Navigating the New EU Regulatory Landscape in Open Source
The European Union has been on a regulatory spree in the digital space, affecting a wide range of Information and Communication Technologies (ICTs), including the previously less regulated area of open source software. Key regulations such as the Cyber Resilience Act, the Artificial Intelligence Act and the Product Liability Directive have begun to reshape the framework within which open source software stakeholders operate. In addition, the General Data Protection Regulation (GDPR) and the Copyright in the Digital Single Market Directive continue to have a profound impact on the licensing, development and distribution of open source projects.
This year, EOLE organised its conference in Turin in November. We discussed and analysed the impact of these emerging regulations on open source projects, communities and software ecosystems. We invited thought leaders, legal experts, developers and policy makers to engage in a critical dialogue through presentations and workshops focusing on both the specific nuances of open source software regulation and the broader regulatory trends that could significantly influence open source dynamics.
Among other topics, we invited stakeholders to propose a talk or workshop on Open Source and:
- The AI Act: Explore how requirements for algorithmic transparency and accountability could impact Open Source software development in / through AI.
- The Cyber Resilience Act: Discuss the act’s requirements for security practices in software development and its implications for Open Source project security and SBPOM generation.
- The proposed Product Liability Directive: Analyse potential liabilities for Open Source developers and how this directive could change the landscape of Open Source software usage and development.
- Other impactful regulations: For instance, the effects of the Network and Information Security Directive (NIS) 1 and 2 on Open Source security practices.
- Regulatory risk and compliance: Best practices for Open Source projects, including how to navigate the complex regulatory environment.
- Regulatory standardisation and Open Source: The double-edged sword of standardisation in promoting innovation while potentially imposing restrictive standards.
- Community collaboration on regulation: Strategies for Open Source communities to collectively address regulatory challenges and advocate for favourable policies.
The objective of the event was to share ideas and practices related to these regulations. The outcomes of the EOLE 2024 event will include dissemination of knowledge and consensus building regarding these topics, and may include checklists for regulatory compliance, action items, suggested best practices.
If you want to keep up to date with all the news from the EOLE event, we invite you to subscribe to our newsletter.
Or, you can still take part in our forum by sharing your experiences or useful resources on this year’s theme!
9h30 – 10h00 – Welcome (coffee / tea)
10h00 – 12h00 – Cyber x Open Source
The aim of this workshop is to assess the impact of the latest cybersecurity regulations (notably NIS 2 and the more recent Cyber Resilience Act) on Open Source players (companies and communities) and practices.
The workshop will be introduced and chaired by Benjamin Jean, and moderated with Arthur Hamonic and Clémence Lascombes (inno³). It will begin by presenting the work carried out in France for Open Source economic players, and will then propose a series of specific points to be addressed by the participants.
Agenda :
- Presentation of the interest of the subject and the study carried out in France on behalf of the CNLL (30min),
- shared discussions with the workshop participants in order to identify and specify the areas of work to be carried out collectively (30min),
- design of sub-groups and work by sub-groups based on a shared analysis framework (30 min),
- summary of contributions and conclusion.
12h00 – 13h30 – Lunch
13h30 – 15h30 – The AI Act and Open Source
The AI Act provides for exceptions applicable to “free and open source”. Sounds like good news. But what does “free and open source” mean and what does the AI Act apply to? The news over the past weeks leaves a sense of uncertainty about the meaning of “free and open source AI system”. Will this debate interfere with the applicability of the “free and open source” exceptions provided by the AI Act? This session will deepen these and other questions while trying to shed light on the hottest topic of the moment within the free and open source communities.
Agenda:
- Speakers (1 hour and 30 min)
- Carlo Piana (OSI)– Open Source & IA
- Laura Garbati (CSI Piemonte)– AI and transparency in PA
- Marco Ciurcina (Studiolegale.it)– Free and open source exceptions in AI Act
- Round table (30min)
16h00 – 17h30 – Open Science & Open Source
The European Union and many research organisations are pushing more and more for Open Science in publicly funded projects, something which aligns closely with open source principles. Open science is a wider concept, including open data, content, source and open research collaboration mechanisms, and raises several challenges in tension between regulatory obligations, confidentiality, and open licenses.
Agenda:
- Malcolm Bain (Across Legal) : Open source licensing as a tool for open science
- Ludovica Paseri (University of Turin) : Data Regulations, open data and open science
- Aurelio Ruiz (Universitat Pompeu Fabra, Barcelona) : Issues of open science and licensing from a practical perspective in academic research
17h30 – 18h30 – Going on a broader level (competition law, market regulation, etc.)
How does Open Source fit in the more and more complex view of the “market” by EU ? We could even go further and discuss theorical and concrete debate as Open Source public policies and competition vs Open/Proprietary Model from private ?
Practical information
Date : 29 November 2024
Location : Corso Unione Sovietica, 216, 10134 Torino TO, Italy
Duration of the event : it begins at 9:30 and will finish around 18:30
Subscribe to EOLE newsletter : https://nouvelles.inno3.eu/subscription/YZevRqDU2