I'm amazed that there has been zero coverage of this:
EU's new Product Liability Directive got voted through last thursday.
No later than two years from now, software, stand-alone, cloud or embedded are subject to "no-fault liability" (ie: doesn't matter how or why, only that it is defective.)
Here's the directive:
https://data.consilium.europa.eu/doc/document/PE-7-2024-INIT/en/pdf
Gentlemen, start your panic…
PS: Yes, there is a FOSS exemption, but only "outside commercial activity". (Ie: The guy in Nebraska but not RedHat)
@bsdphk Do you know of an explanation for the phrase "liability without fault"? A quick search leads to claims that it's equivalent to strict liability, which seems like an exceptionally large shift.
Do you know whether the extent of liability is limited to the losses that the supplier could reasonably expect? (I don't remember the name for the concept; I mean the limit that causes the liability from e.g. delayed supply of some trivial item not to be arbitrarily high by virtue of the item being necessary to satisfy a buyer's obligation that is connected with absurdly high delay penalties.)
@robryk
That's indirect liability. I'd be slightly surprised to see that here, but I haven't read the text yet.
@bsdphk @adamshostack