.
It doesn't matter if there's legal grounds or not. Someone and some lawyer will make your life hell. They don't understand software nor do they care. It will be horrifically stressful and potentially very expensive for someone.
Maybe it's better in the EU but the second the lawyers or the insurance companies get involved it will make everything awful.
This is about the EU, not the US.
As someone who used to practice law in the EU before moving into software development, I can tell you that your hypothetical will never lead to a suit nor judgment in the EU, nor is your personal experience concerning a subpoena a thing that happens in the EU, if only because the concept of discovery doesn’t exist in civil law systems.
To put it differently and respectfully, you’re applying your knowledge of and experience with the US legal system to a completely different legal system that rarely produces outcomes similar to those in the US system.
Even the order of magnitude of judgments is leagues apart.
€1m judgments lead to coverage in legal outlets there if not regular mainstream media. In contrast, in the US, that money is thrown across the table to make an unviable but annoying class action disappear just because it’s cheaper than litigating it.
I’m bringing that up because, even in the unlikely instance of your hypothetical leading to a case that makes it to a hearing in the EU, the judgment against you will be close to, if not outright be, the nominal fee you charged the user (+ court fees) due to how the chain of causation works in the EU. The connection with losing your job is just too remote for any judge to consider liability.
Even if this would be about a car breaking down on the way to work, which already has strict liability under the current PLD, loss of job is just not going to be part of the equation, ever.
> whether “open source” is exempt from liability in a law designed to protect consumers. So far the answer is “probably not?” Exemption means consumers bear the cost – exactly what the law is trying to change. Perhaps if the open source in question remains an academic or research tool, versus reaching consumers, we’re okay? The proof may come when the first consumer demands compensation, and the courts step in.
> In the aim of not hampering innovation: (i) free and open-source software developed or supplied outside the course of commercial activity, as well as (ii) the source code of software, should be excluded from the definition of products covered under the proposal.
https://www.europarl.europa.eu/RegData/etudes/BRIE/2023/7393...
If that's true (I have no idea if it is or not) - I'd class it as a bug in the legalisation. Consider a router I've purchased. It has a bug that allows 1000's of them to be corralled into launching a DDOS against someone. The reality is I don't particular care that happened - it didn't effect me. But the person it did effect didn't buy it.
As you said reaction is based on my personal experience in the US. However at times the US does pickup ideas and concepts from the EU, specifically California.