"In order not to hamper innovation or research, free and open-source software developed or supplied outside the course of a commercial activity should not be covered by this Regulation. This is in particular the case for software, including its source code and modified versions, that is openly shared and freely accessible, usable, modifiable and redistributable. In the context of software, a commercial activity might be characterized not only by charging a price for a product, but also by charging a price for technical support services, by providing a software platform through which the manufacturer monetises other services, or by the use of personal data for reasons other than exclusively for improving the security, compatibility or interoperability of the software."
The explanation at the end says that none of the large open source software projects would fall under the umbrella of open source software because somebody is making money off of it some way.
But this is exactly the point (which I think is good). This whole thing is applicable if you produce software commercially, regardless if OSS or not
I read it as this:
In effect, if you make money of the software you destribute you are responsible to address security issues
I hope that this is a change for the better. Now everyone who piggy-backed on some OSS project so far has to either maintain a fork (-> more contributions) or provide incentive for the dev to fix it (money?)
"(...) except for specified exclusions such as open-source software (...)"
- wouldn't this mean that FOSS is specifically not at risk???
edit: Even going further through the links, then searching for "open" in the actual text of the document (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CEL...) gave me the following:
"In order not to hamper innovation or research, free and open-source software developed or supplied outside the course of a commercial activity should not be covered by this Regulation. This is in particular the case for software, including its source code and modified versions, that is openly shared and freely accessible, usable, modifiable and redistributable. In the context of software, a commercial activity might be characterized not only by charging a price for a product, but also by charging a price for technical support services, by providing a software platform through which the manufacturer monetises other services, or by the use of personal data for reasons other than exclusively for improving the security, compatibility or interoperability of the software."