[graemep]

The GDPR and DMA are mostly good. GDPR should have exemptions for organisations with smaller amounts of data who do not trade in it.

A lot of EU laws have also been bad. VATMOSS (especially with the very low initial limit to register) was initially a disaster. It actually deterred people from trading within the EU! The commission's attempt at chat surveillance was thrown out by the parliament, but they will try again. The new AI regulations look problematic. The draft I saw of the AI one was far too broad (included old tech like expert systems) - not checked recently whether it has changed. There are also issues with a lack of FOSS exemptions in the other current law (forgotten what it is called) imposing greater liability for faults in some categories of software.

[Yujf]

I don't know the details about VATMOSS but will look into it. I agree that chat control and the initial thing about software security not having a FOSS exemption were problematic. As far as I know, an exemption for FOSS authors was added.

I think it is important to acknowledge that many regulations are not perfect and I would push for more revisions on the details (although changes in the law also have a real cost associated) that don't hit their target.

[graemep]

> As far as I know, an exemption for FOSS authors was added.

last time I caught up on it, it was a very narrow exemption that was only of use to pure hobby projects.