European Union

While the very purpose of the DMA is to restructure the technology market in the EU to preference competitors, including open source competitors, the CRA could limit competition from open source companies. Analysts and stakeholders have warned that the cybersecurity requirements in the legislation could have a chilling effect on open-source software throughout Europe, which could be a source for competition.

As the leading governance institutions within the European and global open-source software community wrote last year in a joint letter: “If the CRA is, in fact, implemented as written, it will have a chilling effect on open source software development as a global endeavour, with the net effect of undermining the EU’s own expressed goals for innovation, digital sovereignty, and future prosperity.” Open source components are estimated to constitute between 70-90% of most modern software products and many open source projects are developed by individuals or small teams in their spare time.

For more information see the original letter here.

While the very purpose of the DMA is to restructure the technology market in the EU and preference competitors to existing companies, the CRA could limit competition by slowing the speed to market of new products.

Many fear that the Cyber Resilience Act could slow or even stall the rollout of essential new technologies and services because businesses would have to wait for certification before adopting product security. Companies would also have to design their products as dictated by European Commission employees. Reducing the speed to market of new digital and technology products would cut against a goal of the DMA, to preference the market for competitors by making it easier for their products to go to market.

For more information see this report from the Center for European Policy Analysis.