Can a company be classified as an open-source software steward?
Yes, a company can be classified as an open-source software steward. The CRA defines a steward as "a legal person, other than a manufacturer" that systematically provides sustained support for the development of free and open-source software intended for commercial activities (Article 3(14)). Recital 19 provides additional context: "Open-source software stewards include certain foundations as well as entities that develop and publish free and open-source software in a business context, including not-for-profit entities."
A company can even be a steward for a project that also has a commercial version. In this scenario, the company would be a manufacturer for the paid or monetised version (with corresponding manufacturer obligations), while simultaneously being a steward for the free or "community" version that it publishes but does not monetise.
This dual role is possible because the CRA assesses each product separately:
- Manufacturer obligations apply to the monetised version and flow to organisations that have purchased it or are the source of monetisation.
- Steward obligations apply to the non-monetised open source version and focus on fostering secure development and effective vulnerability handling for users of that version.
For more details on how manufacturers and stewards interact, see Can a manufacturer also be an open-source software steward ?.
Disclaimer
Disclaimer: The information contained in this FAQ is of a general nature only and is not intended to address the specific circumstances of any particular individual or entity. It is not necessarily comprehensive, complete, accurate, or up to date. It does not constitute professional or legal advice. If you need specific advice, you should consult a suitably qualified professional.