The EU has been working on regulations related to this over the past couple of years. Various OSS foundations have been tracking this like Apache, Linux, and Eclipse Foundations.
Yes, and the regulations and guidelines coming out are looking good with regards to open-source, it seems they've gotten into the right places to be heard. (Basically they protect people just providing open-source from liability and force companies to have plans how they'll deal with their open dependencies)
