The Document Foundation criticizes the European Commission for requiring Excel spreadsheets to provide feedback on cybersecurity law, arguing it contradicts EU's open standards goals and creates vendor lock-in.
The Document Foundation has taken aim at the European Commission for what it calls a glaring contradiction in the consultation process for the Cyber Resilience Act (CRA) guidance. The nonprofit organization behind LibreOffice has criticized the Commission for requiring stakeholders to submit feedback using a Microsoft Excel spreadsheet template, arguing this approach undermines the EU's own policies on open standards and digital sovereignty.
The controversy centers on a recent consultation launched by the European Commission seeking stakeholder input on guidance for implementing the Cyber Resilience Act. While the consultation itself addresses critical cybersecurity standards for digital products, the Document Foundation points out that the feedback mechanism is only available as a proprietary .xlsx file format.
In an open letter and accompanying blog post, the Foundation argues this creates a "structural bias" in the consultation process. Organizations operating entirely on open source tools or those committed to open document standards are effectively disadvantaged, as they must either use Microsoft Excel or compatible software to participate in what should be an open public consultation.
"Requiring participants to use this format as the sole vehicle for structured data entry effectively conditions participation in a public consultation on the availability or willingness to use software produced by a single supplier," the letter states. The Foundation emphasizes that this requirement contradicts years of EU policy promoting open standards, digital sovereignty, and reduced reliance on proprietary technology.
The timing makes the criticism particularly pointed. The Cyber Resilience Act itself is framed around reducing risks from opaque technology stacks and promoting transparency in digital products. Yet the consultation process for guidance on this very legislation relies exclusively on a format controlled by Microsoft.
From a practical standpoint, the Document Foundation's proposed solution is straightforward: provide the consultation template in both .xlsx and Open Document Format (.ods) versions. The ODF format is an ISO standard used by LibreOffice and other open source office suites, offering a vendor-neutral alternative that would ensure equal access to the consultation process.
The Foundation is now mobilizing support from other free and open source software projects and advocates, urging them to sign a joint letter requesting that the Commission provide consultation templates in both proprietary and open formats going forward. As an alternative, they suggest supplementing the spreadsheet with a web-based form that would eliminate format dependencies entirely.
This incident highlights a broader tension in public sector digital transformation efforts. While the EU has repeatedly pushed public bodies toward open standards and away from vendor lock-in through its open source strategy, implementation gaps remain. The Foundation argues that each time EU processes rely exclusively on proprietary formats, it undermines the Commission's credibility on digital sovereignty and vendor-independent infrastructure.
The consultation deadline and whether the Commission will respond to these concerns remain unclear. However, the episode serves as a reminder that even well-intentioned digital policies can be undermined by seemingly minor technical choices that have significant implications for accessibility and inclusivity in public governance processes.
Comments
Please log in or register to join the discussion