At this point, the situation is pretty dramatic, due to a recent turn of events.

Amendments that have been introduced by the ITRE committee (ITRE is European Parliament Committee on Industry, Research and Energy), would regulate open source projects unless they have “a fully decentralised development model.” Any project where a corporate employee has commit rights would need to comply with CRA obligations, which are quite heavyweight.

According to the Commission's own impact study, the impact of SMEs that produce sowftare in Europe would be an increase of 30% in their development costs.

Regulating open source projects unless they have a fully decentralised development model?

Are they out of their mind? 99% of the successful open source projects do have a fully centralized development model. When they get decentralized, you can throw them away. Regardless if some committer commits with his company email or private.