Wikimedia Position on EU Proposals for a Liability Carve-Out of Free and Open-Source Software

Current proposals like the Cyber Resilience Act[1], the Directive on Liability for Defective Products[2] and proposed amendments to the AI Act include vague and various liability carve-outs for “free and open-source software developed or supplied outside the scope of a commercial activity”. 

Wikimedia projects are run on free and open-source software. The technology is developed both in-house by entities like the Wikimedia Foundation, Wikimedia Deutschland and Wikimedia Sverige, as well as by code contributed by volunteers. Our software can be re-used and modified by anyone for any purpose, without asking for permission. 

Definition of free & Open and a coherent wording across laws

We agree with the approach taken by the EU Commission and the co-legislators to protect software and developers as long as it takes place outside the scope of a commercial activity. We believe that coders must be free to review, tinker with and edit software in order to achieve their full potential. We also agree that people and organisations offering software as part of the commercial activity should not benefit from that same carve-out. 

We worry that the current recitals and amendments are all worded differently and lack a key definition. To guarantee legal certainty we therefore suggest that the co-legislators agree on a common wording for the carve-out across the files and include it as an article in the text. We therefore want to propose the following improvements:

  • Universal wording: One single wording should be agreed upon and it should be included as an article in one of the acts. The other acts should reference it. Ideally, Recital 10 from the CRA would be taken as a basis.
  • Universal definition: Ideally, free and open-source software should be defined as code that is made available to the public under terms that guarantee the freedom to use, study, share and improve the software.

[1]Proposal for a Cyber Resilience Act – Recital 10 

[2]Proposal for a Directive on the Liability of Defective Products –  Recital 13 

[3]Legal Affairs Committee Opinion on the Artificial Intelligence Act