The Politics of Open Infrastructures - 16. (Trans)action Cycles

16. (Trans)action Cycles: New Resource Architectures for a Digital Commons

Katharina Meyer

©2026 Katharina Meyer, CC BY-NC 4.0 https://doi.org/10.11647/OBP.0528.16

Many core technologies increasingly resemble [...] air, water and a habitable earth—resources that are expected to be accessible to, and managed in the interest of, all members of society. [...] Shifting our view to see technology infrastructure as a (digital) commons could begin to create more flexible, responsive and regenerative systems to build and deploy technology.

1. Introduction

Open digital infrastructure (ODI) must be recognised and sustained as an essential public good. Unless we reimagine how such infrastructures are resourced, the digital commons will remain fragile, extractive, and vulnerable to capture. As Director o... code libraries, 2 repositories, 3 and technical standards 4 form the backbone of our digital society and are indispensable to the functioning of democracies, organisation, knowledge-creation, information distribution and innovation.

‘Open digital infrastructure’ here designates the permissively licensed, multi-purpose system components that support commerce, science, communication, and administration (Bloom 2023; European Commission 2023a). These infrastructures form part of the digital commons: shared digital resources that, if they are to serve the public, must be governed to resist enclosure and free-rider exploitation (Berlinguer 2021; Hess and Ostrom 2007). To treat ODI as civic infrastructure means centering the public interest, understood not as private profit but as value negotiated among diverse stakeholders, rather than determined by technical design or market dominance alone (Mazzucato 2023). At the same time, I argue that resourcing is infrastructuring: the flows of money, labour, and legitimacy that do not merely support infrastructures but actively constitute them; funding itself is infrastructural work (Meyer 2020; Yin et al. 2022). To capture these dynamics, I introduce the notion of (trans-)action cycles: recurring loops of material and immaterial resource transactions and governance actions across funders, (technical) communities, and intermediaries that shape and sustain infrastructures. These cycles are deliberated and fragile, but they can also be designed to be resilient and regenerative (Berlinguer 2021).

While the FOSS community is diverse, decentralised, and geographically dispersed, core infrastructure projects are typically maintained collaboratively by experts, governed in tripartite constellations (Berlinguer 2021)—and while they are relied upon globally yet remain structurally fragile (Eghbal 2016; Plantin et al. 2016). D//F was created to highlight their systemic importance and to mobilise institutional capacity where other actors had fallen short. Initiated by a coalition of philanthropic funders, chiefly the Ford and Sloan Foundations, it emerged from the recognition that neither markets nor states were providing sufficient, long-term support for these critical digital infrastructures.

The Ford Foundation’s ‘Roads and Bridges’ report (Eghbal 2016) had already documented the invisible labour and thinly stretched resources underpinning core open-source software—and the persistent free-rider problem—to wide acclaim at this point.

D//F was founded as a field-builder: not only to disburse grants, but also to curate and update knowledge, shape agendas, and bring open infrastructures into policy debates. Its mandate is to strengthen the legitimacy of ODI as civic infrastructure by investigating how these systems are built, maintained, governed, and resourced. To date, four funding cohorts have supported work across six thematic areas: sustainability and funding models; governance and institutional design; security and resilience; equity and participation; political economy and public value; and the epistemic and socio-technical dynamics of ODI.

D//F operates as a boundary institution, making the often-invisible foundations of open digital infrastructures legible. By convening across technical, philanthropic, and policy domains, it frames ODI as civic assets req... community health and sustainability frameworks for open source (CHAOSS, FOREST, POSI), 6 and the impact of tech-sector layoffs on free and open-source software ( FOSS) communities (Infrastructure in Recession). 7

In what follows, I trace the fragilities of open digital infrastructures—rooted in market failures, underproduction, and contested boundaries of openness—before comparing emerging funding models across philanthropic, state, and private initiatives. I then reflect on D//F’s role as a convener across these domains and close with an outlook on institutional prototypes developed at the SOAM Residency 2025, from maintenance trusts to digital infrastructure bonds, designed to balance stability, equity, and sovereignty.

2. The Problem Space: Fragility, Market Failures, and Boundaries of Openness

The fragility of open digital infrastructures is no accident; it is the direct outcome of market/coordination failures and institutional neglect. Despite their systemic importance, ODI remain subject to an exploitative dynamic: states rely on them for critical administrative functions, corporations build billion-dollar businesses and R&D on their foundation, and citizens depend on them daily in communication and economic participation—yet fairness, accountability, and responsibility between stakeholders remain diffuse ( Plantin et al. 2016).

The Linux Foundation’s *State**of Commercial Open Source Report 2025,* for instance, shows that although a majority of European organisations adopt open-source software, only forty-two percent contribute substantively, and nearly a quarter (twenty-three percent) admit to making no contribution at all ( Linux Foundation Europe 2025). This is not merely an efficiency gap, but a structural injustice—a free-rider problem in which nearly everyone benefits while few contribute proportionately. The gap between the value generated by open systems and the value captured by markets continues to widen. Dries Buytaert (2025) cites studies estimating that replacing widely used open-source software with proprietary alternatives would cost 8.8 trillion dollars globally. Yet ninety-six percent of this vast web of dependencies—software, social ties, and skills—rests on just five percent of contributors, many of them unpaid. Core coordination work such as bug fixing and documentation remains systematically undervalued in prevailing financing models (Eghbal 2016).

Conventional funding and resource allocation logics treat needs as measurable by headcount or feature output, overlooking the less visible labour of patch review, issue triage, and security maintenance. While newer AI-assisted coding tools now automate parts of testing, bug detection, and refactoring, they also generate higher volumes of machine-authored code that still requires human oversight, especially in open-source projects. Maintainers continue to report additional coordination and review burdens, even where teams experience productivity gains. (Stenberg 2025; Becker et al. 2025). Resource models must therefore account for coordination work, not only visible code output. If neglected, these expanding costs will continue to be externalised onto already under-resourced communities.

Crises generally serve as an amplifier: the 2014 Heartbleed bug in OpenSSL—a critical flaw in widely used cryptographic software—revealed how much global security depended on just a handful of volunteers. The 2021 Log4Shell vulnerability—a remote-execution bug in a ubi... and AWS.

Like education or healthcare, ODI are both public goods (non-rivalrous, non-excludable) and merit goods (societally valuable but under-provided by markets). Without institutional support, we remain trapped in cycles of neglect punctuated by crisis (European Commission 2022). The boundaries of openness are not fixed, but constantly contested. Licensing regimes illustrate the dilemma: their governance must balance sustainability against capture, without undermining accessibility. Recent experiments—from Creative Commons’ Signals framework for AI-age reuse (Creative Commons 2025) to dual- licensing strategies by Redis and Elasticsearch that were later reversed under community pressure (Heise 2025; Clark 2025)—show that none offer an easy resolution. Instead, they underline the core argument: openness is not binary but political, and its boundaries must be actively governed and re-negotiated if infrastructures are to remain resilient, equitable, and in the public interest.

3. Comparative Funding Models: Emerging Institutional Diversity

Across the globe, funders and governments have launched experiments to secure open digital infrastructure, each reflecting a different political economy of responsibility—some leaning on philanthropy, others on state intervention, private capital, or collective self-organisation. Cross-border state-backed programmes reveal both promise and fragility: the US-based Open Technology Fund (OTF), once a longtime supporter of privacy-preserving communication tools like Tor and Signal, has faced repeated defunding threats—underscoring the vulnerability of infrastructures dependent on discretionary public budg... National initiatives are also emerging to institutionalise stewardship. Germany’s Sovereign Tech Fund ( STF), created in the wake of the Log4Shell vulnerability, signals a recognition of digital infrastructure as public good. Its mandate is to fund critical open-source components in the public interest. However, continuity depends on political will and stable budgetary allocations, raising questions about whether such programs can achieve long-term institutionalisation (Sovereign Tech Fund 2024). A different extension of state-led stewardship can be observed in development cooperation. Germany’s Fair Forward program, for example, directs resources toward open tools, datasets, and skills in the Global South, positioning open digital infrastructures as instruments of sovereignty and inclusion.

In Global Majority contexts, where infrastructural asymmetries are particularly pronounced, such investments position digital openness as part of broader development strategies (SSIR 2023). Yet this potential is increasingly constrained: recent reductions in public development cooperation budgets have significantly curtailed the scope for sustained support.

In the global research domain, Invest in Open Infrastructure ( IOI) complements these models by acting as a meta-funder and convener: Through its State of Open Infrastructure mapping, IOI generates rare field-wide visibility for research software, aligns shared priorities, and coordinates pooled funding experiments ( IOI 2023; 2024).

Other models build on collective solidarity within specific sectors such as higher education: the Global Sustainability Coalition for Open Science Services ( SCOSS) pools contributions from libraries and consortia to stabilise scholarly infrastructures such as arXiv and the Directory of Open Access Journals ( DOAJ). By coordinating resources across multiple funding cycles, SCOSS illustrates how consortial approaches can sustain research commons ( SCOSS 2023). Registry-derived funding offers another pathway. Unlike philanthropy or sponsorship, these revenues flow from quasi-public assets—domain registries—and are relatively insulated from political volatility. NIC.br in Brazil and CIRA in Canada, for instance, redirect registry income toward research, training, and resilience; ICANN is redistributing roughly US$217 million in auction proceeds for Internet stability (SIDN 2024). Such designs resemble utilities or cultural endowments, channelling infrastructural revenues toward collective benefit.

Finally, corporate and community sponsorship platforms such as GitHub Sponsors or OpenSourceCollective facilitate direct financial support for maintainers. While these mechanisms highlight the potential of distributed, bottom-up contributions, their effects remain...

Taken together, these initiatives show the growing recognition of ODI as a public asset. But they also demonstrate the fragmentation of the field: philanthropic and micro-grant schemes are short-term, private capital inflows lack fair-share principles, state-backed programs remain politically contingent, and registry funds depend on market dynamics. None have yet achieved permanence on the scale of utilities—the basic public service systems such as water, electricity, or telecommunications that are stabilised through statutory guarantees, tariffs, and universal service obligations—or public broadcasting institutions, which combine predictable revenues with civic mandates.

The urgent task, then, is to design resource architectures for ODI that embed the same qualities of durability, equity, and adaptability, rather than patching the gaps left by provisional fixes or precarious experiments.

4. D//F as a Boundary Institution: Design Tensions and the Politics of Resourcing

D//F is best understood as a boundary institution: influential less through budget scale than through its ability to convene across domains and reframe sustainability. Boundary institutions (Guston 2001; Star and Griesemer 1989) occupy liminal spaces between science, policy, and civil society. They translate across worlds with different reasoning, creating coordination without demanding full consensus. From this in-between position, D//F has acted as a broker: between technical communities and implementers, between philanthropic logics and rationales of other sustainer stakeholders, and between policy and innovation imaginaries. Through events and commissioned research, it has rendered ODI legible to audiences far beyond software development, pulling maintenance work into conversations on innovation, prosperity, and democracy.

While this position creates leverage as agendas can crystallise across sectors, it also carries fragility. D//F’s legitimacy still rests on temporary philanthropic alignment in form of a funding pool rather than statutory anchoring. Institutions like D//F are crucial in reimagining governance, yet their own long-term impact depends on more durable forms of resourcing, such as endowments or public mandates.

The work of resourcing open digital infrastructure brings into focus a set of recurring design tensions. These are not abstract dilemmas; they appear in the daily negotiations between funders, maintainers, and policy makers. Four in particular stand out:

  • Temporalities: Infrastructures endure for decades, yet most grants run 12–36 months. This mismatch breeds instability and chronic precarity; Heartbleed revealed how critical cryptography went under-maintained for lack of long-term support mechanisms.
  • Legitimacy: No shared standards exist for what counts as critical public-interest infrastructure. Mundane dependencies are routinely overlooked until crises. Log4Shell exposed how invisible components can become global security risks yet rarely attract recognition beforehand. Designation as ‘critical’ is political and relational rather than universal.
  • Distribution: Resources cluster around visible and historically ‘central’ projects, while dependencies and contester initiatives are systematically underfunded. Flagship projects attract sponsorship, while translation, accessibility, and documentation remain neglected. This also reproduces epistemic inequalities, as existing Global South infrastructures remain invisible to Majority funders.
  • Responsibility: Major beneficiaries—corporations and governments—often free-ride which externalises costs onto communities. States depend on FOSS for public services yet often intervene only after crises and within restrictions. One such limitation is the requirement that states refrain from distorting markets through intervention, except within strict regulatory frameworks. Corporations only contribute on voluntary basis, dependent on resource availability. Responsibility is widely acknowledged in rhetoric but rarely institutionalised in practice.

These tensions echo other public-goods domains but are intensified by the speed and scale of digital change. It is precisely through boundary work that these tensions become visible and can be held together, though always in a provisional and contested way.

Sustainable design and thus resourcing cannot be reduced to technical fixes or piecemeal grants. It requires confronting these tensions as political choices and designing funding architectures that are financially robust, reciprocal, and adaptive.

5. Outlook and Conclusion: Towards New Resource Architectures

As demonstrated, resourcing is not ancillary to infrastructure; it is infrastructural work in its own right. If left to market logics and short-term contracts, open digital infrastructures will remain precarious, underfunded, and prone to capture. If, however, they are treated as civic infrastructures, they can be stabilised for the public good. The question is not whether they need to be resourced, but how—and in whose interest.

A resilient architecture will combine instruments rather than search for a single solution. At the SOAM Residency 2025, *Re:Fund**Our Digital Future*, organised with TUM Think Tank’s Transformation Finance Lab and Digital Future Architects, several institutional prototypes were screened that point beyond piecemeal fixes:

  • Commons Maintenance Trusts: Permanent, cross-sector trusts pooling contributions from governments, industry (and civil society), to endow maintenance of critical components; governed by multi-stakeholder boards and insulated from short political cycles (Global Solutions Initiative 2021).
  • Resilience-by-Design Funding: Embed ODI upkeep within mainstream R&D and public procurement (e.g., fixed percentage for upstream dependencies), normalising stewardship as part of innovation.
  • Legally mandated redistribution: Procurement rules and regulation could require vendors to reinvest in dependencies; the EU’s Cyber Resilience Act signals movement toward supply-chain accountability.
  • Extended Producer Responsibility (EPR): Adapted from environmental law, EPR would hold major platforms responsible for sustaining the open components they rely on.
  • Public Value Audits/‘Open ESG’: Require transparent reporting of contributions ( funding, staff time, participation in standards) to create accountability.
  • Digital Infrastructure Bonds: Mobilise long-term capital (modelled on green bonds) for security overhauls, major maintenance, or endowments; repaid through general revenue or targeted levies.

Analogies to other domains are instructive. Climate finance mobilises long-term, cross-sector resources for planetary maintenance. Cultural commons (e.g. museums) rely on mixed funding architectures blending state, philanthropy, and earned income. Public broadcasters like the BBC demonstrate how infrastructures can be funded durably: statutory mandates, broa... Utilities are stabilised through statutory mandates, tariffs, and universal service obligations. Each of these approaches shows how permanence can be built into resourcing architectures—lessons ODI must adapt. From a global governance perspective, future architectures should address not only efficiency but also equity and sovereignty—ensuring that contributions and voice are distributed, and that open infrastructures remain transparent and resistant to capture by corporate or state actors. Debates on digital sovereignty cut across these concerns: e.g. the EU’s Cyber Resilience Act frames open source within security and liability regimes, while UN-led initiatives designate open source as digital public goods for global development.

Resourcing is part of infrastructure: How we fund and organise ODI will shape its form and fate. Building public-interest resource architectures means aligning use with responsibility and embedding public value into durable institutions. Like roads or water systems, ODI is invisible until it fails; yet it is indispensable. Without systemic reform, fragility will persist. With it, digital commons can be secured as resilient, open, and democratic infrastructure for the twenty-first century.

As with ecological commons, sustainability rests not on ownership but on participation and shared stewardship. The challenge is not only financial but institutional: how to design cycles of action and transaction that regenerate rather than exhaust, that bind rather than fragment, and that embed digital infrastructures in the social contract.

References

Afnic. 2023. Afnic Foundation for Digital Solidarity. https://www.afnic.fr/en/afnic-foundation/

Barker, Michelle, Daniel S. Katz, Fotis Psomopoulos, et al. 2025. ‘How Are Funders Supporting Research Software? A Study of Policies, Practices and Programmes.’ PLOS ONE 20 (8): e0329833. https://doi.org/10.1371/journal.pone.0329833

Becker, J., N. Rush et al. 2025. ‘*Measuring the Impact**of Early-2025 AI on Experienced Open-source Developer Productivity*.’ arXiv:2507.09089. https://doi.org/10.48550/arXiv.2507.09089

Berlinguer, M. (2021). ‘Governing Digital Public Infrastructure as a Commons.’ Umanistica Digitale 11. https://doi.org/10.6092/issn.2532-8816/13695

Bloom, G. 2023. ‘The Principles of Governing Open Source Commons.’ SustainOSS (11 June). https://sustainoss.pubpub.org/pub/jqngsp5u/release/1

Booth, P. 2020. ‘The Future of Public Service Broadcasting and the Funding and Ownership of the BBC.’ Economic Affairs 40 (3): 324–343. https://doi.org/10.1111/ecaf.12419

Bria, F. 2020. ‘Digital Sovereignty and Public Value.’ Barcelona Digital City Policy Paper.

Clark, L. 2025. ‘Redis Returns to Open Source after Commons Clause Backlash.’ The Register (1 May). https://www.theregister.com/2025/05/01/redis_returns_to_open_source/

CIRA. 2024. ‘Community Investment Program.’ https://www.cira.ca/en/what-we-fund/

Creative Commons. n.d. ‘CC+.’ https://wiki.creativecommons.org/wiki/CCPlus

Creative Commons. 2025. ‘Introducing CC Signals: A New Social Contract for the Age of AI.’ https://creativecommons.org/2025/06/25/introducing-cc-signals-a-new-social-contract-for-the-age-of-ai/

D//F. 2025. ‘OSM CoCreation.’ https://infrastructureinsights.fund/projects/osm-cocreation/

Di Cosmo, R., S. Zacchiroli, G. Robles, V. Cosentino, and D. Germán. 2023. ‘Software Heritage: Why and How to Preserve Software Source Code.’ arXiv:2310.10295. https://arxiv.org/abs/2310.10295

Dublin Core Metadata Initiative. 2023. ‘Dublin Core.’ Wikipedia. https://en.wikipedia.org/wiki/Dublin_Core

Eghbal, N. 2016. *Roads**and Bridges: The Unseen Labor Behind Our Digital Infrastructure.* New York: Ford Foundation.

European Commission. 2022. EuroStack Proposal. https://eurostack.eu/

European Commission. 2023a. Next Generation Internet—Policy Briefing. Luxembourg: Publications Office of the EU.

Global Solutions Initiative. 2021. ‘Governing Digital Public Infrastructure as a Commons.’ https://www.global-solutions-initiative.org/publication/governing-digital-public-infrastructure-as-a-commons/

Guston, D. H. 2001. ‘Boundary Organizations in Environmental Policy and Science: An Introduction. Science, Technology, & Human Values 26 (4): 399–408. https://doi.org/10.1177/016224390102600401

Heise. 2019. ‘Lizenzwechsel: MongoDB fliegt bei Fedora, Debian und RHEL raus.’ https://www.heise.de/news/Lizenzwechsel-MongoDB-fliegt-bei-Fedora-Debian-und-RHEL-raus-4277760.html

Heise. 2025. ‘Elasticsearch erscheint wieder als Open-Source-Software.’ https://www.heise.de/news/Elasticsearch-erscheint-wieder-als-Open-Source-Software-9852759.html

Hess, C., and E. Ostrom. 2007. *Understanding Knowledge as a Commons: From Theory to Practice**.* Cambridge, MA: MIT Press.

IOI. 2023. ‘Funding Open Infrastructure: Needs, Challenges, and New Directions.’

IOI. 2024. ‘State of Open Infrastructure Report 2024.’ https://zenodo.org/records/10934089

Maxwell, T. 2025. ‘Wikipedia Is Making a Dataset for Training AI Because It’s Overwhelmed by Bots.’ Gizmodo. https://gizmodo.com/wikipedia-is-making-a-dataset-for-training-ai-because-its-overwhelmed-by-bots-2000590704

Mazzucato, M. 2023. ‘For the Common Good: Governance Must Be Guided by Collective Value.’ Project Syndicate.https://www.project-syndicate.org/commentary/common-good-governance-key-elements-by-mariana-mazzucato-2023-01

Meyer, K. 2020. *Networks of (Anti-)**Trust: Implicit Development Environments in FOSS Infrastructure Communities.* New York: Ford Foundation.

NIC.br (CETIC.br). 2025. ‘Digital Infrastructure: Advances and Challenges for Universal Connectivity.’ Internet Sectoral Overview 17. https://cetic.br/media/docs/publicacoes/6/20250512104720/year-xvii-n-1-digital-infrastructure-advances-challenges-universal-connectivity.pdf

Noroozian, A., et al. 2025. ‘Generative AI and the Future of the Digital Commons: Five Open Questions and Knowledge Gaps.’ arXiv. https://arxiv.org/abs/2508.06470v1

Open Archives Initiative. 2023. ‘Open Archives Initiative Protocol for Metadata Harvesting (OAI-PMH).’ Wikipedia. https://en.wikipedia.org/wiki/Open_Archives_Initiative_Protocol_for_Metadata_Harvesting

OTF (2022). Annual Report. Washington, DC: Open Technology Fund.

Pedregosa, F., et al. 2024. ‘Scikit-learn: Machine Learning in Python.’ arXiv:2404.06484. https://arxiv.org/abs/2404.06484

Plantin, J-C., C. Lagoze, P. N. Edwards, and C. Sandvig. 2016. ‘Infrastructure Studies Meet Platform Studies in the Age of Google and Facebook.’ New Media & Society 20 (1): 293–310. https://doi.org/10.1177/1461444816661553

SIDN (2024). ‘ICANN Grant Program Funds Innovative Internet Projects.’ https://www.sidn.nl/en/news-and-blogs/icann-grant-program-funds-innovative-internet-projects

Sovereign Tech Fund (2024). ‘Funding Principles and Program Architecture.’ https://sovereigntechfund.de

SSIR (2023). ‘Digital Public Infrastructure for the Developing World.’ Stanford Social Innovation Review. https://ssir.org/articles/entry/digital-public-infrastructure-developing-world

Star, S. L., and J. R. Griesemer. 1989. ‘Institutional Ecology, “Translations” and Boundary Objects: Amateurs and Professionals in Berkeley’s Museum of Vertebrate Zoology, 1907–39.’ Social Studies of Science 19 (3): 387–420. https://doi.org/10.1177/030631289019003001

Stenberg, D. 2025. ‘*Death by**aThousandSlops.’ Daniel Sternberg* (14 July). https://daniel.haxx.se/blog/2025/07/14/death-by-a-thousand-slops/

Wikipedia Contributors. 2023a. ‘OpenSSL.’ Wikipedia. https://en.wikipedia.org/wiki/OpenSSL

Wikipedia Contributors. 2023b. ‘Log4Shell.’ Wikipedia. https://en.wikipedia.org/wiki/Log4Shell

Wikipedia Contributors. 2023c. ‘Heartbleed.’Wikipedia. https://en.wikipedia.org/wiki/Heartbleed

Yin, L., M. Chakraborty, C. Schweik, S. Frey, and V. Filkov. 2022.’ Open Source Software Sustainability: Combining Institutional Analysis and Socio-Technical Networks.’ arXiv. https://arxiv.org/abs/2203.03144

Zhang, Q., C. Fang, Y. Ma, W. Sun, and Z. Chen. 2023. ‘A Survey of Learning-based Automated Program Repair.’ ACM Computing Surveys, 56(9), 1–38. https://doi.org/10.1145/3631974