[hyperman1]

For some reason I can't seem to open the text right now, but from my previous reading I remember a smaller variant of annex V for small businesses. So the solo dev is not treated the same.

As I read it, and with the caveat that the exact requirements are not yet determined: You will need a SBOM stating you use openssl, and how you plan to update openssl if it contains security bugs.

Update: found it, paragraph 46a: In relation to small and micro enterprises, in order to ensure proportionality, it is appropriate to alleviate administrative costs without [...]