Hi Tom, all
We need to talk about the almost complete EU Cyber Resilience Act (CRA)
as well. That statute is on its last loop through the legislative
process, now being translated into national languages before almost
certainly entering into law later this year.
The CRA divides the software production universe into manufacturers and
upstream software — with special considerations for open source
projects. Indeed, significant open source projects, who are not also
manufacturers, can — at their discretion — appoint software stewards to
assist with the required quality assurance processes when and where
their software contributes to manufactured products. These final
products will need to be carefully engineered and will duly receive a
European CE mark in recognition. Manufacturers are necessarily
for‑profit.
I've been trying to scope the various issues in relation to open source
energy systems frameworks and related activities. This is a space that
needs to be navigated with considerable care, particularly when
limited‑liability for‑profit companies are involved. For instance, Open
Energy Transition GmbH.
Even if not required by law to have suitable quality assurance systems
and processes in place, larger projects, such as the PyPSA codebase,
might like to formalize these processes in relation to the CRA, in order
to assist downstream manufacturers with their mandatory due diligence
activities.
It seems, based on early discussions, that providing a web‑interface to
your open source framework and model while remaining strictly non‑profit
should not trip the CRA. But if engaged in for‑profit consulting and
simultaneously supplying your client with a copy of your model will
likely trigger the CRA. Straight black‑box consulting, however, will
probably not — as no software‑related product is present.
I plan to blog about the intersection between the CRA and open modeling
on the openmod forum in the next month or so. So this is just a brief
heads‑up.
Also to note that the CRA is the first time open source software
development has been acknowledged in legislation anywhere in the world.
On the question of being easier to list intuitions not using open source
energy systems frameworks than otherwise, open source code makes up
about 80% of the software stack in most consumer products, including
vehicles. This is a revolution that has largely gone unnoticed and
unreported: the sharing of source code on an industrial scale.
Congratulations to the PyPSA crew and to other like‑minded projects for
their trailblazing in the context of transparent public policy support.
with best wishes, Robbie
---
Robbie Morrison
Schillerstraße 85, 10627 Berlin, Germany