In response to the HM Treasury consultation on the transposition of 5th AML Directive, OpenUK responded to open source question with support from our affiliates. Question 19, was the key concern for us in representing Open Source in the UK:
“The government would welcome views on whether the publication of open-source software should be subject to CDD requirements. If so, under which circumstances should these activities be subject to these requirements? If so, in what circumstances should the legislation deem software users be deemed a customer, or to be entering into a business relationship, with the publisher?”
Our views on the inclusion of Open Source within this scope are as follows:
- Open Sourcing of software has no bearing on the propensity for fraudulent activity with respect to the objective of Money Laundering Directive (MLD). Open Source software in its purest sense is the mechanism where the underlying code and specifications are shared and developed collaboratively in the open. In a modern digital world, such assets can relate to almost any aspect of business or personal life therefore can scope is beyond that of the concerns of MLD so should not be referred to within the MLD;
- The complexity in placing controls on applications and related sub components would deliver no benefit to the MLD and would be impossible to maintain;
- The consultation suggests that it is the “publishers” who may be required to carry out CDD on the users of the software yet there is no definition as to what this would mean which could include individual sharers and developers of code. This could create an inadvertent liability on the part of the developer if their code is subsequently used within a MLD regulated domain even when this domain was not the target. Defining the Customer and what constitutes a business transaction will be equally challenging;
- Open Source developers often create code without being paid. It is likely that the developer does not provide a contract to the users or consumers of the developed assets and may well not be able to insure and protect themselves. Rather they release code under an open source licence and exclude all liability as is the norm;
- Should Open Source be in any way impacted by the MLD, the collaborative nature and global potential source of contributions means that it is difficult to hold any one person accountable or even identifiable, particularly where many projects do not require contributors to provide their actual identity;
- Contributors fill a variety of roles, not just coding but support including design, project management, tester and implementer. Following code release, others may engage to extend, improve and iterate the software and to provide support roles such as marketing within the community. The proportionality of any one contribution and associated accountability would be difficult to establish;
- Having the scope of MLD include Open Source would create a dis-incentive for developers and this will further increase the digital skills shortage as well as longer-term economic disadvantage for the UK;
- Regulation would impose licence conditions and maximal disclaimers that require the user not to use for MLD related activities which is contrary to the open source non-discrimination principles and potentially a breach of the licence terms; and
- Open Source software and associated assets are designed to be open and fully transparent and therefore it may be a benefit to make it policy that all software within the scope of MLD IS Open Source to ensure that the regulator or stakeholder has freedom and right to understand the workings of the software.
In conclusion we recommended that Open Source should NOT be subject to Customer Due Diligence (CDD) under any circumstances, and should NOT be within scope of 5AMLD.
It is our view that it would be practically impossible and certainly undesirable to implement any MLD regulation that may impact Open Source software.
The UK Government MUST seek to understand the importance of Open Source to our national digital maturity, development of the UK digital skills capability, and the economic benefits of extending the reach and prevalence of the Open Source industry for the UK.
We welcome the opportunity to expand on these points or answer any further questions from the Treasury and will engage further with our members in relation to this.
Stuart Mackintosh, Chair, Open UK