It is refreshing to finally have a real conversation going on here :) I
really like it. So I am taking the time to fully engage.
As for a more general solution with regards to the age verification issue,
I appreciate very much what the EU has done with the Digital Services Act.
It obliges platforms to protect minors. It asks them to analyse, assess and
mitigate risks. But it also gives platforms, at least at first, plenty of
room for maneuver and to figure out how to do it. The platform has the
opportunity to prove to the regulator that there is no significant,
systemic risk and/or that risks are being taken care of efficiently. It
also explicitly says that no additional user data should be gathered.
This, for me, is a sensible solution. And one of our goals should be (and
is) to elevate the DSA, or its principles, to the level of international
treaties. We can start with a Council of Europe treaty. The French
government, however, was hell-bent to go beyond it and be stricter.
Another general solution I personally like is to move age-verification to
the device or browser. Like parental controls already work on many systems,
including TVs. I am not sure how well such an approach would be accepted by
the communities, the device manufacturers or the legislators. In this
scenario the community would need to provide metadata/categorisation for
sensitive content. Not sure it is feasible, but this is a universal
approach that doesn't require the hovering up of user data. I have proposed
a Wikimania session on online age-verification, we need to have this
discussion and come up with solutions we are willing to accept. Because
such regulation is coming, not only in France and the UK, but everywhere.
It is just starting.
Now, back to France. Our initial position was that the DSA has just been
passed and that the EU will have this special group to work out best
practices, so national governments should wait at least a little bit to see
the results of the DSA. I believe the European Commission has made similar
arguments to Paris. But, as I said, France explicitly wants to
pre-implement and go beyond EU level regulation.
Our second position was that they should take a different definition of
social media, one idea was to generally exclude not-for profit content
sharing services, like the copyright directive. This is politically not
feasible anymore. Politicians don't agree that not-for-profits should have
special exemptions when it comes to content moderation (see DSA, terrorist
content, child sexual abuse material). So, regardless of how much lawmakers
toyed with the definition, it always included platforms that allow users to
The original amendment Senators had proposed after hearing from Wikimedia
actually included the brand name "Wikipedia". It literally said "with the
exception of Wikipedia", I kid you not. So we then intervened again (note:
this is our third fallback option) and asked for a more general wording,
which was then accepted.And I think educational and scientific repositories
goes well beyond Wikimedia projects.
The accepted language is modelled after the carve-out used in the copyright
directive, the second part of Article 2(6). As mentioned above, a general
exception for all not-for-profits, as in the first part of the same article
from the copyright directive, was not feasible in France. I agree that in
this case the "online encyclopedia" part was in the end not really
necessary anymore, as Wikipiedia is an educational resource par excellence.
But the final wording is the product of a thought process of lawmakers, and
without "online encyclopedia" we wouldn't have gotten the "educational
As for Wikivoyage, I don't know if it is an educational resource or not,
but it is part of the Wikimedia movement, whose current mission statement
is "bring free educational content to the world". If it is not educational,
then we need a new mission statement. Wikinews I prefer not to comment, I
have very specific views of that project. MediaWiki itself is a software
project, not an online platform. Meta-Wiki is what I worry about. I have no
answers on this. But, here again, we decided to ask for the protection of
educational and scientific projects at large, instead of lobbying for a
wording that would carve-out every single Wikimedia project.
So, I don't really accept the criticism that we are asking for exceptions
for ourselves as a snowflake, we explicitly try not to do this and create
as large a space for self-governing communities as possible. This is our
approach. It worked with the DSA, it didn't work in France. I can also
confirm that on half a dozen of files we are working on (e.g. AI, political
advertising, child sexual abuse materials, Media Freedom Act) our projects
are not directly concerned and we could easily pass on them. But we still
speak up and join coalitions to try and establish a larger space for
autonomous online communities. The truth is that lawmakers are much more
willing to protect concrete projects.
Still, when push comes to shove, and the large umbrella attempts fail, of
course we are going to look for a way to protect our projects. Call it
selfish, but I don't think we are.
Le mer. 31 mai 2023 à 19:00, Mathias Schindler <mathias.schindler(a)gmail.com>
a écrit :
On Wed, May 31, 2023 at 4:43 PM Dimi Dimitrov <dimi(a)wikimedia.be> wrote:
=== Liability on Free Software ===
The Cyber Resilience Act (CRA) sets out cybersecurity requirements for a
software products placed on the EU market. The instrument of
choice is to impose liability on developers and deployers of software. Our
main worry is how the new obligations would hinder developers, especially
volunteers, of free software. We are coordinating our position  and
actions with the FSFE and EDRi.
The Industry, Research and Energy (ITRE) committee in the European
the lead and MEPs have tabled their amendments, which will
now be discussed in the coming weeks (see Documentation Gateway in ).
The good news is that most political groups are thinking about the specific
needs of free software. The challenge is that the lawmakers, including the
ones in Council, seem to be lacking a coherent vision of what a liability
system should look like. We appear to be stuck considering patches and
carve-outs. We are now going through an initial assessment of amendments
 and will coordinate with our allies before contacting lawmakers.
You might want to borrow language from Directive EU 2019/770, Article 3
(5) f here:
5. This Directive shall not apply to contracts regarding:
(f) software offered by the trader under a free and open-source licence,
where the consumer does not pay a price and the personal data provided by
the consumer are exclusively processed by the trader for the purpose of
improving the security, compatibility or interoperability of that specific
Since this is already law in place and transposed, it would be a good
starting point for consistency.
Publicpolicy mailing list -- publicpolicy(a)lists.wikimedia.org
To unsubscribe send an email to publicpolicy-leave(a)lists.wikimedia.org
Rue Belliard 12 Belliardstraat, Brussels
Wikimedia Europe ivzw