OSI welcomes the European Union's “Tech Sovereignty” package

This week, the European Union (EU) published its “Tech Sovereignty” package, with a vision that puts Open Source at the heart of the EU’s digital sovereignty ambitions, while addressing many concerns and requests of Open Source communities.

In February of this year, the OSI submitted feedback for the EU’s Open Digital Ecosystems Strategy. Our feedback set out a vision for how Open Source could serve the EU’s digital sovereignty goals in a way that benefits both Open Source communities and the European Union.

Originally delayed twice, the strategy was eventually merged into the flagship Tech Sovereignty package503&lang=en). The wait was worth it: over a third of the 29-page document is devoted to Open Source, with many of the OSI’s key asks addressed, as well as some exciting new announcements! Below, we explore what we asked for and how the strategy delivers.

Procurement: Opening Doors for Open Source

One of the biggest barriers to Open Source adoption has been public procurement. Too often, tenders have been designed around proprietary solutions, ignoring the benefits of Open Source and locking public institutions into closed ecosystems. The OSI called for procurement rules that prioritize interoperability, reusability, and vendor independence.

The package takes a major step forward in this area. The EU pledges to make the public sector an anchor consumer for Open Source solutions. The Commission plans to reform procurement rules to remove barriers for Open Source, provide better guidance to EU countries on procurement criteria to avoid excluding Open Source, and uphold the “public money, public code” principle when procuring software development.

Both proposals align with the OSI’s feedback. The next critical step is the EU’s public procurement law reform. The OSI will continue advocating to ensure these pledges translate into action.

Business: Supporting Open Source Startups

Beyond procurement, the OSI highlighted challenges faced by Open Source communities in Europe, particularly difficulties accessing investment and expertise to commercialize and scale projects.

The Commission has responded by committing to ensure Open Source companies are considered for funding under the European Competitiveness Fund (ECF). It also plans to create “Open Source business accelerators” that will offer mentorship, training, legal and licensing consulting, and business development support, including marketing. Additionally, the Commission will work to raise industry awareness of Open Source solutions by leveraging the EU’s existing business support networks.

These measures directly address the OSI’s concerns and could significantly boost the Open Source ecosystem in Europe.

Funding: Supporting the ecosystem

Taking action to ensure the Open Source ecosystem remains sustainable was one of the key requests of the OSI to the European Commission. This is especially true for the Open Source components we all rely on: if adequate resources are not available for the maintenance of these components, we risk degraded security or orphaned software.

In our feedback, we called for the continuation of the Next Generation Internet (NGI) initiative that has funded many Open Source projects, and for the creation of a European Sovereign Tech Fund to fund ongoing maintenance and features development to meet the EU’s needs. We also highlighted the need to mainstream Open Source in other funding opportunities (like the €100bn+ Horizon Europe programme).

The Commission’s strategy addresses these requests. The NGI will be scaled up under the new name “Open Internet Stack.”  A new Open Source Maintenance Instrument will fund the “maintenance and security upkeep of essential components.” The Commission will also create a list of critical and security-relevant Open Source dependencies to inform funding decisions and promote Open Source solutions as the default approach in Horizon Europe funding.

Additionally, we emphasized the need to operationalize the EU Cyber Resilience Act (CRA) in a way that benefits—not burdens—Open Source projects, particularly through “voluntary security attestations” as a funding mechanism. While the Commission does not explicitly mention funding, it commits to expediting voluntary security attestation programs. The OSI will continue advocating to ensure these programs truly benefit Open Source communities.

Stewardship: supporting foundations

Speaking of the CRA, the package also includes measures to address some of the concerns that OSI, Eclipse Foundation and Apache Software Foundation have been raising to the Commission about “Software Stewards” under the CRA. We were worried the barriers to setting up and running stewards in Europe could be too high, preventing the emergence of software stewards and the success of the law, and negatively impacting Open Source sustainability.  We also raised these concerns in our feedback to the Commission.

The Tech Sovereignty package proposes a series of measures to address these concerns: the development of a “stewardship toolkit” to guide projects who want to establish stewards, associations and foundations in the EU. They have also pledged to launch a study on the feasibility of an EU-level framework for foundations, so foundations can be governed by a single set of rules rather than different rules for each of the EU’s 27 countries.

We believe these measures will help organisations that want to establish, or to set up a subsidiary or sister organisation in the EU. We also believe the aforementioned funding opportunities could also be available to foundations.

Standards: breaking down barriers to Open Source participation

Over the last two years, we have worked extensively on standards around the EU’s Cyber Resilience Act. We’ve pushed ourselves to our limits to ensure Open Source has a voice in the development of these standards and it hasn’t been easy.

Day-long meetings, synchronous decision-making, and financial and organisational barriers to Open Source participation meant that our European team had to spend almost all their working time to ensure Open Source voices are heard, and while those efforts are now beginning to bear fruit, this effort simply isn’t repeatable for every new law.

We already raised this issue with the European Commission in our Feedback on Standardisation reform, but raised it again in our feedback to the Digital Ecosystems Strategy: not being able to participate in standardisation means Open Source projects and companies don’t get a say in rules that impact them. This has to change.

The Commission recognizes the challenge and commits to making it easier for Open Source communities to participate in standardization through specific funding and revisions to the Standardisation Regulation. However, which changes  it will implement in the Standardisation Regulation are unclear, and it does not address our demand for a rights-waived mode, which would ensure standards required for legal compliance are not patent-encumbered or blocked behind a paywall. The OSI will continue pushing for this change, and other improvements to the EU standards system.

Leading by Example: the EU's Open Source adoption

The EU is also taking steps to lead by example in Open Source adoption. It is deploying a Matrix-based communications system and the openDesk collaboration environment internally, trialing an alternative operating system to replace Windows, which is currently widely used in EU institutions, and expanding its presence on the Fediverse, with Commissioners and key departments already joining the EU’s Mastodon server.

We will monitor these initiatives closely, but we welcome the EU’s commitment to leading by example.

Skills and Knowledge: Building a Sustainable Future

Open Source thrives on collaboration and shared expertise. To ensure its long-term success, Europe needs a workforce that understands and contributes to Open Source projects. The OSI emphasized the importance of integrating Open Source into education and reskilling programs, as well as supporting developers in commercializing their projects.

The Commission’s strategy aligns closely with these goals. It proposes Master’s programs on collaborative Open Source development and community governance, support for Open Source deployment in schools and universities, upskilling civil servants to use Open Source solutions, and Erasmus+ funding for Open Source learners to cover mobility costs (e.g., for traineeships in Open Source companies or community meetups).

These measures can help close the Open Source knowledge gap, strengthen adoption, and foster stronger communities through mobility and education.

Conclusion

The Commission’s Tech Sovereignty package addresses many of the OSI’s concerns and adopts numerous recommendations. It’s encouraging to see Open Source communities’ voices being heard in Brussels. We see it as a testament to the growing recognition of Open Source’s importance among lawmakers and the hard work of community representatives.

The strategy has set the EU on the right path, but whether it stays the course depends on whether the Commission’s proposed laws are adopted—and how they’re shaped along the way. By autumn 2026, we expect the package’s legislative proposals to reach the European Parliament.

The OSI, for its part, will continue its educational and advocacy work to ensure lawmakers understand the benefits of Open Source and have the tools to make decisions that help both Open Source and Europe thrive.

Open Source Initiative Helps G7 Deliver Vision On AI Openness

From G7’s Vision on AI Openness to EU’s Tech Sovereignty Package