The European Commission's call for evidence on open source for digital sovereignty reveals a critical juncture for EU policy. This response argues that reducing dependency on non-EU proprietary software requires a comprehensive, systemic approach spanning education, public sector procurement, and economic policy, with Free and Open Source Software as the foundational tool for genuine digital autonomy.
The European Commission's recent "call for evidence" on open source for digital sovereignty represents more than a policy inquiry; it is an acknowledgment of a profound vulnerability. In an era of geopolitical tension and digital infrastructure concentrated in foreign hands, the EU's dependency on proprietary software from non-EU companies has evolved from a mere commercial preference into a strategic liability. The International Criminal Court's loss of Microsoft email access for political reasons and the catastrophic global outage triggered by a faulty Crowdstrike update serve as stark reminders: control over essential software is control over essential functions, and that control is often held by entities whose primary allegiance is not to European interests.
The argument for Free and Open Source Software (FOSS) as the vehicle for digital sovereignty extends beyond ideological preference into practical necessity. While a faulty update could originate from any codebase, FOSS fundamentally redistributes the responsibility for code quality and security. Instead of relying on the opaque internal processes of a single corporation, FOSS invites continuous, independent scrutiny from a global community of researchers and developers. This transparency creates a powerful incentive for quality—releasing flawed or insecure code becomes a public act with immediate reputational consequences. Furthermore, FOSS dismantles vendor lock-in, the silent stranglehold that makes switching providers prohibitively expensive and complex. When a vendor goes bankrupt, abandons a product, or is acquired by a foreign entity, FOSS ensures the user community retains the means to maintain, fork, or continue development independently. Sovereignty, in this context, is not merely about ownership but about the perpetual right to choose and the capacity to act.
The public sector stands as the most immediate and impactful arena for this transition. Government institutions, member state agencies, universities, and libraries remain dominated by closed-source software, a legacy of procurement processes that favor established proprietary vendors and certified professionals. This creates a self-perpetuating cycle: existing dependencies dictate future compatibility requirements, which in turn lock in further proprietary solutions. The historical record is littered with examples of vendor resistance, from Microsoft's documented bribery scandals in the Netherlands, Romania, Italy, and Hungary to the alleged sabotage of Munich's LiMux migration. The EU's response must be unequivocal: establish a firm deadline for all public sector software to be FOSS, hosted on hardware within the EU and operated by EU-owned companies. This requires no compromises or easy outs, which have undermined previous efforts. Concurrently, the EU should identify gaps in the FOSS ecosystem and fund EU-based consultancies to develop or enhance necessary software, thereby strengthening the domestic market for all large organizations providing essential services.
Concrete examples abound. Email, a fundamental commodity, is often outsourced to American providers, despite the existence of robust European FOSS alternatives. Workstations running Windows and Microsoft Office can be migrated to Linux and LibreOffice, proven technologies that serve millions of users globally. The challenge is not technical capability but institutional inertia and a lack of political will to break from entrenched vendor relationships.
The roots of dependency, however, run deep into the education system. Schools and universities, often lacking the expertise or budget for self-hosted infrastructure, default to the "free" cloud offerings of US tech giants, which are strategically discounted for educational licenses. This creates powerful network effects from an early age. Vocational training further entrenches proprietary tools—SPSS over R, MATLAB over GNU Octave, AutoCAD over FreeCAD—training students on software that dictates their future professional ecosystem. A shift requires more than new software; it requires a pedagogical reorientation. The EU could fund the development of certified course materials and support educators in transitioning to open alternatives. More profoundly, integrating critical discussions about technology's societal impact into curricula—covering data protection, privacy, and the consequences of "enshittification"—could cultivate a generation of citizens and professionals who understand the stakes of their technological choices.
For the existing workforce, the EU must fund comprehensive training programs in open alternatives, pairing practical skills with the theoretical underpinnings of why these choices matter. This ensures buy-in and confidence, transforming the transition from a top-down mandate into a collective movement.
The economic landscape for FOSS companies in the EU is both promising and challenging. Companies like SUSE, Tuta, Nextcloud, GitLab, and Codeberg demonstrate that innovative, profitable FOSS businesses can thrive. Yet they operate at a disadvantage against US competitors who benefit from a larger, monolingual domestic market and more permissive venture capital environments. The EU's fragmented market and stricter regulations, while protective, can stifle growth. However, these very regulations can be leveraged as a competitive advantage, differentiating EU software in the global marketplace. The EU can act as a catalyst by promoting tech sovereignty to non-aligned nations, organizing trade shows for EU FOSS companies, and funding awareness campaigns through organizations like the FSF Europe. More controversial measures, such as taxing non-EU proprietary software or providing breaks for EU FOSS, could level the playing field. An even more radical step would be restricting foreign-owned data centers in the EU, not only to curb their political and environmental influence but to force investment in sovereign infrastructure.
The dependency on foreign proprietary solutions is systemic, born from a confluence of inertia, ignorance, market forces, and corruption. Therefore, the solution must also be systemic. A piecemeal approach will fail. Success requires a coordinated assault on all fronts: transforming education to nurture a FOSS-literate populace, overhauling public procurement to mandate open standards and software, and implementing economic policies that actively nurture a sovereign EU FOSS ecosystem. Only through such comprehensive, unwavering commitment can the EU achieve genuine digital sovereignty, securing its digital future in its own hands.
Comments
Please log in or register to join the discussion