By Neal H. Walfield | February 3, 2026
The European Commission has requested input to inform the upcoming European Open Digital Ecosystem Strategy. The initiative “will set out: a strategic approach to the open source sector in the EU that addresses the importance of open source as a crucial contribution to EU technological sovereignty, security and competitiveness” and “a strategic and operational framework to strengthen the use, development and reuse of open digital assets within the Commission.”
The following text is our submission. In our response, we highlight issues with the status quo. In particular, we criticize the dominance of American mega-corporations and suggest an alternative approach where no company is too large to fail, we discuss how proprietary software inhibits sovereignty and security and FOSS enables it, and we call for a significant investment in FOSS in the form of something like the proposed EU Sovereign Tech Fund, and the creation of an IT support ecosystem for consumers of FOSS.
Note: The response was limited to 4000 characters including URLs. To be consistent with the commission’s terminology, we use OSS instead of FOSS.
Sovereignty is about self determination and control. Currently, the EU is highly dependent on US-based mega-corporations like Microsoft, Alphabet (Google), and Amazon. Software written by these companies is used not only privately by EU citizens, but also by governments in all facets of their work.
Unfortunately, these corporations only respect EU sovereignty when it is compatible with US interests. In 2025, Anton Carniaux, the General Counsel of Microsoft France, testified before the French Senate that Microsoft would provide data to the US government without consulting France. (See also this article.)
In 2013, the Guardian reported that Microsoft worked with the US NSA to circumvent the company’s encryption while publicly claiming their inability to perform wiretaps.
These are blatant violations of other countries’ sovereignty.
An apparent solution would be to reproduce the American model in the EU. We believe this approach is ill-advised. The EU should strive not for a handful of 100 billion Euro companies who are too large to fail, but thousands of 100 million Euro companies and many more small and medium businesses.
Further, the EU must resist proprietary solutions. Companies chase profits, which motivates them to end support for unprofitable software. Historically it was possible to keep using unmaintained software, but as software increasingly moves to the cloud, when a company shuts down a service, users are stranded and may lose access to their data, which either can’t be exported or only in a low-fidelity format. A recent example of this is Adobe discontinuing Animate. In their announcement they tell users to migrate soon as access to their data will not be available in a year. This is not sovereignty.
Open source software (OSS) is a key ingredient to solving these problems. OSS guarantees that users can audit the code they run either directly or by hiring an expert. This provides strong security guarantees. OSS gives control to users to add the features they need if the maintainers don’t want to. And, OSS continues to be available after the maintainers abandon the software ensuring that users can continue to use, maintain and develop it. OSS reduces the trust individuals and organizations have to place in companies; OSS puts users in control. Switzerland has recognized this value proposition and passed the “Electronic Means for the Fulfilment of Governmental Tasks” in 2023. This law requires code developed by or for the government to be released under an open-source license. OSS is sovereignty.
With OSS anyone can copy, modify or share software. This enables sovereignty. For companies focused on OSS development this results in a weak negotiating position: why pay for software that is free? This attitude that OSS is a commons suggests that it should be treated as one. In practice it is used as one. Black Duck, a security company, reported in their “2025 Open Source Security and Risk Analysis Report” that 97% of codebases include OSS. Yet, these companies rarely financially support the projects they depend on, and governments do not protect OSS as a commons.
The EU must create programs to fund the long-term development and maintenance of OSS. Germany’s Sovereign Tech Agency, which funds critical digital infrastructure like our project, Sequoia PGP, is a good start. A well-endowed EU Sovereign Tech Fund is essential. Also important is the creation of an IT support ecosystem for consumers.
The best solution to ensuring the EU’s sovereignty and security is OSS. To be successful, the EU must invest in OSS and not rely on market forces.
