What are the penalties? Will they crack down on the buggy WiFi routers which often times have open source software that they never maintain?
Also I see this as a benefit for the major commercial Linux Distribution like Red Hat, Ubuntu and maybe SuSe because small companies can't provide that level of assurance.
"Failure to comply with vulnerability reporting, cyber incident reporting, or essential cybersecurity requirements could trigger administrative fines of up to €15 million or 2.5% of global turnover. Other obligations include €10 million or 2% of global turnover."
Apart from fines, "Beyond financial penalties, non-compliant products may also be prohibited or restricted from being made available on the EU market, or authorities may order their withdrawal or recall. This can lead to significant reputational damage and loss of market access."
There is more to it than just reporting, "essential cybersecurity requirements" presumably would include fixing issues, hardening to reduce impact of issues etc.
