Like PHK I’m a bit surprised that the news has not received a wide coverage but as I think it might interest people selling software I thought I would spread it myself.
TLDR: The no liability clause of the licences will be void in two years in the EU. There is an exception for open source softwares (provided it’s not a commercial activity).
The authors of the directive made a talk at the last fosdem about it:
(On the topic of liability it starts at 26:30, before that AFAIU it was about cybersecurity which I think also applies to us)
It looks like a good idea, software with know rounding issues ( ) will have to finally use decimal to do their computation, as it could generate injury to the psychological health of their user .
In principle, the supply of free and open-source software by non-profit organisations should not be considered as taking place in a business-related context, unless such supply occurs in the course of a commercial activity.
IANAL, but does this mean the directive would not apply if the Tryton Foundation (a non-profit) provided the software? IMO Tryton software is not “sold” (it is freely accesible from PyPI), and commercial services offered by Tryton community members are separate from the software (the customer can sever the relationship with the services provider but continue to use Tryton). I’m assuming however that the services provider did not create any custom code and “sell” it to their client, and I wonder if the introduction of custom code into Tryton by a services provider would make the services provider liable for all Tryton code (for that customer). I guess this is why there are lawyers…
I am more concerned though with what the directive means for Tryton SaaS providers. Would subscription access to a Tryton SaaS be considered “selling” Tryton? I fear yes, as a potential SaaS provider, but in all honesty if I was a customer I would be in favor of this. However, being in Canada, I suppose I could simply not accept EU customers if I did not want to accept the liability.
I think you are right. Saas vendors (I’m one of them) turn FOSS into commercial products.
If Tryton is a component of a commercial solution, it requires some care, but also the other components hardware and software must be considered, in particular those you buy as commercial products (which is not the case of Tryton).
In my opinion, the no-liability clause was an illusion. In court, the big one will probably win over the small one. So I see this new regulation as more protective for our Saas business, because of its legal frame and the exceptions of FOSS and Saas which are mentioned.
That said, as a Saas provider, I turned the picture this way for ten years now, in order to survive in the wild:
– First, I separate hosting from any development/custom integration work, and I don’t use hosting to deliver my own version of the product,
– Second, any commercial hosting is co-administrated with the customer. Hosting itself is designed to allow root access to the customer and third parties and they can manage all their hosting parameters (versions, software source, options and dependencies). I hope this means shared responsibility. I expect my liability to be limited to my provisioning tools which are home-developed under GPL with no dependency on products : only debian, shell, python, few lines of php + js for the co-administration panel, and lxc.
–Third, any black-boxed Saas solution, which doesn’t allow shared administration must be given for free, as a non commercial product. Black-boxed solutions have an advantage in costs and footprint.
All these precautions may be out of scope, I don’t know really. So far, nobody ever asked for the compensations mentioned in the contract.
Nevertheless, I have to re-assess this strategy regarding this new regulation, and I’d like to read more from others on this discuss
Directive definition of FOSS : “Free and open-source software, whereby the source code is openly shared and users can freely access, use, modify and redistribute the software or modified versions thereof”
I hope shared-source products won’t be considered as FOSS.
Also, looks complex to imagine how open-core products will be considered, and how the resellers (VARs) will be impacted.
) will have to finally use decimal to do their computation, as it could generate injury to the psychological health of their user 
.