Netzpolitik has an English language article about the EU Commission's vague plans for open source via its Open Stack programme. An internal paper calls on the Commission to support Free and Open Source Software in public administrations – and think about a new legal form. However, many questions remain open. The crux of the matter, which would be the role open protocols and open standards play in enabling vendor independence, remains unnamed in the article and is almost but not quite named in the acutal report [warning for PDF].
The EU Commission has been funding open source projects for years. A programme called Next Generation Internet (NGI) is central to this by distributing money quickly and without red tape to promising projects – such as the decentralised microblogging service Mastodon, the video software PeerTube or Jitsi for videoconferencing.
But the Commission has been set on ending funding NGI for some time – despite prolonged criticism. Involved organisations have said that NGI works well and efficiently. Open source also plays a key role in protecting Europe from foreign actors – particularly important in the current geopolitical environment.
The Commission responded that the end of NGI is not meant to be the end of its open source funding. That is set to continue under a new name – initially the “Open Europe Stack”, now the “Open Internet Stack”. Important distinction: In spite of the new name, the programme is only indirectly related to the “EuroStack”.
Some of these plans include the EU Commission leading by example through improving procurement and use of Free and Open Source Software in practice. They also include phasing out proprietary and/or overseas services in favor of more local services specifically those which are more amenable to using Free and Open Source Software.
Previously:
(2025) Euro Techies Call for Sovereign Fund to Escape US Dependency
(2022) The EU's AI Act Could Have a Chilling Effect on Open Source Efforts, Experts Warn
(2021) European Commission's Study on Open Source Software
(2018) German Documentary on Relations Between Microsoft and Public Administration Now Available in English
(2014) EU Spending €1M for Security Audit of Open Source
Related Stories
Member of the European Parliament Julia Reda blogs
Security and liberty don't have to be opposites. I want the European Union to focus its energy and funds on projects that increase both the safety and the autonomy of its people at the same time. At my proposal, next year's EU budget will include a step in that direction:
€1 million of the EU's €40 million pilot project fund will be spent towards open source software security.
The European Union's interoperability page says
The European Parliament is funding a security audit of the free and open source solutions used by the Parliament and the European Commission. Last Wednesday, the EP allocated €1 million for the audit project, to be carried out by the EC Directorate General for Informatics (DIGIT). The project should also come up with best practices for code review and quality assessments of free software and open standards funded by the EU.
A French Free Software organization, April, has announced that a German Documentary from the ARD, "The Microsoft Cyber Attack" has been released in English thanks to Deutsche Welle (DW). It is an informative and objective film about the inappropriate relations between a certain infamous corporation and the various public administrations. The documentary first aired on February 19th, 2018 by the German public broadcaster (ARD).
In May 2017, hundreds of thousands of computers running Microsoft Windows operating systems were disabled by the WannaCry cyber attack. How could a single malware program simultaneously cripple companies, hospitals and even government intelligence services all around the globe? Microsoft Windows software programs proved to be their common Achilles heel. Companies and private individuals use software from Microsoft. Government and public administrations from Helsinki to Lisbon run it, too. That makes all of them vulnerable to attacks from hackers and spies. Microsoft Window's dominance also undermines European procurement legislation, impedes technological progress and costs Europe a bundle. Journalist Harald Schumann and his team of Investigate Europe researchers have spoken with insiders and administrators from all across the continent. The German government's former IT director, Martin Schallbruch, tells us how countries are becoming increasingly dependent on Microsoft. A legal expert from the Netherlands describes how the European Commission and governments are breaking European laws regulating public tenders. Hamburg's data protection commissioner, Johannes Caspar, warns that Microsoft Windows systems expose individuals' private data to the prying eyes of US intelligence services. Internal documents show that Germany's Federal Office for Information Security (BSI) suspects this, too. The European Parliament and the German parliament have responded by repeatedly demanding that government IT systems be converted to open source software. Their source codes can be accessed freely and copied at will, which would enable European security services to use, alter and monitor them. Italy's army is going open source, as have police in France, Lithuania, and in the cities of Rome and Barcelona. Why do most governments resist the alternatives, or fall back into Microsoft's clutches, as Munich city authorities did. The EU's Commissioner for the Digital Single Market, Andrus Ansip, and other key players have the answers.
The video itself, « The Microsoft Cyber Attack », is available at Youtube and is about 43 minutes long.
While fastidiously avoiding use of the F-word [i.e. freedom], the European Commission has published a very long report on the impact of open source software and hardware on technological independence, competitiveness and innovation in the EU economy. Open hardware is also covered.
This study analyses the economic impact of Open Source Software (OSS) and Hardware (OSH) on the European economy. It was commissioned by the European Commission's DG CONNECT.
It is estimated that companies located in the EU invested around €1 billion in OSS in 2018, which resulted in an impact on the European economy of between €65 and €95 billion. The analysis estimates a cost-benefit ratio of above 1:4 and predicts that an increase of 10% of OSS contributions would annually generate an additional 0.4% to 0.6% GDP as well as more than 600 additional ICT start-ups in the EU. Case studies reveal that by procuring OSS instead of proprietary software, the public sector could reduce the total cost of ownership, avoid vendor lock-in and thus increase its digital autonomy. The study also contains an analysis of existing public policy actions in Europe and around the world.
Back in 2006, Rishab Aiyer Ghosh prepared a similar report for UNU-MERIT, Study on the effect on the development of the information society of European public bodies making their own software available as open source, in The Netherlands.
The EU's AI Act could have a chilling effect on open source efforts, experts warn:
The nonpartisan think tank Brookings this week published a piece decrying the bloc's regulation of open source AI, arguing it would create legal liability for general-purpose AI systems while simultaneously undermining their development. Under the EU's draft AI Act, open source developers would have to adhere to guidelines for risk management, data governance, technical documentation and transparency, as well as standards of accuracy and cybersecurity.
If a company were to deploy an open source AI system that led to some disastrous outcome, the author asserts, it's not inconceivable the company could attempt to deflect responsibility by suing the open source developers on which they built their product.
"This could further concentrate power over the future of AI in large technology companies and prevent research that is critical to the public's understanding of AI," Alex Engler, the analyst at Brookings who published the piece, wrote. "In the end, the [E.U.'s] attempt to regulate open-source could create a convoluted set of requirements that endangers open-source AI contributors, likely without improving use of general-purpose AI."
In 2021, the European Commission — the EU's politically independent executive arm — released the text of the AI Act, which aims to promote "trustworthy AI" deployment in the EU as they solicit input from industry ahead of a vote this fall, EU. institutions are seeking to make amendments to the regulations that attempt to balance innovation with accountability. But according to some experts, the AI Act as written would impose onerous requirements on open efforts to develop AI systems.
In a recent example, Stable Diffusion, an open source AI system that generates images from text prompts, was released with a license prohibiting certain types of content. But it quickly found an audience within communities that use such AI tools to create pornographic deepfakes of celebrities.
At the beginning of last year, Manuel Hoffmann, Frank Nagle, and Yanuo Zhou published a working paper on the Value of Open Source Software [PDF] for comment and discussion only.
The value of a non-pecuniary (free) product is inherently difficult to assess. A pervasive example is open source software (OSS), a global public good that plays a vital role in the economy and is foundational for most technology we use today. However, it is difficult to measure the value of OSS due to its non-pecuniary nature and lack of centralized usage tracking. Therefore, OSS remains largely unaccounted for in economic measures. Although prior studies have estimated the supply-side costs to recreate this software, a lack of data has hampered estimating the much larger demand-side (usage) value created by OSS. Therefore, to understand the complete economic and social value of widely-used OSS, we leverage unique global data from two complementary sources capturing OSS usage by millions of global firms. We first estimate the supply-side value by calculating the cost to recreate the most widely used OSS once. We then calculate the demand-side value based on a replacement value for each firm that uses the software and would need to build it internally if OSS did not exist. We estimate the supply-side value of widely-used OSS is $4.15 billion, but that the demand-side value is much larger at $8.8 trillion. We find that firms would need to spend 3.5 times more on software than they currently do if OSS did not exist. The top six programming languages in our sample comprise 84% of the demand-side value of OSS. Further, 96% of the demand-side value is created by only 5% of OSS developers.
The working paper is especially interesting when considered in the context of similar, earlier works such as Ghosh et al in Study on the effect on the development of the information society of European public bodies making their own software available as open source [PDF] published by the European Commission back in 2007. One would think that both sides of the pond would be very interested in this valuable commons and work to not just protect it but cultivate it further, rather than work to saw the legs from under it by advancing software patents instead.
Previously:
(2025) Open Internet Stack: The EU Commission's Vague Plans for Open Source
(2023) The Four Freedoms and The One Obligation of Free Software
(2023) Opinion: FOSS Could be an Unintended Victim of EU Security Crusade
(2021) European Commission's Study on Open Source Software
Arthur T Knackerbracket has processed the following story:
A group of technology companies and lobbyists want the European Commission (EC) to take action to reduce the region's reliance on foreign-owned digital services and infrastructure.
In an open letter to EC President Ursula von der Leyen and Executive Vice-President for Tech Sovereignty Henna Virkkunen, the group of nearly 100 organizations proposed the creation of a sovereign infrastructure fund to invest in key technology and lessen dependence on US corporations.
The letter points to recent events, including the farcical Munich Security Conference, as a sign of "the stark geopolitical reality Europe is now facing," and says that building strategic autonomy in key sectors is now an urgent imperative for European countries.
Signatories include aerospace giant Airbus, France's Dassault Systèmes, European cloud operator OVHcloud, chip designer SiPearl, open source biz Nextcloud, and a host of others including organizations such as the European Startup Network.
OVHcloud said the group was calling "for a collective industrial policy strategy to strengthen Europe's competitiveness and strategic autonomy. We are convinced this is the premise of what we hope will be a larger movement of the entire ecosystem."
Proposals include the sovereign infrastructure fund, which would be able to support public investment, especially in capital-intensive sectors like semiconductors, with "significant additional commitment of funds allocated and/or underwritten" by the European Investment Bank (EIB) and national public funding bodies.
It also suggests there should be a formal requirement for the public sector to "buy European" and source their IT requirements from European-led and assembled solutions, while recognizing that these may involve complex supply chains with foreign components.
(Score: 1, Interesting) by Anonymous Coward on Monday June 23 2025, @02:23PM (1 child)
Will this “Open Internet Stack” use systemd ...?
(Score: 0) by Anonymous Coward on Monday June 23 2025, @09:22PM
Guess I'm going to have to rethink my sense of humor. I was expecting +1 Funny, maybe it's timing, no one is in a silly mood today?
-- same AC as above --
(Score: 2, Informative) by pTamok on Monday June 23 2025, @04:02PM (6 children)
I recommend people read Bert Hubert's 'Cloud Overview' and the underlying articles that he links to. [berthub.eu]
He has also just pointed to this article, not authored by him, as well: Computer Weekly: Dutch cloud pioneers face the hard limits of digital sovereignty [computerweekly.com]
Writing a policy paper is easy. There are specialists that can do one in a day.
Actually generating a sensible policy, then implementing it and getting concrete results takes a little longer.
The EU, even if adequately motivated (and that is a big 'if') has a huge mountain to climb. This does not mean that the EU should not start climbing, but results will take time, and a great deal of effort.
(Score: 2) by quietus on Monday June 23 2025, @07:11PM (3 children)
The main stumbling block here is user interface, by which I mean that Microsoft and Apple have such brand strength that it is hard to convert ordinary users to using a Linux desktop. Once you manage to effectively retrain public officials towards Linux, you've gained independence.
(Score: 3, Insightful) by bobthecimmerian on Wednesday July 02 2025, @12:49PM (2 children)
(Late to the party, sorry.) I don’t think getting people to use Linux on the desktop is the core issue.
I’m a software dev working in the US, and my last three employers used Amazon Web Services (AWS) heavily. Not just EC2 virtual machines, but IAM policies for permissions, Aurora and RDS for managed database services with automated backups and cross-region failover, hosted Kubernetes across multiple regions, S3 object storage, Lambda/serverless for certain scheduled and on-demand tasks, federated identity services, remote desktop services, hosted OpenSearch for log aggregation, etc… etc… And maybe most important of all, AWS has all of its legal paperwork in order so that PCI-DSS and SOC2 and other legal certifications were relatively straightforward to get. That legal bit mattered both to the bean counters at my employers and the bean counters at other companies doing business with them. Because if you have a security breach and have the right certificate, it’s a lot less likely you’ll be successfully sued than if you have a security breach and don’t have that certificate.
On top of AWS services, my employers all used Google Business Suite (email, calendar, docs, drive, sheets, slides) and Slack and Zoom for company messaging, or else Microsoft’s Office 365 (email, calendar, word, powerpoint, excel) with its Teams for messaging.
What Bret Hubert says in his writings, which I absolutely agree with, is that most of the cloud providers aside from the American Big Three only offer virtual servers, networking, and storage. If you want anything on top of that, you have to set it up yourself or get another company to do it for you. And your legal certifications like PCI-DSS and SOC2 are your own problem, too. Now, the situation is improving slowly - most clouds now have an S3-compatible object storage service, some have Kubernetes services, and some have managed databases. Virtual networking options are getting better.
But what Europe (really, everyone) needs are a full suite of services that any large cloud provider can run on top of Kubernetes (or OpenStack, or something like those) with a single click that compete with Amazon’s top 30 most popular services, and have some kind of legal framework to protect customers, and ideally even an open source alternative to the full Google Business Suite / Office365. It looks like NextCloud is trying to fill that last role, but I haven’t used it seriously so I don’t know how well it does.
(Score: 2) by quietus on Wednesday July 02 2025, @03:40PM (1 child)
I agree completely -- my comment was in the context of what I see happens with ordinary users, who do not really know or care about "the cloud", only about the app or program they normally use. (A common observation with Google Apps/Business Suite was how few people (i.e. exactly nobody) use the one feature that makes that a really compelling offer, in my view: [real-time] collaboration. People still use .doc and .pdf files to exchange documents, and you can't beat that out of them.)
Thanks, btw, for the reference to NextCloud: I'd registered it before as yet-another-cloud-business: now I've taken a look at it, and may subscribe in future.
(Score: 2) by bobthecimmerian on Wednesday July 16 2025, @07:13PM
Sorry I didn’t see your response sooner. I agree, regular users don’t know or care. I can’t get my wife and kids to move off (so-called) free services from Big Tech to services I’m paying for the whole family to use. This is a hell of an uphill battle.
(Score: 2) by quietus on Monday June 23 2025, @07:20PM (1 child)
The link you provided (bert.eu) repeatedly mentioned hyperscalers, equating them with cloud providers.
I'm starting to look at these more and more as the equivalent of Big Iron servers: wouldn't it be better to have an ecosystem of smaller, say at nation-level, cloud providers combined with an open data exchange protocol between them?
(Score: 1) by pTamok on Monday June 23 2025, @07:36PM
Difficult for me to comment, as I do not know enough: but Bert himself points out (maybe not in this article) that the nomenclature around 'cloud' systems is very vague, and people can use the same words to mean different things, and different words to mean the same thing. Humpty Dumpty [wikiquote.org] would be proud.
However, you make a very good point: open data exchange protocols are very important. In principle, they allow you to extract your data from one provider and send it to another, giving you a choice of providers, with all the good things that offers. Open protocols and open formats help to reduce 'lock-in', or what marketeers would term 'stickiness': a process by which customers find it difficult to stop using your services due to artificial hindrances that prevent easy migration from your current provider of services.
(Score: 3, Insightful) by quietus on Monday June 23 2025, @06:56PM
Ofcourse whatever is published in the open is, and will remain, vague: do you really think you can just tell Big American Tech you're not continuing the dependency, and expect no repercussions [in various, non-obvious ways] from the current -- or any -- US administration? The equivalent would be that the United States tells EU they're not going to buy telco or hospital equipment or cars from European brands anymore.