How do the supply chain security obligations under the EU #NIS2 affect those that develop the #opensource used by "essential providers" of digital infrastructure?
@fsfe @openssf and @nlnetlabs are concerned that the term 'supplier' includes economic actors publishing #FOSS that are not a suitable counterparty for the type of reqs the draft imposes on NIS2 entities in their relation with direct suppliers.
Analysis of feedback: https://blog.nlnetlabs.nl/supply-chain-security-obligations-for-nis2-regulated-entities-vs-developers-of-open-source-software/
@fsfe @openssf and @nlnetlabs are concerned that the term 'supplier' includes economic actors publishing #FOSS that are not a suitable counterparty for the type of reqs the draft imposes on NIS2 entities in their relation with direct suppliers.
Analysis of feedback: https://blog.nlnetlabs.nl/supply-chain-security-obligations-for-nis2-regulated-entities-vs-developers-of-open-source-software/
Supply chain security obligations for NIS2 regulated entities vs. developers of open source software
How do supply chain security obligations under the European NIS2 legislation affect those that develop the Free and Open Source Software used by "essential providers" of digital infrastructure? An overview of the response to the public comment period…Team NLnet Labs (The NLnet Labs Blog)