The open source community in general needs to pay more attention to this space – not just the python ecosystem. More maintainers need to know that well intentioned people are proposing policies that would in some instances make them financially and legally liable for the code they write.
The new EU AI Act also has this problem, in that it imposes liability for developing components that may at some future point be misused by others.
The source of the problem is a particular approach to legislation that has become popular in the EU that purports to regulate across the entire supply chain for a product. Which might make sense for production of physical items or for software developed completely from scratch 30 years ago under a waterfall model, but is strongly disconnected from the way software is currently built.
“Well intentioned” does not actually describe the strong IT companies that support actions like this to try and recapture value. European big tech companies like Siemens, Ericsson, Nokia and so on are not fans of open source since it negatively impacted their captive customer bases.
