adding CRA and NIS2 news item

news/2024/news-20240715-01.en.xhtml

@@ -0,0 +1,87 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<html newsdate="2024-07-15">
+<version>1</version>
+
+<head>
+    <title>CRA and NIS2: Protecting Free Software ecosystem in implementation</title>
+</head>
+
+<body>
+  
+<h1>CRA and NIS2: Protecting Free Software ecosystem in implementation
+</h1>
+
+<p>Together with NLnet Labs and the Open Source Security Foundation, 
+the Free Software Foundation Europe (FSFE)  submitted feedback on the 
+NIS2 implementation act, pointing to the need of protecting the 
+European Free Software ecosystem.</p> 
+
+<figure>
+<img src="https://pics.fsfe.org/uploads/big/d1b7eb0ca6ec38c89967dab6d3dd920b.png"
+  alt="A closed lock in a electric light green surrounded by a circle and the letter cyber security in a greenish background" />
+</figure>
+
+<p>The NIS2 implementation act, with its cyber security regulations and 
+implementing decisions, is also addressing Free Software ecosystem in 
+Europe. It is therefore crucial that these measures, while contributing 
+to cyber security, do not hamper Free Software development, especially 
+as Free Software is a strong component in the cyber security area.</p> 
+
+<p>
+</p>
+<blockquote>
+“It is important to recognise the special nature of 
+Free Software development and the Free Software ecosystem and its role 
+in the software supply chain. Implementation needs to be proportionate 
+and effective”, states Alexander Sander, FSFE.
+</blockquote>
+<p></p>
+
+<p>In this sense, the FSFE, together with <a 
+href="https://www.nlnetlabs.nl/">NLnet Labs</a> and the <a 
+href="https://openssf.org/">Open 
+Source Security Foundation</a>, <a 
+href="https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/14241-Cybersecurity-risk-management-reporting-obligations-for-digital-infrastructure-providers-and-ICT-service-managers/F3471997_en">jointly 
+provided feedback</a> to the consultation on the European Commission’s 
+draft NIS2 
+Implementing Act concerning "Cybersecurity risk management &amp; reporting 
+obligations for digital infrastructure, providers and ICT service 
+managers" (launched on 27 June). </p> 
+
+<p>We raised our concerns about the focus on business to business (B2B) 
+relationships. Complex software products, which are at the core of 
+services of the digital infrastructure sector of NIS2, are often 
+published by independent individuals, not-for-profit actors or academic 
+organisations. In this case, beyond the freedoms granted by Free 
+Software licences, no relationship exists between developer ('direct 
+supplier') and an entity in scope for NIS2.</p>
+
+<p>The FSFE actively participates in regulation processes such as 
+consultations, <a href="/news/2023/news-20230323-01.html">attends hearings</a> 
+and is in close dialogue with decision-makers in the EU to make sure cyber security 
+regulation does not hamper Free Software development. If you are 
+negatively affected by the implementation of CRA and NIS2, please 
+<a href="mailto: contact@fsfe.org"> contact us</a>.</p>
+
+<div class="color-box background fullwidth" data-color="dark-green">
+ <a class="btn btn-lg btn-default" href="https://my.fsfe.org/donate?amount=300&amp;period=m">Donate now</a>
+</div>
+
+</body>
+	
+<tags>
+ <tag key="front-page"/>
+ <tag key="highlights">highlights</tag>
+ <tag key="news">News</tag>
+  <tag key="european-union">European Union</tag>
+   <tag key="policy">European Public Policy</tag>
+</tags> 		
+
+
+<discussion href="https://community.fsfe.org/t/1182"/> 
+<image url="https://pics.fsfe.org/uploads/big/d1b7eb0ca6ec38c89967dab6d3dd920b.png"
+  alt="A closed lock in a electric light green surrounded by a circle and the letter cyber security in a greenish background" />
+
+</html>
+
+