The 2025 EU Open Source Policy Summit convened policymakers, industry leaders, and open source advocates to discuss the critical role of open source in Europe’s digital future. With the EU entering a new legislative cycle, the discussions focused on how open source can enhance digital sovereignty, competitiveness, and innovation. I was particularly impressed by the first panel, *What Can Open Source Do for Europe?*, which featured Cristina Caffarra (CEPR – Centre for Economic Policy Research), Peter Granten (Univention GmbH), Adriana Groh (Sovereign Tech Agency), Pearse O’Donohue (European Commission), Amandine Le Pape (Element), moderated by Astor Nummeling Carlberg (Open Forum Europe).
Cristina Caffarra set the tone with a bold critique of Europe’s reliance on Big Tech. “We are colonized by Big Tech, with 90% of our infrastructure owned by them”. They make us believe the stack they give us is sovereign because they are here—and they are indeed here, but pay no taxes and make zero contributions. In all of this, the EU concentrates all its efforts in regulating, but what exactly are we regulating for? Where does that lead us? Regulation is not creating alternatives nor distributing the power. Regulation alone is not enough to ensure digital sovereignty. Instead, Europe must actively build and invest in its own digital infrastructure. “Do the demo instead of the memo”, she said.
Adriana Groh advocated for making the invisible visible, telling the things as they are: what is the infrastructure we rely upon, and what happens if we lose it. “Sovereign technology is not a nice to have, but a must have, because we use it everyday”. We have to secure the foundation of our stack, well before starting to talk about innovation. “The innovation fetish we have is not healthy. We need to maintain what is there. This is not a political party issue, this is not right or left, this is common sense.”, this last statement particularly resonated with me and made me think of the maintenance panel we had at The Tech We Want Summit.
And indeed, we need to ensure security of the software, the data, of the project itself. So much is built and then not maintained. But why do we even build stuff if it is not going to be maintained? Pearse O’Donohue pointed out the problem is linked to the structure and models of the current funding systems: we fund a project for a limited number of years, and then gently disappear. Unlike proprietary software companies that generate ongoing revenue through licensing, open source projects often struggle to secure long-term funding, leading to maintenance gaps and security risks. This issue of sustainability is a major barrier to Europe’s ability to control its own technological destiny. There is also a key contradiction highlighted by Amandine Le Pape in how governments approach software procurement: despite the fact that on paper the EU pushes strongly for open source first and open source by default, our governments and public administrations are still paying for proprietary software, basically funding our external dependencies.
The truth is also that sovereignty is not going to be an incentive for business anywhere; business will just go for the cheapest option. We need a coordinated action between policymakers, businesses, and the open source community pushing for a Eurostack, a European technology ecosystem that prioritizes open source, interoperability, and security. The time for action is now. The decisions made in this new legislative cycle will shape Europe’s digital sovereignty for years to come. Open source is not just an option—it is essential for Europe’s future.
—
The summit reinforced that Europe’s digital future depends not only on open source adoption but also on a fundamental shift in policy, investment, and mindset. With the right frameworks in place, open source can drive sustainable, secure, and inclusive technological progress across the continent.
Security was another buzzword at the Summit. However, as discussed at CHAOSScon, security is directly tied to the health of open source projects, and maintenance remains an invisible yet critical cost. Regulation should encourage upstream contributions to ensure that the backbone of digital infrastructure remains strong.
If we want to attract funding, Claire Dillon (CURIOSS) pointed out, we need to communicate the value of open source better and more effectively. We have to do a much better job at explaining what we do and why it matters. While proprietary software companies invest heavily in marketing, FOSS struggles with visibility. And yet, FOSS is literally a component of anything you do from the moment you wake up to the moment you go to sleep. As a movement, we have to get better at storytelling (something we also discussed with the Open Knowledge Network during our last gathering in Katowice).
Open source provides a fundamental economic advantage by preventing duplication of costs and efforts, making software development more efficient and collaborative. Shared maintenance costs, rather than repeated investments in proprietary solutions, could lead to more sustainable infrastructure.
There is a gap in the European funding landscape, Gabriele Columbro (Linux Foundation Europe) remarked that while funding is available for early-stage open source projects, that seed investment is not matched with a rich ecosystem of businesses built on FOSS that can then take on those projects.
This disconnect leaves many promising projects without the necessary support to transition into long-term, self-sustaining businesses, limiting the full potential of open source innovation in Europe.
Another hot topic was Digital Public Infrastructure (DPI) and Digital Public Goods (DPGs). Sunita Grote (UNESCO Ventures) pointed out that despite it being referenced more and more, we are still lacking a clear definition of what is a DPI, and DPGs do not always require the stack to be open source. Another key concern is that many of these initiatives remain dominated by the usual industry players, from the same geographies, backed by the same funding sources.
While pushing for European digital sovereignty, there is a need to ensure that the “Eurostack” remains open to broader contributions from new emerging places, avoiding exclusivity. Instead of ownership, the focus should be on pushing the European shared values: transparency, collective governance, and an open roadmap. At the end of the day, one lesson that open source teaches us every day is that we don’t need to own everything, we can also just be the home.
