Search every question across sub-FAQs

Yes.

The CRA makes clear that commercial activity is not limited to charging a price for the software itself. It can also arise from monetisation of related services or from the other commercial indicators listed in recital 15.

No.

The CRA says that accepting donations without the intention of making a profit should not be considered a commercial activity. The March 2026 draft guidance adds that a FOSS project funded only through voluntary donations is unlikely to be treated as placed on the market where access to the software, source code, and updates is not conditioned on donating.

But donations can still amount to commercial activity where, in practice, they function like the price of access, for example if releases, binaries, updates, or other essential benefits are available only to donors, or if the donation model is organised to generate systematic profit rather than sustain the project.

No.

The CRA says that the circumstances in which the software was developed, and how its development was financed, should not by themselves determine whether the activity is commercial or non-commercial.

No.

The CRA expressly says that the mere presence of regular releases should not in itself lead to the conclusion that free and open-source software is supplied in the course of a commercial activity.

No.

The March 2026 draft guidance says the decisive factor is whether access to the FOSS itself, including its maintenance and support, is conditioned on remuneration. If the FOSS can be downloaded and installed freely and users can separately buy consultancy or support, that does not by itself mean the FOSS is placed on the market.

But where a specific edition or version is supplied only under a paid arrangement that includes support or performance optimisation, that provision is monetised and is treated as being placed on the market.

Then the CRA says that should not be treated as a commercial activity on that basis alone.

Recital 18 states that products with digital elements qualifying as free and open-source software that are not monetised by their manufacturers should not be considered to involve a commercial activity.

Not automatically, but the CRA gives not-for-profit organisations a specific rule.

For the purposes of the CRA, development and publication of free and open-source software by a not-for-profit organisation should not be considered a commercial activity if the organisation is set up so that all earnings after costs are used to achieve not-for-profit objectives.

The March 2026 draft guidance adds that this can remain true even where the FOSS is directly monetised, for example through search-engine partnerships, as long as the organisation meets that not-for-profit condition. If such a legal person also meets the Article 3(14) criteria, it may be a steward rather than a manufacturer for that FOSS.

No.

The CRA says it does not apply to natural or legal persons who contribute source code to free and open-source software that is not under their responsibility.

No.

The CRA says a free and open-source software component intended for integration by other manufacturers is considered to be made available on the market only if that component is monetised by its original manufacturer.

No.

The CRA says the sole act of hosting products with digital elements on open repositories, including package managers or collaboration platforms, does not in itself constitute making them available on the market.

No.

Under recital 19, providers of repositories, package managers, and collaboration platforms are distributors only if they actually make the software available on the market, meaning they supply it for distribution or use on the Union market in the course of a commercial activity.

An open-source software steward is a legal person, other than a manufacturer, that systematically provides support on a sustained basis for the development of specific free and Open-Source Software intended for commercial activities and ensures the viability of those products.

No.

The Article 3(14) definition is limited to a legal person.

No.

Steward status is narrower. The legal person must systematically provide support on a sustained basis, the software must be intended for commercial activities, and the legal person must ensure the software's viability.

The CRA gives broad examples.

Recital 19 says that sustained support may include hosting and managing software-development collaboration platforms, hosting source code or software, governing or managing free and open-source software products, and steering their development.

Yes.

The March 2026 draft guidance says this assessment is specific to each FOSS product. A legal person may be the manufacturer for a specific FOSS that it places on the market, while being the steward for another specific FOSS that it publishes without placing on the market. The same split can also arise between a monetised version and a free or community version of related software.

They have a lighter, tailored regime under Article 24.

Stewards must put in place and document, in a verifiable manner, a cybersecurity policy that fosters secure development, effective vulnerability handling, voluntary reporting of vulnerabilities, and sharing of vulnerability information within the open-source community. They must also cooperate with market-surveillance authorities and, on a reasoned request, provide the documented policy to the authority.

Yes, but only to the limited extent set out in Article 24(3).

Article 14(1) applies to stewards only to the extent that they are involved in development of the products. Article 14(3) and 14(8) apply only to the extent that severe incidents affect network and information systems provided by the steward for the development of those products.

No.

Recital 19 makes clear that open-source software stewards should not be permitted to affix the CE marking to the products whose development they support.

Yes.

The market-surveillance authorities designated under Article 52 are also responsible for activities relating to steward obligations under Article 24. If a steward does not comply, the authority must require appropriate corrective action.