The cybersecurity resilience act sounds like a huge blow to FOSS. Or am I not interpreting it correctly?

Imagine every newb getting started on some new project having to comply with complex regulatory requirements…

Curious if anyone has any interesting takes 🤔