Exactly. It sounds like currently there's no money to be made supporting old embedded devices (in the consumer space at least), because no one is on the hook for long term maintenance.
Regulations _could_ change the incentives, and create a market for long term servicing. Regulations are hard to get right though...
Or maybe vendors will be incentivized to actually upstream kernel patches, plus stop making 10 different models every year for weird market segmentation reasons.
“Old devices are phased out sooner” seems like an OK solution with some caveats.
It is nice that it makes the cost of not supporting things visible to the users. Assuming “phased out” means the device will actually stop operating; “Company X’s devices have a short lifetime” is an easy thing for people to understand.
I suspect consumers will look for brands that don’t have this reputation, which should give those well behaved brands a boost.
Although, if it does turn out that just letting devices die is the common solution, maybe something will need to be done to account for the additional e-waste that is generated.
Moving toward proprietary OSes; hey, if it solves the problem… although, I don’t see why they’d have an advantage in keeping things up to date.
It is possible that companies will just break the law but then, that’s true of any law.
This won’t make more money available for supporting old devices, it’ll just make the long term profitability of any device significantly lower and therefore less competition and innovation.
A smarter regulation would have been required non-commercial use firmware source disclosures to allow non competitive long term maintenance by owners.
Who is responsible for complying with it? If a Chinese or American manufacturer of an embedded device that does not have a presence in the EU fails to provide updates what happens?
How many of the companies producing this stuff have the skills to fix kernel security bugs?
