Netzpolitik has an English language article about the EU Commission's vague plans for open source via its Open Stack programme. An internal paper calls on the Commission to support Free and Open Source Software in public administrations – and think about a new legal form. However, many questions remain open. The crux of the matter, which would be the role open protocols and open standards play in enabling vendor independence, remains unnamed in the article and is almost but not quite named in the acutal report [warning for PDF].
The EU Commission has been funding open source projects for years. A programme called Next Generation Internet (NGI) is central to this by distributing money quickly and without red tape to promising projects – such as the decentralised microblogging service Mastodon, the video software PeerTube or Jitsi for videoconferencing.
But the Commission has been set on ending funding NGI for some time – despite prolonged criticism. Involved organisations have said that NGI works well and efficiently. Open source also plays a key role in protecting Europe from foreign actors – particularly important in the current geopolitical environment.
The Commission responded that the end of NGI is not meant to be the end of its open source funding. That is set to continue under a new name – initially the “Open Europe Stack”, now the “Open Internet Stack”. Important distinction: In spite of the new name, the programme is only indirectly related to the “EuroStack”.
Some of these plans include the EU Commission leading by example through improving procurement and use of Free and Open Source Software in practice. They also include phasing out proprietary and/or overseas services in favor of more local services specifically those which are more amenable to using Free and Open Source Software.
Previously:
(2025) Euro Techies Call for Sovereign Fund to Escape US Dependency
(2022) The EU's AI Act Could Have a Chilling Effect on Open Source Efforts, Experts Warn
(2021) European Commission's Study on Open Source Software
(2018) German Documentary on Relations Between Microsoft and Public Administration Now Available in English
(2014) EU Spending €1M for Security Audit of Open Source
Related Stories
Member of the European Parliament Julia Reda blogs
Security and liberty don't have to be opposites. I want the European Union to focus its energy and funds on projects that increase both the safety and the autonomy of its people at the same time. At my proposal, next year's EU budget will include a step in that direction:
€1 million of the EU's €40 million pilot project fund will be spent towards open source software security.
The European Union's interoperability page says
The European Parliament is funding a security audit of the free and open source solutions used by the Parliament and the European Commission. Last Wednesday, the EP allocated €1 million for the audit project, to be carried out by the EC Directorate General for Informatics (DIGIT). The project should also come up with best practices for code review and quality assessments of free software and open standards funded by the EU.
A French Free Software organization, April, has announced that a German Documentary from the ARD, "The Microsoft Cyber Attack" has been released in English thanks to Deutsche Welle (DW). It is an informative and objective film about the inappropriate relations between a certain infamous corporation and the various public administrations. The documentary first aired on February 19th, 2018 by the German public broadcaster (ARD).
In May 2017, hundreds of thousands of computers running Microsoft Windows operating systems were disabled by the WannaCry cyber attack. How could a single malware program simultaneously cripple companies, hospitals and even government intelligence services all around the globe? Microsoft Windows software programs proved to be their common Achilles heel. Companies and private individuals use software from Microsoft. Government and public administrations from Helsinki to Lisbon run it, too. That makes all of them vulnerable to attacks from hackers and spies. Microsoft Window's dominance also undermines European procurement legislation, impedes technological progress and costs Europe a bundle. Journalist Harald Schumann and his team of Investigate Europe researchers have spoken with insiders and administrators from all across the continent. The German government's former IT director, Martin Schallbruch, tells us how countries are becoming increasingly dependent on Microsoft. A legal expert from the Netherlands describes how the European Commission and governments are breaking European laws regulating public tenders. Hamburg's data protection commissioner, Johannes Caspar, warns that Microsoft Windows systems expose individuals' private data to the prying eyes of US intelligence services. Internal documents show that Germany's Federal Office for Information Security (BSI) suspects this, too. The European Parliament and the German parliament have responded by repeatedly demanding that government IT systems be converted to open source software. Their source codes can be accessed freely and copied at will, which would enable European security services to use, alter and monitor them. Italy's army is going open source, as have police in France, Lithuania, and in the cities of Rome and Barcelona. Why do most governments resist the alternatives, or fall back into Microsoft's clutches, as Munich city authorities did. The EU's Commissioner for the Digital Single Market, Andrus Ansip, and other key players have the answers.
The video itself, « The Microsoft Cyber Attack », is available at Youtube and is about 43 minutes long.
While fastidiously avoiding use of the F-word [i.e. freedom], the European Commission has published a very long report on the impact of open source software and hardware on technological independence, competitiveness and innovation in the EU economy. Open hardware is also covered.
This study analyses the economic impact of Open Source Software (OSS) and Hardware (OSH) on the European economy. It was commissioned by the European Commission's DG CONNECT.
It is estimated that companies located in the EU invested around €1 billion in OSS in 2018, which resulted in an impact on the European economy of between €65 and €95 billion. The analysis estimates a cost-benefit ratio of above 1:4 and predicts that an increase of 10% of OSS contributions would annually generate an additional 0.4% to 0.6% GDP as well as more than 600 additional ICT start-ups in the EU. Case studies reveal that by procuring OSS instead of proprietary software, the public sector could reduce the total cost of ownership, avoid vendor lock-in and thus increase its digital autonomy. The study also contains an analysis of existing public policy actions in Europe and around the world.
Back in 2006, Rishab Aiyer Ghosh prepared a similar report for UNU-MERIT, Study on the effect on the development of the information society of European public bodies making their own software available as open source, in The Netherlands.
The EU's AI Act could have a chilling effect on open source efforts, experts warn:
The nonpartisan think tank Brookings this week published a piece decrying the bloc's regulation of open source AI, arguing it would create legal liability for general-purpose AI systems while simultaneously undermining their development. Under the EU's draft AI Act, open source developers would have to adhere to guidelines for risk management, data governance, technical documentation and transparency, as well as standards of accuracy and cybersecurity.
If a company were to deploy an open source AI system that led to some disastrous outcome, the author asserts, it's not inconceivable the company could attempt to deflect responsibility by suing the open source developers on which they built their product.
"This could further concentrate power over the future of AI in large technology companies and prevent research that is critical to the public's understanding of AI," Alex Engler, the analyst at Brookings who published the piece, wrote. "In the end, the [E.U.'s] attempt to regulate open-source could create a convoluted set of requirements that endangers open-source AI contributors, likely without improving use of general-purpose AI."
In 2021, the European Commission — the EU's politically independent executive arm — released the text of the AI Act, which aims to promote "trustworthy AI" deployment in the EU as they solicit input from industry ahead of a vote this fall, EU. institutions are seeking to make amendments to the regulations that attempt to balance innovation with accountability. But according to some experts, the AI Act as written would impose onerous requirements on open efforts to develop AI systems.
In a recent example, Stable Diffusion, an open source AI system that generates images from text prompts, was released with a license prohibiting certain types of content. But it quickly found an audience within communities that use such AI tools to create pornographic deepfakes of celebrities.
Arthur T Knackerbracket has processed the following story:
A group of technology companies and lobbyists want the European Commission (EC) to take action to reduce the region's reliance on foreign-owned digital services and infrastructure.
In an open letter to EC President Ursula von der Leyen and Executive Vice-President for Tech Sovereignty Henna Virkkunen, the group of nearly 100 organizations proposed the creation of a sovereign infrastructure fund to invest in key technology and lessen dependence on US corporations.
The letter points to recent events, including the farcical Munich Security Conference, as a sign of "the stark geopolitical reality Europe is now facing," and says that building strategic autonomy in key sectors is now an urgent imperative for European countries.
Signatories include aerospace giant Airbus, France's Dassault Systèmes, European cloud operator OVHcloud, chip designer SiPearl, open source biz Nextcloud, and a host of others including organizations such as the European Startup Network.
OVHcloud said the group was calling "for a collective industrial policy strategy to strengthen Europe's competitiveness and strategic autonomy. We are convinced this is the premise of what we hope will be a larger movement of the entire ecosystem."
Proposals include the sovereign infrastructure fund, which would be able to support public investment, especially in capital-intensive sectors like semiconductors, with "significant additional commitment of funds allocated and/or underwritten" by the European Investment Bank (EIB) and national public funding bodies.
It also suggests there should be a formal requirement for the public sector to "buy European" and source their IT requirements from European-led and assembled solutions, while recognizing that these may involve complex supply chains with foreign components.
(Score: 1, Interesting) by Anonymous Coward on Monday June 23, @02:23PM (1 child)
Will this “Open Internet Stack” use systemd ...?
(Score: 0) by Anonymous Coward on Monday June 23, @09:22PM
Guess I'm going to have to rethink my sense of humor. I was expecting +1 Funny, maybe it's timing, no one is in a silly mood today?
-- same AC as above --
(Score: 2, Informative) by pTamok on Monday June 23, @04:02PM (3 children)
I recommend people read Bert Hubert's 'Cloud Overview' and the underlying articles that he links to. [berthub.eu]
He has also just pointed to this article, not authored by him, as well: Computer Weekly: Dutch cloud pioneers face the hard limits of digital sovereignty [computerweekly.com]
Writing a policy paper is easy. There are specialists that can do one in a day.
Actually generating a sensible policy, then implementing it and getting concrete results takes a little longer.
The EU, even if adequately motivated (and that is a big 'if') has a huge mountain to climb. This does not mean that the EU should not start climbing, but results will take time, and a great deal of effort.
(Score: 2) by quietus on Monday June 23, @07:11PM
The main stumbling block here is user interface, by which I mean that Microsoft and Apple have such brand strength that it is hard to convert ordinary users to using a Linux desktop. Once you manage to effectively retrain public officials towards Linux, you've gained independence.
(Score: 2) by quietus on Monday June 23, @07:20PM (1 child)
The link you provided (bert.eu) repeatedly mentioned hyperscalers, equating them with cloud providers.
I'm starting to look at these more and more as the equivalent of Big Iron servers: wouldn't it be better to have an ecosystem of smaller, say at nation-level, cloud providers combined with an open data exchange protocol between them?
(Score: 1) by pTamok on Monday June 23, @07:36PM
Difficult for me to comment, as I do not know enough: but Bert himself points out (maybe not in this article) that the nomenclature around 'cloud' systems is very vague, and people can use the same words to mean different things, and different words to mean the same thing. Humpty Dumpty [wikiquote.org] would be proud.
However, you make a very good point: open data exchange protocols are very important. In principle, they allow you to extract your data from one provider and send it to another, giving you a choice of providers, with all the good things that offers. Open protocols and open formats help to reduce 'lock-in', or what marketeers would term 'stickiness': a process by which customers find it difficult to stop using your services due to artificial hindrances that prevent easy migration from your current provider of services.
(Score: 3, Insightful) by quietus on Monday June 23, @06:56PM
Ofcourse whatever is published in the open is, and will remain, vague: do you really think you can just tell Big American Tech you're not continuing the dependency, and expect no repercussions [in various, non-obvious ways] from the current -- or any -- US administration? The equivalent would be that the United States tells EU they're not going to buy telco or hospital equipment or cars from European brands anymore.