The European free software industry has decided to act before Brussels closes one of the most important tech files in the coming years. Coinciding with the upcoming presentation of the European technological sovereignty package, now scheduled for June 3rd, a group of open source ecosystem companies has signed an open letter addressed to the European Commission, the European Parliament, and EU governments to advocate for a clear principle: Open Source First.
The petition does not propose banning proprietary software or excluding non-European providers. Its proposal is more specific and, therefore, more difficult to ignore: that all public procurement of software and digital services must first evaluate whether a qualified open source alternative exists before opting for a proprietary solution. According to the signatories, this evaluation should be documented and auditable.
An open letter amid ongoing debate on digital sovereignty
The initiative comes at a particularly sensitive moment. The EU’s tech sovereignty package, centered around the Cloud and AI Development Act, aims to strengthen Europe’s capacity in cloud computing, artificial intelligence, semiconductors, cybersecurity, and digital infrastructure. Although the formal proposal has not yet been unveiled, the debate is already very active: Europe wants to reduce critical dependencies without stifling innovation or closing its market.
The open letter, hosted by SUSE and supported by companies like Penpot, Nextcloud, Collabora Office, Element, OpenNebula, OpenProject, Univention, Zabbix, Linagora, Passbolt, CloudFerro, Freexian, or EGroupware, argues that the public sector has historically been one of the main drivers of proprietary lock-in in Europe. Not through an explicit strategic decision, but via accumulated purchases where open alternatives were rarely compared.
The core argument is simple: if public money funds digital infrastructure, that infrastructure should be transparent, maintainable, auditable, and less dependent on a single provider. For the signatories, open source is not just a licensing issue but a practical condition to enable provider switching, code review, long-term maintenance, and the development of local industrial capabilities.
The Open Source First concept already exists in varying degrees within administrations and public organizations, but the industry wants it to move beyond voluntary recommendations and become part of the legal framework. That’s the political point of the proposal. It doesn’t demand that free software always wins but requires that open alternatives be mandatorily considered with verifiable criteria before ruling them out by default.
OSPOs, public procurement, and ending perpetual pilots
The letter also reflects a rising trend in Europe: Open Source Program Offices, or OSPOs. These offices assist public and private organizations in adopting, governing, contributing to, and maintaining open source software professionally. The European Commission established its own OSPO in 2020 as part of its open source software strategy for 2020-2023, based on principles like sharing, contributing, securing, and maintaining control.
Until now, many open source projects in the public sector have advanced as pilots, partial migrations, or initiatives driven by specific technical teams. The difference now is that the conversation has elevated to a higher level. Digital sovereignty is no longer discussed solely in IT departments but now encompasses procurement, legal advisories, risk committees, and governance boards.
Public procurement is where this conversation becomes concrete. A government agency can talk about digital sovereignty while simultaneously renewing contracts for years that tie it to a single provider, format, cloud, or application suite. The Open Source First proposal aims to change this starting point: before renewing out of habit, there should be a justified case for why a viable open alternative was not chosen.
| Public Decision Area | What would change with Open Source First |
|---|---|
| Procurement of software | Pre-evaluation of qualified open source alternatives |
| Audit and compliance | Decision documentation and traceability of analysis |
| Technological sovereignty | Reduced dependency on single providers and closed formats |
| Security | Enhanced review, correction, and control over the code |
| European market | More opportunities for local support, integration, and service providers |
The challenge, of course, comes with the word “qualified.” Not all open source solutions are suitable for every use case, nor do all projects have the same maturity, support, or security levels. A serious policy would need to assess functionality, total cost of ownership, maintenance, community support, interoperability, regulatory compliance, and exit capabilities. That’s precisely why the signatories call for documented evaluations—not vague statements.
Digital sovereignty isn’t just about where the data resides
For years, much of the European debate around digital sovereignty focused on data localization: whether data is stored within the EU, operated by a European company, or subject to non-EU legislation. While still important, this approach is limited. A system can be hosted within European territory yet remain opaque, difficult to migrate, or dependent on technologies outside the client’s control.
Open source adds another dimension: the ability to understand, modify, audit, and maintain the software. In sectors like public administration, healthcare, justice, education, defense, or critical infrastructure, that capability can be just as important as the physical location of the data. It’s not enough to have European infrastructure if the software layer governing it remains closed to providers, auditors, and authorities.
The rise of artificial intelligence further intensifies this discussion. AI systems require data, models, computational infrastructure, pipelines, APIs, and governance mechanisms. When all these elements are built on closed dependencies, sovereignty becomes a hard-to-verify promise. Open source software doesn’t automatically solve security, quality, or compliance issues, but it facilitates a fundamental condition: the ability to inspect and modify components without needing permission from the original vendor.
Europe already has a significant open source industrial base. Many companies specialize in enterprise Linux, collaboration tools, productivity, identity management, virtualization, cloud, Kubernetes, databases, monitoring, cybersecurity, and development tools. Many have been working for decades in critical environments. The open letter seeks to turn this reality into a market signal: if public procurement requires a first look at open options, industry will have greater incentives to scale, invest, and compete.
There is also an indirect message to large proprietary vendors: Open Source First doesn’t eliminate competition; it intensifies it. It compels better explanations for why a closed solution is necessary, what exit costs exist, how portability is ensured, and what dependency risks are involved. For public buyers, this could lead to better decisions. For the market, increased transparency.
The timing of this is not accidental. The EU has set ambitious goals for 2030, including that at least 75% of companies will use cloud, artificial intelligence, or big data. If this mass digitization is built on a few closed platforms, Europe might gain technological adoption but lose maneuverability. If it relies on open standards, diverse providers, and auditable software, reliance can be reduced without secluding itself from the global market.
The open source industry’s petition doesn’t aim to end the debate but poses an uncomfortable question: if Europe desires digital sovereignty, why isn’t public procurement required to prioritize technologies that enable greater control, portability, and transparency? Brussels will need to address this soon—not just through statements, but with rules that change how technology procurement is conducted.
Frequently Asked Questions
What does the European open source industry’s open letter ask for?
It requests that the EU adopt the Open Source First principle, ensuring that public procurement first evaluates whether a qualified open source solution exists before choosing a proprietary option.
Would Open Source First prohibit proprietary software?
No. The proposal does not aim to ban proprietary software or non-European providers. It requires that open alternatives are analyzed and that the decision is documented.
Why is open source linked to digital sovereignty?
Because it allows auditing, modification, maintenance, and migration of technology with less reliance on a single provider. This can enhance the autonomy of governments and companies.
What role do OSPOs play in this change?
Open Source Program Offices help professionalize the adoption of open source software, manage licenses, coordinate contributions, and establish internal policies for usage and maintenance.