As long as you‘re not financially profiting from the project, the legislation does not affect you. The moment you do financially profit of it (for example, if you have a business around it, or the software is developed by a business), then things get a little more complicated - if you have no clients in the EU and don‘t market or sell to the EU, you can mostly just ignore this. If you do, then you probably have to care about this.
You're saying this so definitively even though you can't know that what you're saying is true, based on the article:
> In order not to hamper innovation or research, free and open-source software developed or supplied outside the course of a commercial activity should not be covered by this Regulation. [..]
> Commercial activity is understood as providing goods in a business related context. Non-profit organisations may be considered as carrying out commercial activities if they operate in such a context. This can only be appreciated on a case by case basis taking into account the regularity of the supplies, the characteristics of the product, the intentions of the supplier, etc. In principle, occasional supplies by charities or hobbyists should not be considered as taking place in a business related context.
> Open-source software is provided both within and outside of business related contexts. And the 'occasional supplies' exception in this quote seems to be of limited use to projects society comes to depend on. Would you consider an open-source operating system (MINIX) that has been freely available for 35 years an 'occasional supply'? What does its integration in all Intel processors since 2015 mean for being 'goods' outside a 'business related context'? How about the BIND project, a staple of open-source core Internet infrastructure shipping for 40 years?
This feels like a huge issue to me and that's before considering how most OSS we use everyday is worked on by full-time employees as a part of their jobs.
If you release TerminatorOS which is an experimental OS for AIs hellbent on destroying the world, you are fine.
If someone uses TerminatorOS and you did not sell it to them, they will be responsible for its use, you are fine.
If you start terminator.io, a startup that sells TerminatorOS powered drones that shoot you in the face, you are not fine and need to comply.
In the same way, if BIND starts BIND.io to sell Bind-as-a-Service, then they'll have to be compliant. If BIND is found to be ran at 90% by AWS with AWS paid employees, they won't need to be compliant. Otherwise, you'll be fine.
Source: this is not the US, European law takes context into account.
What if I've already released TerminatorOS for free and would prefer not to leave my users in the EU high and dry, but I also don't want to start a business or spend my free time dealing with legalese while getting nothing in return?
If you are not selling it to your EU users, you are fine. If you are selling it to EU users, leave them high and dry and offer no support. They can still clone it and run it on their own.
It's really the same thing as selling non certified products in Europe. If you are a registered EU business, you have to sell CE certified products, so we know that you're not going to burn my house down. If i buy from alibaba an LED strip that draws 500W and ends up burning my house down, it'll be my fault, the seller was in China and i knew what i was getting into.
Any kind of commercial gain can be considered "profit". 10ct/month from an ad banner is considered a commercial activity in Germany and courts treat it as such, with consequences like Impressumspflicht (need to publish personal data, tax number, phone and fax number of the person responsible for a website) and DSGVO applicability. Same for indirect "profit": there have been judgements that considered blogging a commercial activity if the topic of the blog is similar to the dayjob of the blogger because the blog is considered an advertisement to a future employer or customer.
Therefore I would consider any kind of open source contribution by an IT professional a commercial activity. Only if the open source contribution is strictly a hobby and your normal job involves nothing IT-like at all you'd maybe be safe.
Is having your name on a project “profiteering”? Is publishing a project to sustain the reputation of a conference speaker made as a sidekick, profiteering?
That is not true - donations are not usually considered profit, at least in Germany. They occupy a bit a weird middle ground. They may count as income, but for example donations we receive for the open source projects that our company runs are VAT exempt. However, it must be true donations and not provide material benefit - if the donations provide any substantial benefit (priority when considering features or bug fixes, access to special features, …), then it‘s no longer donations but services. Things like a mention on a supporter page, occasional swag and stickers, … are usually fine.
As always, talks to your tax accountant about your specific case, this is not legal or tax advice, …
You seem to be conflating being eligible for vat with income that would qualify as “profiting”. Profiting just means you benefitted. And taxable income is nearly always profiting.
all legislation is designed for Mittelstand (medium sized german companies)
tax, privacy, communications, employment, now software
this was seen with the VAT changes: it was raised that this would badly affect small companies, so they passed the legislation then penciled a meeting in for 3 years time to maybe think about small companies
False. In many cases you might be collecting it in the first place without realizing it (e.g. Analytics). Also it's a problem for developing anything to spend a lot of thinking "would this violate GDPR" instead of actual creative thinking and development.
I don't remember how many DAYS we've collectively lost in all the apps we're making, to make sure we comply with GDPR instead of focusing on productivity.
So it sounds like there is no point to comply ahead of time as if they do come after you they would just get future payments in which case you can close up sales in that region.
Say I'm an EU company. I use a small bit of GPL code in the course of my business, and I see a problem with it, so I change the code, fix the bug/add a feature/etc, push it back, does that count profiting from it?
I could instead not push it back, which is less immediate risk
> As long as you‘re not financially profiting from the project, the legislation does not affect you.
As highlighted in the article, "commercial activity" is what triggers the legislation, not profit, and it's a broader concept.
Note also this section on page 34:
‘making available on the market’ means any supply of a product with digital elements for distribution or use on the Union market in the course of a commercial activity, whether in return for payment or free of charge;
