Ask EP By / May 31, 2023

Cyber resilience act – answering citizens’ concerns

Citizens are calling on the President of the European Parliament to amend the legislative proposal for a cyber resilience act currently under discussion in the European Parliament.

© Adobe Stock

Citizens often send messages to the President of the European Parliament expressing their views and/or requesting action. The Citizens’ Enquiries Unit (AskEP) within the European Parliamentary Research Service (EPRS) replies to these messages, which may sometimes be identical as part of wider public campaigns.

Citizens are calling on the President of the European Parliament to amend the legislative proposal for a cyber resilience act currently under discussion in the European Parliament. Many citizens have written to the President on this subject since April 2023. They ask her to make sure that there is an exemption for free and open-source software that is not provided as part of a commercial activity.

We replied to citizens who took the time to write to the President (in French and English):


Open source software in the European Commission’s proposal

According to the Commission, the proposed law should not concern free and open-source software developed or supplied outside the course of a commercial activity (see recital 10 of the proposal). A summary of the proposal is available on our Legislative Observatory website.

Examination of the proposal in the European Parliament

In the European Parliament, the Committee on Industry, Research and Energy (ITRE) is discussing the proposal. On 31 March 2023, the Member in charge of the file published his draft report, which aims to modify the content of the proposal.

The Member is proposing an amendment to exempt developers from the rules if they do not earn money from the project. However, open-source software provided as part of a commercial activity should comply with the law, to ensure cybersecurity in the European Union.

He also proposed adding an article obliging the European Commission to publish guidelines in the form of a manual to assist economic operators. This manual should provide information to determine what constitutes a business activity for open-source software developers.

Stages in the European Parliament

On 25 April 2023, the ITRE Committee held an exchange of views on the legislative proposal on cyber resilience. You can watch the streaming video of the meeting on our website.

Members of the ITRE Committee had until 27 April 2023 to request changes to the draft report.

More information

You can find further information at the following links:


Les logiciels libres dans la proposition de la Commission européenne

Selon la Commission, la loi proposée ne devrait pas concerner les logiciels libres et ouverts développés ou fournis en dehors du cadre d’une activité commerciale (voir considérant 10 de la proposition). Un résumé de la proposition est disponible sur notre site internet Observatoire législatif.

Examen de la proposition au Parlement européen

Au Parlement européen, la proposition est examinée par la commission de l’industrie, de la recherche et de l’énergie (ITRE). Le 31 mars 2023, le député en charge du dossier a publié son projet de rapport qui vise à modifier le contenu de la proposition.

Le député propose un amendement afin que les développeurs soient exemptés du règlement si le projet ne leur rapporte pas d’argent. Néanmoins, les logiciels open source fournis dans le cadre d’une activité commerciale devraient se conformer au règlement, afin de garantir la cyber-sécurité de l’écosystème de l’Union.

Il propose également d’ajouter un article obligeant la Commission européenne à publier des lignes directrices sous la forme d’un manuel pour aider les opérateurs économiques. Ce manuel devrait notamment fournir des informations pour déterminer ce qui constitue une activité commerciale pour les développeurs de logiciels open source.

Étapes au Parlement européen

Le 25 avril dernier, la commission ITRE a organisé un échange de vues concernant la proposition législative sur la cyber-résilience. Sur notre site internet, vous pouvez visionner la réunion en streaming.

Les députés membres de la commission ITRE pouvaient déposer jusqu’au 27 avril des amendements au projet de rapport.

Plus d’informations

Vous pouvez consulter les liens suivants :

Related Articles
  • The Cyber Resilience Act serves as a timely response to address the growing concerns of citizens regarding cybersecurity. By prioritizing the resilience of our digital infrastructure, we can better safeguard our societies against evolving cyber threats. It is crucial to continuously adapt and strengthen our defense mechanisms to ensure the protection of personal data, privacy, and the overall well-being of individuals in the digital age. The Act signifies a step forward in fostering a safer and more resilient digital environment for all.

Leave a Reply

%d bloggers like this: