3) large rich American closed source companies will very happy to comply
4) where will they find all the auditors to check the zillion of small open source projects inside node_modules for a commercial project? And who's going to pay them? Again, closed source companies are very happy.
HN crowd is completely missing the intent. Nobody wants to chase open source developers. The problem is that right now a person can go buy a smartphone or WiFi router which uses obsolete software components already and will never receive any updates. Hopefully it gets fixed through this legislation.
The "fix" will be that Europeans will only be able to buy from a handful of the largest smartphone manufacturers, and there will never be another European company selling smartphones.
That might be true for the lawmakers. But as it is, there will be unintended consequences:
First, what the article criticizes: Open-Source development might be discouraged because the exemption isn't clear and encompassing enough. Compliance is enough of a burden to stop any "halfway commercial" OSS developments in the EU, with a very wide interpretation of "halfway commercial".
Second, there will be the ambulance chasing kind of lawyers profiting from any kind of ambiguity by sending expensive warning letters ("Abmahnungen"). Those scumbag lawyers definitely want to chase open source developers and everybody else without a big legal team who provides them with an opportunity...
And experience shows that lawmakers have always been unable or unwilling to write laws with the necessary clarity and non-ambiguity.
OSS developers could simply include a disclaimer along with their chosen license:
"The developer of this software attests that it does not and will not comply with the EU CRA, and may not be used as critical infrastructure within the European Union. Any entity incorporating this software in products sold in the European Union agrees to perform all required compliance, and hold the developer harmless. Any compliance failure shall terminate all licensing of this software to all involved parties."
What that does to [vendors in] the EU would be interesting to see.
Not sure if it's literally regulatory capture, but it certainly has the same effects, as you've mentioned. Except I think it's actually the established, non-tech EU companies that benefit more than big US tech but I could see them benefiting too.
edit: apparently there is a similar bill in the US. So that does sound like regulatory capture.
1) commendable, but
2) the EU shooting in its foot, because
3) large rich American closed source companies will very happy to comply
4) where will they find all the auditors to check the zillion of small open source projects inside node_modules for a commercial project? And who's going to pay them? Again, closed source companies are very happy.