European Commission Seeks Community Input on Open Source Strategy to Reduce Digital Dependencies

The European Commission has launched a formal consultation process that could fundamentally reshape how the EU approaches open source software. Running until February 3, 2026, the call seeks input on reducing digital dependencies while building a sustainable open source ecosystem.

The Strategic Imperative

The Commission's motivation is explicit: "The EU faces a significant problem of dependence on non-EU countries in the digital sphere." This dependency creates multiple vulnerabilities - reduced user choice, hampered competitiveness for EU companies, and supply chain security risks. The strategy positions open source as a "public good" that can provide secure alternatives to proprietary solutions while increasing user agency and infrastructure resilience.

The consultation targets a broad stakeholder base including individual contributors, open-source companies, foundations, public administrations, specialized business sectors, ICT industry, and academia. This suggests the Commission recognizes that building a robust open source strategy requires understanding the ecosystem from multiple angles.

Five Critical Questions

The consultation asks stakeholders to address five specific areas:

1. Strengths and barriers: What are the strengths and weaknesses of the EU open-source sector? What prevents high-quality, secure open source adoption and maintenance?

2. Value proposition: What is the added value of open source for public and private sectors? The Commission wants concrete examples weighing factors like cost, risk, lock-in, security, and innovation.

3. EU-level actions: What concrete measures could the EU take to support open source development and contribute to technological sovereignty and cybersecurity?

4. Technology priorities: Which technology areas should be prioritized and why?

5. Sector opportunities: In which sectors could increased open source use boost competitiveness and cyber resilience?

Community Response: A Wish List Opportunity

The LWN.net comment section reveals both enthusiasm and skepticism from the open source community. One commenter framed this as "the opportunity to write a wish list" - a chance to request resources that individual projects struggle to secure:

• High-performance build infrastructure for CI pipelines
• Technical writer task forces for documentation
• Marketing support to raise awareness of European FOSS alternatives
• Funding for feature development to close gaps with proprietary products
• Maintenance funding to ensure long-term project health

Another commenter emphasized the need for "Sovereign tech Fund and NLNET Foundation type of thing x100" - suggesting scaling up existing funding models rather than creating new bureaucracy.

The Funding Model Debate

A significant discussion emerged around how funding should be allocated. Some argue for unrestricted funding: "If EU wants to be serious, it needs to give money to projects without telling projects how to spend it." The concern is that requiring volunteers to justify their work through grant applications wastes time and energy.

Others counter that public money requires accountability. One commenter noted that when governments fund grants, "there has to be a mutual agreement on how the money will be spent" and "they have obligations to be careful in spending tax money."

A pragmatic middle ground emerged: separate "feeding the bees" (unrestricted maintenance funding) from "hiring companies for support" (contracted services). This acknowledges that open source projects need baseline support to survive, while specific feature development or service levels can be contracted separately.

The CRA Complication

The EU's Cyber Resilience Act (CRA) adds complexity. Some worry that offering commercial support contracts could trigger CRA obligations for entire projects. However, others clarify that obligations would only apply to the entity signing the contract, not the broader project - and that projects could establish separate legal entities for commercial activities.

One commenter suggested the CRA might actually create opportunities: "The liability of the CRA might make companies selling products chock full of FOSS more likely to open up their wallets and negotiate with all the developers which make their products work."

The Corporate Purchasing Problem

A recurring theme is the mismatch between how open source is funded and how corporations purchase software. As one commenter explained, donating €200 annually to a project requires exceptional approval processes, while purchasing a €200 software license fits standard procurement workflows.

The proposed solution: create commercial entities around open source projects that can sell "licenses" (even for GPL software) plus minimal support. This would allow companies to use standard purchasing processes while providing projects with sustainable funding streams.

Skepticism from Long-time Advocates

Not everyone is optimistic. Some commenters express frustration after decades of advocating for open source while seeing governments "use FOSS as leverage to negotiate cheaper prices from Microsoft." The response: "Start throwing some real money at projects that need it and then people might pay attention."

This skepticism reflects a deeper concern about whether consultation translates to action. However, others note that consultation is often legally required and that having a plan developed without community input would likely generate even more negative reactions.

The Red Hat Paradox

The discussion also highlights a strategic challenge: Red Hat/IBM currently dominates the "FOSS solution package" space for governments. While Red Hat provides credible numbers and support contracts that politicians understand, it's still a US company. This creates a paradox where EU institutions want European technological sovereignty but may end up relying on American FOSS infrastructure.

The opportunity for European FOSS companies is to "shadow" what Red Hat delivers while building local expertise and credibility. However, this requires significant investment and coordination.

What Success Looks Like

For this consultation to matter, the community needs to articulate concrete needs beyond philosophical arguments. As one commenter put it, politicians need "a simple, clear and convincing answer to their complex need with a clear price tag."

The most effective responses will likely:

• Quantify specific resource needs (e.g., "€500k annually for kernel security maintenance")
• Identify critical infrastructure dependencies
• Propose practical funding mechanisms that work with public procurement
• Address how projects can meet compliance requirements without excessive bureaucracy

The consultation represents a rare window where EU policy might actually align with open source sustainability needs - but only if the community can translate its collective experience into actionable policy recommendations that politicians can understand and defend to taxpayers.

The European Commission's call for evidence is open until February 3, 2026. Interested parties can participate through the Commission's consultation channels.