Good about the cyber-reslience act by nlnetlabs.

A lot of compliance work might be put on voluntary open-source developers which are often volunteers.

There is a real risk that some contributors will stop because they don't want to do compliance work or face any legal risk as a hobby.

This will not improve cyber resilience.

https://blog.nlnetlabs.nl/open-source-software-vs-the-cyber-resilience-act/