The European Union is (finally) coming to grips with the dysfunctionalities of its most famous tech law of all: the General Data Protection Regulation. From a report: The European Commission will propose a new law before the summer that's aimed at improving how EU countries' privacy regulators enforce the GDPR, a newly published page on its website showed. Adopted in 2016, the privacy rulebook was a watershed moment in global tech regulation, forcing companies to abide by new standards such as asking for consent to collect people's data online against threats of hefty fines of up to 4 percent of global annual turnover. The law effectively became European officials' poster child of powerful legislation coming out of Brussels. But five years after EU data protection authorities started their job, as GDPR entered into force, activists, experts and some national privacy watchdogs have become frustrated at what they see as an inefficient system to tackle major cases, especially from Big Tech companies.

Most notably, critics have lamented the powerful role that the Irish Data Protection Commission has under the so-called one-stop shop rule, which directs most major investigations to run through the Irish system because tech companies like Meta, Google, Apple and others have set up their European homes there. Under the GDPR, tech companies are overseen by the national regulator in the EU country where they are headquartered. Ireland and, to a lesser extent, Luxembourg, where Amazon's EU headquarters is based, have faced mounting criticism in recent years for lax enforcement, which they deny. The Irish data authority in recent months imposed some major multimillion-euro fines to sanction GDPR infringements from Meta, the parent company of Instagram and Facebook. Now, a new EU regulation that is expected in the second quarter of 2023 wants to set clear procedural rules for national data protection authorities dealing with cross-border investigations and infringements. The law "will harmonize some aspects of the administrative procedure" in cross-border cases and " support a smooth functioning of the GDPR cooperation and dispute resolution mechanisms," the Commission wrote.

A long-time Slashdot reader brings news from the EU: This week the Dutch Government approved the construction license for the PALLAS reactor, a new nuclear reactor to create medical isotopes. The PALLAS reactor will replace the 60 year old reactor in Petten which produces about one third of all the medical isotopes used globally. Receiving the building permit is a major milestone as highlighted here.

Adobe's proposed $20 billion takeover of design firm Figma risks a lengthy European Union probe after the bloc's antitrust watchdog warned of potential concerns over the deal. From a report: The European Commission said it had received requests from a number of national regulators to look into the deal, even though it falls below the normal revenue thresholds to warrant an EU-level review, according to a statement Wednesday. The agency said the deal could "significantly affect competition" in the market for interactive product design and whiteboarding software. It will now ask Adobe to notify the transaction as the companies can't go ahead with the deal without getting clearance from the EU.

The European Parliament on Tuesday formally approved a law to effectively ban the sale of new petrol and diesel cars in the European Union from 2035, aiming to speed up the switch to electric vehicles and combat climate change. From a report: The landmark rules will require that by 2035 carmakers must achieve a 100% cut in CO2 emissions from new cars sold, which would make it impossible to sell new fossil fuel-powered vehicles in the 27-country bloc. The law will also set a 55% cut in CO2 emissions for new cars sold from 2030 versus 2021 levels, much higher than the existing target of a 37.5%. "The operating costs of an electric vehicle are already lower than the operating costs of a vehicle with an internal combustion engine," Jan Huitema, the parliament's lead negotiator on the rules, said, adding that it was crucial to bring more affordable electric vehicles to consumers.

C++ creator Bjarne Stroustrup "joins calls for changing the programming language itself to address security concerns," according to an article shared by Slashdot user guest reader: In mid-January, the official C++ "direction group" -- which makes recommendations for the programming language's evolution -- issued a statement addressing concerns about C++ safety. While many languages now support "basic type safety" -- that is, ensuring that variables access only sections of memory that are clearly defined by their data types -- C++ has struggled to offer similar guarantees.

This new statement, co-authored by C++ creator Bjarne Stroustrup, now appears to call for changing the C++ programming language itself to address safety concerns. "We now support the idea that the changes for safety need to be not just in tooling, but visible in the language/compiler, and library." The group still also supports its long-preferred use of debugging tools to ensure safety (and "pushing tooling to enable more global analysis in identifying hard for humans to identify safety concerns"). But that January statement emphasizes its recommendation for changes within C++.

Specifically, it proposes "packaging several features into profiles" (with profiles defined later as "a collection of restrictions and requirements that defines a property to be enforced" by, for example, triggering an automatic analysis.) In this way the new changes for safety "should be visible such that the Safe code section can be named (possibly using profiles), and can mix with normal code." And this new approach would ultimately bring not just safety but also flexibility, with profiles specifically designed to support embedded computing, performance-sensitive applications, or highly specific problem domains, like automotive, aerospace, avionics, nuclear, or medical applications.

"For example, we might even have safety profiles for safe-embedded, safe-automotive, safe-medical, performance-games, performance-HPC, and EU-government-regulation," the group suggests. Elsewhere in the document they put it more succinctly. "To support more than one notion of 'safety', we need to be able to name them."
Stroustrup emphasized his faith in C++ in a 2020 interview. "I think C++ can do anything Rust can do, and I would like it to be much simpler to use," Stroustrup told the Association for Computing Machinery's Special Interest Group on Programming Languages.

But even then, he'd said that basic type safety was one of his earliest design goals -- and one he's spent decades trying to achieve. "I get a little bit sad when I hear people talk about C++ as if they were back in the 1980s, the 1990s, which a lot of people do. They looked at it back in the dark ages, and they haven't looked since."

An anonymous reader shares a report: Things aren't looking great for the Microsoft-Activision merger. The EU has issued a statement of objections, the UK's CMA issued a provisional report finding the merger would stifle competition, and the FTC has outright sued to make sure the merger never happens in the US. It seems every major world regulator has a problem with Microsoft and Activision shacking up. It's at this point that most C-suite executives of a major corporation would start hedging their bets, but Sony has started screening Bobby's calls.

"It's funny, Sony's not on the phone to us," said Activision Blizzard CEO Bobby Kotick. "In fact, they're not returning our phone calls." In an interview with Fox Business, Kotick talked about the embattled merger and how normally he'd be on the phone with Sony executives talking about new business ventures. That's all changed because of the Microsoft merger.

An anonymous reader quotes a report from the New York Times: Last summer, 1,704 TikTok accounts made a coordinated and covert effort to influence public discourse about the war in Ukraine, the company said on Thursday. Nearly all the accounts were part of a single network operating out of Russia that pretended to be based in Europe and aimed its posts at Germans, Italians and Britons, the company said. The accounts used software to use local languages that amplified pro-Russia propaganda, attracting more than 133,000 followers before being discovered and removed by TikTok.

TikTok disclosed the networks on Thursday in an in-depth report that examined its handling of disinformation in Europe, where it has more than 100 million users, noting that conflict in Ukraine "challenged us to confront a complex and rapidly changing environment." The social media platform compiled the findings to comply with the European Union's voluntaryCode of Practice on Disinformation, which counts Google, Meta and Twitter among its other signatories. TikTok offered the detailed look into its operations as it tried to demonstrate its openness in the face of continued regulatory scrutiny over its data security and privacy practices.

As a newer platform, TikTok is "in a unique position to innovate in the search for solutions to these longstanding industry challenges," Caroline Greer, Tiktok's director of public policy and government relations, said in a blog post on Thursday. The company did not say whether the accounts had ties to the Russian government. In its report, covering mid-June through mid-December 2022, TikTok said it took down more than 36,500 videos, with 183.4 million views, across Europe because they violated TikTok's harmful misinformation policy. The company removed nearly 865,000 fake accounts, with more than 18 million followers between them (including 2.3 million in Spain and 2.2 million in France). There were nearly 500 accounts taken down in Poland alone under TikTok's policy banning impersonation. Early in the fighting in Ukraine last year, the company said, it noticed a sharp rise in attempts to post ads related to political and combat content, even though TikTok does not allow such advertising. Some of the actions TikTok took to combat this misinformation include:

- started blocking Ukrainian and Russian advertisers from targeting European users
- hired native Russian and Ukrainian speakers to help with content moderation
- worked with Ukrainian-speaking reporters on fact-checking
- created a digital literacy program focused on information about the war
- restricted access to content from media outlets associated with the Russian government
- expanded its use of labels identifying state-sponsored material
- stopped recommending livestreamed videos coming from Russia and Ukraine to European users

Chip suppliers have warned that a European effort to impose a ban on "forever chemicals" will cause widespread disruption to already tight semiconductor supply chains. From a report: Five European countries, including Germany and the Netherlands, on Tuesday proposed that the EU phase out tens of thousands of so-called forever chemicals, known as PFAS, used in the production of semiconductors, batteries, aircraft, cars, medical equipment and even frying pans and ski wax.

The ban would constitute "the broadest restriction proposal in history," Frauke Averbeck, who led the proposal for the German Environment Agency, said. "It's a huge step for us to take." Richard Luit, senior policy adviser at the Dutch National Institute for Public Health and Environment, added: "If no action is taken we estimate that the societal costs will exceed the costs without a restriction." However, industry executives warned that a broad ban could have severe consequences for many sectors. Chemours, a leading supplier of high-end fluoropolymers, warned that the chemicals were "absolutely critical" for semiconductor manufacturing as well as a wide range of other industries.

Slashdot reader lexios shares this report from the French international news agency Agence France-Press: European police arrested 42 suspects and seized guns, drugs and millions in cash, after cracking another encrypted online messaging service used by criminals, Dutch law enforcement said Friday. Police launched raids on 79 premises in Belgium, Germany and the Netherlands following an investigation that started back in September 2020 and led to the shutting down of the covert Exclu Messenger service.

After police and prosecutors got into the Exclu secret communications system, they were able to read the messages passed between criminals for five months before the raids, said Dutch police. Those arrested include users of the app, as well as its owners and controllers. Police in France, Italy and Sweden, as well as Europol and Eurojust, its justice agency twin, also took part in the investigation. The police raids uncovered at least two drugs labs, one cocaine-processing facility, several kilograms of drugs, four million euros in cash, luxury goods and guns, Dutch police said.
The "secure" messaging app was used by around 3 000 people who paid 800 euros (roughly $866 USD) for a six-month subscription.

In 2017 the New York Times covered research co-authored by John Griffin, a finance professor at the University of Texas, into Hong Kong-based Bitfinex, "one of the largest and least regulated exchanges in the industry." Mr. Griffin looked at the flow of digital tokens going in and out of Bitfinex and identified several distinct patterns that suggest that someone or some people at the exchange successfully worked to push up prices when they sagged at other exchanges. To do that, the person or people used a secondary virtual currency, known as Tether, which was created and sold by the owners of Bitfinex, to buy up those other cryptocurrencies.
To reach this conclusion, the paper's two authors "sifted through an incredible 200 gigabytes of trading data, equal to the troves that the Smithsonian Institution collects in two years," according to a new article in Fortune, "and followed sales and purchases from 2.5 million separate wallets."

The researchers ultimately concluded that a single, still unidentified, Bitcoin "whale" triggered nearly 60% of Bitcoin's one-year rise in 2017 from under $1,000 to over $19,000. But more importantly, Fortune now reports that Griffin "suspects that a similar dynamic is operating today." Toward the end of 2022, another mystifying trend caught Griffin's eye. Despite the crypto crash and myriad other negative forces, every time Bitcoin briefly breached the $16,000 floor, it bounced above that level and kept stubbornly trading between $16,000 and $17,000. Almost unbelievably, as the crypto market has continued to unravel into 2023, Bitcoin has gone in the opposite direction, trading up 35% since Jan. 7 to $23,000.

"It's very suspicious," Griffin told Fortune. "The same mechanism we saw in 2017 could be at play now in the still unreal Bitcoin market."

For Griffin, the way normally super-volatile Bitcoin went calm and stable in the stormiest of times for crypto fits a scenario where boosters are uniting to support and juice its price. "If you're a crypto manipulator, you want to set a floor under the price of your coin," added Griffin. "In a period of highly negative sentiment, we've seen suspiciously solid floors under Bitcoin."

It's important to note that no definitive proof of chicanery has so far emerged. "The space is bigger now so it's harder to dig the data," says Griffin. "Sophisticated players may be expert at hiding their identities." We have seen credible leaks asserting that major market participants call meetings of the sector's elite when they fear a crypto leader plans to make what they consider a reckless, industry-endangering move. But no evidence has surfaced that the players are gathering to coordinate buying of Bitcoin or other cryptocurrencies.
Fortune data editor Scott DeCarlo ran a detailed analysis and found, among other things, that Bitcoin "at peak FTX-induced turmoil showed both its smallest swings ever by a wide margin, and divergence from low to high that was one-fourth to one-fifth its average over the past six years." And they're not the only ones asking questions: In a blog post on Nov. 30 titled "Bitcoin's Last Stand," European Central Bank Director General for market operations Ulrich Bindseil and ECB adviser Jürgen Schaaf dismissed Bitcoin's resurgence as "an artificially induced last gasp before the road to irrelevance." Two leading figures on Wall Street told this writer on background that Bitcoin's price action, by resisting a flood of bad news, looks phony and different from a normal free market ruled by independent buyers and sellers.
Thanks to long-time Slashdot reader wired_parrot for submitting the story.

An anonymous reader quotes a report from TechCrunch: GitHub CEO Thomas Dohmke says that open source developers should be made exempt from the European Union's (EU) proposed new artificial intelligence (AI) regulations, saying that the opportunity is still there for Europe to lead on AI. "Open source is forming the foundation of AI in Europe," Dohmke said onstage at the EU Open Source Policy Summit in Brussels. "The U.S. and China don't have to win it all." The regulations in question come via The Artificial Intelligence Act (AI Act), first proposed back in April 2021 to address the growing reach of AI into our every day lives. The rules would govern AI applications based on their perceived risks, and would effectively be the first AI-centric laws introduced by any major regulatory body. The European Parliament is set to vote on a draft version of the AI Act in the coming months, and depending on what discussions and debates follow, it could be adopted by the end of 2023.

As many will know, open source and AI are intrinsically linked, given that collaboration and shared data are pivotal to developing AI systems. As well-meaning as the AI Act might be, critics argue that it could have significant unintended consequences for the open source community, which in turn could hamper the progress of AI. The crux of the problem is that the Act would likely create legal liability for general purpose AI systems (GPAI), and bestow more power and control to the big tech firms given that independent open source developers don't have the resources to contend with legal wrangles. [...] "The AI act is so crucial," Dohmke said onstage. "This policy could well set the precedent for how the world regulates AI. It is foundationally important. It is important for European technological leadership, and for the future of the European economy itself. It must be fair and balanced to the open source community."

Dohmke said that the AI Act can bring "the benefits of AI according to the European values and fundamental rights," adding that lawmakers have a big part to play in achieving this. "This is why I believe that the open source developers should be exempt from the AI act," he said. "Because ultimately this comes down to people. The open source community is not a community of entities. It's a community of people and the compliance burden should fall on entities, it should fall on companies that are shipping products. OSS developers are often just volunteers, many of them are working two jobs. They are hobbyists and scientists, academics and doctors, professors and university students all alike, and they don't usually stand to profit from their contributions. They certainly don't have big budgets, or their own compliance department."

An anonymous reader shares a report: San Francisco-based AI chatbot maker, Replika -- which operates a freemium 'virtual friendship' service based on customizable digital avatars whose "personalized" responses are powered by artificial intelligence (and designed, per its pitch, to make human users feel better) -- has been ordered by Italy's privacy watchdog to stop processing local users' data. The Garante said it's concerned Replika's chatbot technology poses risks to minors -- and also that the company lacks a proper legal basis for processing children's data under the EU's data protection rules.

Additionally, the regulator is worried about the risk the AI chatbots could pose to emotionally vulnerable people. It's also accusing Luka, the developer behind the Replika app, of failing to fulfil regional legal requirements to clearly convey how it's using people's data. The order to stop processing Italians' data is effective immediately. In a press release announcing its intervention, the watchdog said: "The AI-powered chatbot, which generates a 'virtual friend' using text and video interfaces, will not be able to process [the] personal data of Italian users for the time being. A provisional limitation on data processing was imposed by the Italian Garante on the U.S.-based company that has developed and operates the app; the limitation will take effect immediately."

Planting more trees could mean fewer people die from increasingly high summer temperatures in cities, a study suggests. The Guardian reports: Increasing the level of tree cover from the European average of 14.9% to 30% can lower the temperature in cities by 0.4C, which could reduce heat-related deaths by 39.5%, according to first-of-its-kind modeling of 93 European cities by an international team of researchers. [...] The researchers used mortality data to estimate the potential reduction in deaths from lower temperatures as a result of increased tree coverage. Using data from 2015 they estimated that out of the 6,700 premature deaths that year attributed to higher urban temperatures, 2,644 could have been prevented had tree cover been increased.

The cities most likely to benefit from the increase in tree coverage are in south and eastern Europe, where summer temperatures are highest and tree coverage tends to be lower. In Cluj-Napoca in Romania -- which had the highest number of premature deaths due to heat in 2015, at 32 per 100,000 people -- tree coverage is just 7%. In Lisbon, Portugal it is as low as 3.6% and in Barcelona its 8.4%. That compares with 15.5% in London and 34% in Oslo. Study co-author Mark Nieuwenhuijsen, a researcher at the Barcelona Institute for Global Health, said the team picked 30% as that is a target that many cities are currently working towards.

He said there was no need for buildings to be razed and replaced with parks, since there is enough space to plant more trees in all the cities the team looked at. He praised initiatives such as the EU's 3 billion trees plan, and the UK government's proposal to ensure every home is within a 15-minute walk from green space, though he noted that policymakers must ensure trees are evenly distributed between richer and poor neighborhoods. He added that cities which are "too car-dominated" should consider replacing asphalt roads, which absorb heat, with trees. Planting more trees in cities should be prioritized because it brings a huge range of health benefits beyond reducing heat-related deaths, he added, including reducing cardiovascular disease, dementia and poor mental health. The study has been published in the journal The Lancet.

An anonymous reader shares a report: 'Astroturfing' and other non-transparent lobbying tactics used to target digital policymakers in the European Union in recent years -- including during a blitz of spending aimed at influencing major new pan-EU rules like the Digital Services Act (DSA) -- have inspired a group of MEPs and NGOs to fight back by launching a hotline for reporting attempts at indirectly influencing the bloc's tech policy agenda. The new tips line, which was first reported by the Guardian, is being called LobbyLeaks.

The office of one of the MEPs co-leading the effort, Paul Tang of the S&D Group, said the idea is to gather data on underhand lobbying efforts that may be targeting the EU's digital policymaking -- such as the use of third party 'industry associations' or consultancies without clear disclosures, or even academics being quietly funded to author favorable research -- in order that they can be studied and called out. They also want to ensure EU lawmakers are better informed about the myriad ways tech giants may be seeking to influence them as they work on shaping the rules platform giants will have to play by.

As nations around the world scramble to secure crucial semiconductor supply chains over fears about relations with China, the U.K. is falling behind. From a report: The COVID-19 pandemic exposed the world's heavy reliance on Taiwan and China for the most advanced chips, which power everything from iPhones to advanced weapons. For the past two years, and amid mounting fears China could kick off a new global security crisis by invading Taiwan, Britain's government has been readying a plan to diversify supply chains for key components and boost domestic production. Yet according to people close to the strategy, the U.K.'s still-unseen plan -- which missed its publication deadline last fall -- has suffered from internal disconnect and government disarray, setting the country behind its global allies in a crucial race to become more self-reliant.

A lack of experience and joined-up policy-making in Whitehall, a period of intense political upheaval in Downing Street, and new U.S. controls on the export of advanced chips to China, have collectively stymied the U.K.'s efforts to develop its own coherent plan. The way the strategy has been developed so far "is a mistake," said a former senior Downing Street official. During the pandemic, demand for semiconductors outstripped supply as consumers flocked to sort their home working setups. That led to major chip shortages -- soon compounded by China's tough "zero-COVID" policy. Since a semiconductor fabrication plant is so technologically complex -- a single laser in a chip lithography system of German firm Trumpf has 457,000 component parts -- concentrating manufacturing in a few companies helped the industry innovate in the past. But everything changed when COVID-19 struck.

AmiMoJo writes: Wind and solar supplied more of the EU's electricity than any other power source for the first time ever in 2022, new analysis finds. They together provided a record one-fifth of the EU's electricity in 2022 -- a larger share than gas or nuclear, according to a report by the climate thinktank Ember. Record additions of new wind and solar in 2022 helped Europe survive a 'triple crisis' created by restrictions on Russian gas supplies, a dip in hydro caused by drought and unexpected nuclear outages, the analysis says.

Around 83% of the dip in hydro and nuclear power was met by wind and solar -- and falling electricity demand. The rest was met by coal, which grew at a slower pace than some had expected amid a drop in fossil fuel supplies from Russia. Solar generation across the EU rose by a record 24% in 2022, helping to avoid --10bn Euro in gas costs, according to the findings. Some 20 EU nations sourced a record share of their power from solar, including the Netherlands, Spain and Germany. Wind and solar growth is expected to continue this year, while hydro and nuclear generation is likely to recover. As a result, fossil fuel power generation could drop by an unprecedented 20% in 2023 -- double the previous record observed in 2020, the analysis projects.

The European Union is weighing a proposal to make technology companies that use the most bandwidth, like Netflix and Alphabet, to help pay for the next generation of internet infrastructure, according to a draft document seen by Bloomberg. From the report: The suggestions are part of a "fair-share" vision from the EU's executive arm that could require large tech businesses, which provide streaming videos and other data-heavy services, to help pay for the traffic they generate.

The draft document, which is part of a consultation with the industry, suggested firms might contribute to a fund to offset the cost of building 5G mobile networks and fiber infrastructure, as well as the creation of a mandatory system of direct payments from tech giants to telecom operators. The commission also asked companies whether there should be a threshold that would qualify a company to be a "large traffic generator," the document showed. That could be similar to the European governing body's rules designating some tech companies "gatekeepers" and "very large online platforms" in its recent competition and online content rules.

The United States and European Union on Friday announced an agreement to speed up and enhance the use of artificial intelligence to improve agriculture, healthcare, emergency response, climate forecasting and the electric grid. Reuters reports: A senior U.S. administration official, discussing the initiative shortly before the official announcement, called it the first sweeping AI agreement between the United States and Europe. Previously, agreements on the issue had been limited to specific areas such as enhancing privacy, the official said. AI modeling, which refers to machine-learning algorithms that use data to make logical decisions, could be used to improve the speed and efficiency of government operations and services.

"The magic here is in building joint models (while) leaving data where it is," the senior administration official said. "The U.S. data stays in the U.S. and European data stays there, but we can build a model that talks to the European and the U.S. data because the more data and the more diverse data, the better the model." The initiative will give governments greater access to more detailed and data-rich AI models, leading to more efficient emergency responses and electric grid management, and other benefits, the administration official said. The partnership is currently between just the White House and the European Commission, the executive arm of the 27-member European Union. The senior administration official said other countries will be invited to join in the coming months.

A small asteroid is flying very close to Earth on Thursday night, less than a week after astronomers discovered the object. The New York Times reports: The asteroid, named 2023 BU, was scheduled to pass over the southern tip of South America at 7:27 p.m. Eastern time. The asteroid is fairly small -- less than 30 feet across, about the size of a truck -- and will be best visible in the skies to the west of southern Chile. For space watchers unable to view 2023 BU firsthand, the Virtual Telescope Project will be broadcasting the event on its website and YouTube channel. The asteroid will not hit Earth but will make one of the closest approaches ever by such an object, hurtling past Earth at just 2,200 miles above its surface, according to a news release from the NASA Jet Propulsion Laboratory. This encounter puts the asteroid "well within the orbit of geosynchronous satellites," the statement noted, but the asteroid is not on track to hit any.

2023 BU was unknown to NASA, or anyone, until last Saturday. Gennadiy Borisov, an amateur astronomer in Crimea, noticed the asteroid from the MARGO Observatory, a setup of telescopes that he has used to discover other interstellar objects. Astronomers then determined 2023 BU's orbit around the sun and impending trip past Earth using data from the Minor Planet Center, a project sanctioned by the International Astronomical Union. It publishes positions of newly found space objects, including comets and satellites, from information of several observatories worldwide.

The EU's proposed Cyber Resilience Act (CRA), which aims to "bolster cybersecurity rules to ensure more secure hardware and software products," could have severe unintended consequences for open source software, according to leaders in the open source community. From a report: The proposed Act can be described as CE marking for software products and has four specific objectives. One is to require manufacturers to improve the security of products with digital elements "throughout the whole life cycle." Second is to offer a "coherent cybersecurity framework" by which to measure compliance. Third is to improve the transparency of digital security in products, and fourth is to enable customers to "use products with digital elements securely."

The draft legislation includes an impact assessment that says "for software developers and hardware manufacturers, it will increase the direct compliance costs for new cybersecurity requirements, conformity assessment, documentation and reporting obligations." This extra cost is part of a total cost of compliance, including the burden on businesses and public authorities, estimated at EUR 29 billion ($31.54 billion), and consequent higher prices for consumers. However, the legislators foresee a cost reduction from security incidents estimated at EUR 180 to 290 billion annually. The question is though: how can free software developers afford the cost of compliance, when lack of funding is already a critical issue for many projects? Mike Milinkovich, director of the Eclipse Foundation, said it is "deeply concerned that the CRA could fundamentally alter the social contract which underpins the entire open source ecosystem: open source software provided for free, for any purpose, which can be modified and further distributed for free, but without warranty or liability to the authors, contributors, or open source distributors. Legally altering this arrangement through legislation can reasonably be expected to cause unintended consequences to the innovation economy in Europe."