That's a really sad state of affairs. Instead of promoting security, which is what the law claims to do, the law is actually promoting insecurity. Which is probably the true end goal of the law any way, if that's the way it's written. Threaten people with jail unless they first register security vulnerabilities with the government, than, when they do so, threaten them with even more jail time if they ever speak again about the said vulnerability, and keep the vulnerability for your self. I guess EU is just pissed that NSA has better toys. Really, truly sad state of affairs.