Article 24 Obligations of open-source software stewards

Open-source software stewards means a legal person, other than a manufacturer, that has the purpose or objective of systematically providing support on a sustained basis for the development of specific products with digital elements, qualifying as free and open-source software and intended for commercial activities, and that ensures the viability of those products; shall put in place and document in a verifiable manner a cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; policy to foster the development of a secure product with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; as well as an effective handling of vulnerabilities means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; by the developers of that product. That policy shall also foster the voluntary reporting of vulnerabilities means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; as laid down in Article 15 by the developers of that product and take into account the specific nature of the open-source software steward means a legal person, other than a manufacturer, that has the purpose or objective of systematically providing support on a sustained basis for the development of specific products with digital elements, qualifying as free and open-source software and intended for commercial activities, and that ensures the viability of those products; and the legal and organisational arrangements to which it is subject. That policy shall, in particular, include aspects related to documenting, addressing and remediating vulnerabilities means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; and promote the sharing of information concerning discovered vulnerabilities means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; within the open-source community.

Open-source software stewards means a legal person, other than a manufacturer, that has the purpose or objective of systematically providing support on a sustained basis for the development of specific products with digital elements, qualifying as free and open-source software and intended for commercial activities, and that ensures the viability of those products; shall cooperate with the market surveillance authorities means a market surveillance authority as defined in Article 3, point (4), of Regulation (EU) 2019/1020;, at their request, with a view to mitigating the cybersecurity risks means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; posed by a product with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; qualifying as free and open-source software means software the source code of which is openly shared and which is made available under a free and open-source licence which provides for all rights to make it freely accessible, usable, modifiable and redistributable;.

Further to a reasoned request from a market surveillance authority means a market surveillance authority as defined in Article 3, point (4), of Regulation (EU) 2019/1020;, open-source software stewards means a legal person, other than a manufacturer, that has the purpose or objective of systematically providing support on a sustained basis for the development of specific products with digital elements, qualifying as free and open-source software and intended for commercial activities, and that ensures the viability of those products; shall provide that authority, in a language which can be easily understood by that authority, with the documentation referred to in paragraph 1, in paper or electronic form.

The obligations laid down in Article 14(1) shall apply to open-source software stewards means a legal person, other than a manufacturer, that has the purpose or objective of systematically providing support on a sustained basis for the development of specific products with digital elements, qualifying as free and open-source software and intended for commercial activities, and that ensures the viability of those products; to the extent that they are involved in the development of the products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately;. The obligations laid down in Article 14(3) and (8) shall apply to open-source software stewards means a legal person, other than a manufacturer, that has the purpose or objective of systematically providing support on a sustained basis for the development of specific products with digital elements, qualifying as free and open-source software and intended for commercial activities, and that ensures the viability of those products; to the extent that severe incidents means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; having an impact on the security of products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; affect network and information systems means: an electronic communications network as defined in Article 2, point (1), of Directive (EU) 2018/1972; any device or group of interconnected or related devices, one or more of which, pursuant to a programme, carry out automatic processing of digital data; or digital data stored, processed, retrieved or transmitted by elements covered under points (a) and (b) for the purposes of their operation, use, protection and maintenance; provided by the open-source software stewards means a legal person, other than a manufacturer, that has the purpose or objective of systematically providing support on a sustained basis for the development of specific products with digital elements, qualifying as free and open-source software and intended for commercial activities, and that ensures the viability of those products; for the development of such products.