This has been a long way coming and is, in my opinion, a important step in the professionalization of software development. This article seems to refer to the Cyber Resilience Act but doesn't really explain the problem many[1] open source communities seem to have with the current draft. The CRA actually attempts to exempt open-source software by exempting non-commercial software contributions from its rules. "Commercial Activity" however includes more activities than some open-source developers would like. Any kind of regular income related to the project might fulfill the requirements to count as commercial activity.
I recommend the linuxfoundations article[2] for a more comprehensive understanding of the proposed rules.
[1] https://blog.opensource.org/the-ultimate-list-of-reactions-t...
[2] https://www.linuxfoundation.org/blog/understanding-the-cyber...