Look, I know, EU "law" is difficult. I happen to have a little bit of knowledge about that, because I work on safety-related systems in industrial automation, where the same legal mechanisms apply (although "my" directive is 2006/42/EG, not Directive 2001/95/EC).
Legally it works like this:
1. The EU issues a directive. Directives are not directly binding (some gray areas have developed over the years) and must be implemented by national legislatures into national law. The directive is the base line, national legislators may go above and beyond what the directive calls for.
2. In Germany we have implemented this directive (as well as "my directive", that's why I claim to have some knowledge about this issue, as well) in the "Produktsicherheitsgesetz" (Product Safety Act). You can find a translation here: http://www.bmas.de/SharedDocs/Downloads/DE/PDF-Meldungen/pro...
3. The law enables quite a few ministers to issue regulations that deal with specific things (in my example: the Ninth Regulation deals with machinery safety).
Those regulations usually refer back to the EU Directive, incorporating it partly.
For example, in the Ninth you can see (http://www.gesetze-im-internet.de/gsgv_9/__3.html) that some requirements are basically just worded as "must meet requirements A, B and C from 2006/42/EG" or "must provide documentation as per Annex I of 2006/42/EG)".
4. Law and Regulations must be obeyed. Not some "EU law". This law. And only this law.
The key insight is: how you fulfill the requirements is up to you. Also, the burden of proof that you fulfilled those requirements is yours.
5. Because those requirements are rather vague and abstract, and this burden of proof is not easily met, the law provides for some "convenience avenue" (well, and because that's the idea behind the EU's "New Approach"):
You may demonstrate that you meet the requirements of certain applicable standards. If you do this (and you still have the burden of proof here!), you are automatically assumed to be in compliance with the law and the regulations.
That's the so-called assumption of conformity.
6. That's where your linked table comes in: those are standards that are "harmonized under the Directive".
If you find a standard that's (partly) applicable (you may not use a nuclear reactor standard to claim conformance of your children's toys...) on that list, you may shift your burden of proof from the law and the regulations to the standard (as far as it's applicable).
7. So far it doesn't sound very exciting. You just swapped one set of requirements where you bear the burden of proof with another set of requirements where you also bear the burden of proof.
The thing is, those standards are tailored to your field, so they are much more practical and manageable.
And the real kicker is this: you can get certification by TÜV, BG and other "notified bodies" provided for by EU law, that you met the requirements of the standard. You probably won't get TÜV or BG to certify that you met the requirements of the law itself.
8. Okay, but isn't that "incorporation"?
No, it's not. Not legally. And not practically.
First, remember: you have to follow the German law. Not some Directive. The latter isn't directly binding to anyone, except the national states insofar, as they are required to implemented it.
The decision which standards are "harmonized" and thus invoke this assumption of conformity lies with EU organs, not national organs. So there is a real division of authority there.
And, most important: you're always free to disregard any and all harmonized standards. If you feel good about meeting the requirements of the national law and regulations without the help of harmonized standards (and in some fields you mostly have to do that anyway, because no really applicable harmonized standards exist), you're free to do so.
Let me offer a tl;dr: Standards bodies found a bureaucratic loophole allowing them to make their standards into de facto-law while avoiding that those standards then become part of the public domain as they ought to be.
Sounds like a classic case where the law has not caught up with morality.
No, you are wrong, the whole reason the GP is so long is because EU law is much more complicated than the average nerds' vision of what law should be like (i.e., a rule-based decision tree). It is no 'loop hole', it is a fundamental feature of EU law to not be a federal system where the Commission sets the law in a uniform way across the territory.
Your point about the complexity of EU law is irrelevant.
If there is even one single EU country in which the law is implemented in such a way that the standard referenced by the EU document becomes de facto law, then that standard ought to enter the public domain at least within that country. The detour via the EU is irrelevant.
Look, just read everything that was said above again until you understand it and then come back, there's no point in me repeating the same thing several times. You're literally talking nonsense - 'de facto law', 'public domain within that country', 'detour via the EU' - everything you say indicates you don't understand the points being made here.
Not to be an asshole about it, but between you and me, there is only one person with a law degree.
Not to be an asshole about it, but if you really have a law degree, then perhaps that explains your inability to see the moral dimension of what is going on here. Time to take off your lawyer hat and read again what I wrote.
I have not written whether I believe the publication of those standards is legal under current (copyright) law or not. The point is that it ought to be legal because it is moral. It is moral because (at least for some of the standards, according to everything I have read about the topic) the de facto way of following a certain law is to follow the standard that was published. Whether there are other ways of following that law is made irrelevant by common practice (again, from a moral point of view, thought perhaps not according to current copyright law).
If necessary, the (copyright) law should be changed so that the law follows morality.
>bureaucratic loophole allowing them to make their standards into de facto-law while avoiding that those standards then become part of the public domain
I get this kind of doublespeak a lot in Germany.
For example, if a police officer suspects you of drunk driving, you are not required by law to take a breath test. You are required to take a blood test back at the station. The breath test is considered voluntary.
Then there is the public health system. Insurance companies are not really part of the government, so you can't vote them out of office. But somehow they are still have a mandate to issue legally binding orders of seizure if you happen to disagree with the math in their invoices. They also act as their own oversight department. You are mandated to do business with at least one of them.
Also, traffic tickets are not fines. They are just a voluntary payment to convince the city not to issue you a real fine, which is about 10x higher. Of course, you can't contest it, because you agreed to it.
Guess DIN is just another wagon in the gravy train...
> Standards bodies found a bureaucratic loophole allowing them to make their standards into de facto-law while avoiding that those standards then become part of the public domain
I encounter this kind of wiggling a lot in Germany. What surprises me most is how readily these kinds of explanations are accepted by people, no matter how absurdly complicated they are.
Sounds like you are agreeing with Malamud. Regardless of whether or not various certification authorities trust the word of the companies that implement products to match the directive, the directive is the law in Germany. Right?
First, the Directive itself is not the issue here, the harmonized standards are. Please don't mix it up.
Nobody would sue for copying the text of the Directive.
And second, it's really, really important to understand that only the national law must be followed and that it is not identical to the Directive.
I know it sounds like nitpicking, but this difference is important. Not in the day-to-day development work (because you use Directive and standards as references, but mostly your company-internal process). But as soon as you're dicussing legal matters, it's important.
That's the kind of talk that will lead to lawyers being the first against the wall when the revolution comes, right after the Marketing Department of the Sirius Cybernetics Corporation.
The morality of the situation is very clear: Those standards are de facto law because they are treated by common practices as if they were the law. Hence they need to be in the public domain.
This is not an arbitrary sentiment either. You can draw a parallel to how trademarks can lose their protection by becoming part of regular language.
The morality of the situation is very clear: Those standards are de facto law because they are treated by common practices as if they were the law. Hence they need to be in the public domain.
I agree that if those standards are indeed de facto law, they should be treated like law. But that is not the case the article makes. The articles makes a case around being surprised about getting sued for publishing copyrighted material without the owner's consent. Which is not suprising at all.
The entire point of this post is that there's a difference between the law and the standard. The law is publicly published, of course. What Malamud did was publish the standard.
And, this distinction is important: You have to follow the law, but how you do so is up to you. Implementing the standard is just one way of doing that. So the standard is not, in fact, part of the law, just a shortcut to compliance in some cases.
Example: The law says that the pacifier must be made in such a way that it cannot be swallowed.
Your options are:
1. Develop your own way of ensuring that the pacifier cannot be swallowed and prove that it's effective
2. Buy the standard, follow it and prove that you are following it.
Option (2) is generally cheaper. Hence the market for these standards.
No, and that is made clear in the comment. The directive is the supranational law that mandates nations of the EU to create national law, only this is binding and applicable to citizens.
Laws tend to be general. For example a lay might say something like: Communication between two parties needs to be secure.
Now, what is secure, how do you define it? Like tomte said you have the burden of proof. One way is to say you followed a standard because standards are formulated by "experts" and thus your communication is clear.
An alternative is to develop your own secure algorithm - you might have to proof this at some point that it really is secure.
If a law says that all communication needs to be encrypted using technique x, then it will be outdated as soon as this technique is broken. Thus a law specifying that communication should be secure is something that can last much longer
Besides, this information is very technical and not in the slightest consumer oriented! After looking at the first document I certainly don't want to read further. That is why we have standard bodies, law makers and journalists to do this stuff for is. I don't think that a raw dump would help anybody
No, actually, you don't have the burden of proof, that's the point. If that was the case, following a US standard, say, should probably be as good a defence as following an EU standard. Instead, one particular proprietary standard is exempted from you having to prove anything, except for the fact that you do follow the standard. That special treatment is what is being criticized here.
Also, laws don't cease to be laws because they are not consumer oriented. Your argument applied analogously essentially would mean that it would be perfectly fine for all laws concerning the taxation of corporations to be secret because those are highly technical and not consumer oriented. These dumps are not meant for consumers, but for people who are required to follow the rules set by those standards.
I agree the situation is not ideal, and I applaud any effort to try to show that the way the law and the standard are intertwined make for a de facto incorporation of the standard into law (which would mean the standard would have to be accessible for free).
It is not clear from the article that that's going on, and it's also not made clear why starting with a copyright violation is a good way to bring about this change. To me, this reeks much more of trying to get publicity than actually trying to change things.
The problem is that the article has its facts all mixed up and glosses over the central point, which is the difference between a law and a standard. Without getting that point across, this is just publicity for its own sake.
I think you got it all backwards. They are contesting that very distinction, so their position is that there is none, so why should they write as if there was?
Their stance is that the other side's distinction is merely in their choice of words, but the facts of the situation are such that the standard plays the same role as a law would, and as such choosing to call it a "standard" rather than a "law" only serves to confuse people, not to describe the actual situation, and so they instead choose words that accurately and clearly describe things as they are from their perspective.
Legally it works like this:
1. The EU issues a directive. Directives are not directly binding (some gray areas have developed over the years) and must be implemented by national legislatures into national law. The directive is the base line, national legislators may go above and beyond what the directive calls for.
2. In Germany we have implemented this directive (as well as "my directive", that's why I claim to have some knowledge about this issue, as well) in the "Produktsicherheitsgesetz" (Product Safety Act). You can find a translation here: http://www.bmas.de/SharedDocs/Downloads/DE/PDF-Meldungen/pro...
3. The law enables quite a few ministers to issue regulations that deal with specific things (in my example: the Ninth Regulation deals with machinery safety).
Those regulations usually refer back to the EU Directive, incorporating it partly.
For example, in the Ninth you can see (http://www.gesetze-im-internet.de/gsgv_9/__3.html) that some requirements are basically just worded as "must meet requirements A, B and C from 2006/42/EG" or "must provide documentation as per Annex I of 2006/42/EG)".
4. Law and Regulations must be obeyed. Not some "EU law". This law. And only this law.
The key insight is: how you fulfill the requirements is up to you. Also, the burden of proof that you fulfilled those requirements is yours.
5. Because those requirements are rather vague and abstract, and this burden of proof is not easily met, the law provides for some "convenience avenue" (well, and because that's the idea behind the EU's "New Approach"):
You may demonstrate that you meet the requirements of certain applicable standards. If you do this (and you still have the burden of proof here!), you are automatically assumed to be in compliance with the law and the regulations.
That's the so-called assumption of conformity.
6. That's where your linked table comes in: those are standards that are "harmonized under the Directive".
If you find a standard that's (partly) applicable (you may not use a nuclear reactor standard to claim conformance of your children's toys...) on that list, you may shift your burden of proof from the law and the regulations to the standard (as far as it's applicable).
7. So far it doesn't sound very exciting. You just swapped one set of requirements where you bear the burden of proof with another set of requirements where you also bear the burden of proof.
The thing is, those standards are tailored to your field, so they are much more practical and manageable.
And the real kicker is this: you can get certification by TÜV, BG and other "notified bodies" provided for by EU law, that you met the requirements of the standard. You probably won't get TÜV or BG to certify that you met the requirements of the law itself.
8. Okay, but isn't that "incorporation"?
No, it's not. Not legally. And not practically.
First, remember: you have to follow the German law. Not some Directive. The latter isn't directly binding to anyone, except the national states insofar, as they are required to implemented it.
The decision which standards are "harmonized" and thus invoke this assumption of conformity lies with EU organs, not national organs. So there is a real division of authority there.
And, most important: you're always free to disregard any and all harmonized standards. If you feel good about meeting the requirements of the national law and regulations without the help of harmonized standards (and in some fields you mostly have to do that anyway, because no really applicable harmonized standards exist), you're free to do so.