As an association for open source cloud infrastructures, we also participated in the European Commission's Call for Evidence regarding the European Open Digital Ecosystem Strategy with an opinion and submitted it to the European Commission submitted. The following statement regarding the questions posed by the EU Commission on this initiative was prepared by Dr Daniel Gerber, employees in the subsidised project ALASCA FOCIS, authored.
ALASCA e.V. expressly welcomes the EU Commission's initiative for a „European Open Digital Ecosystem Strategy“. The goal pursued by the EU Commission of strengthening digital sovereignty through a strategic approach to open source software guides our work on a daily basis. With the tools and standards we develop and use, we prove that there is already a powerful European open source industry today.
1. what are the strengths and weaknesses of the EU's open source sector?
(i) What are the main barriers to the introduction and maintenance of high-quality and secure open source solutions?
One of the main barriers to the distribution and long-term maintenance of high-quality and secure open source software is the lack of demand from the public sector.
If the European Commission wants to promote a robust, diverse and competitive European open source ecosystem, it must consistently fulfil its role as an anchor customer. Currently, public administrations often rely on proprietary solutions by default, which means that there are no market incentives for companies to invest sustainably in the development and security of open source software.
Another barrier is the lack of a clear regulatory framework that prioritises open source in public procurement (contract templates for the procurement of open source software by the public sector). The ongoing reform of European public procurement law offers a key opportunity to introduce an „open source by default“ principle. Without such a regulation, procurement practices will remain fragmented, risk-averse and structurally biased in favour of established proprietary providers.
Finally, the lack of concrete, long-term political targets creates uncertainty for the OSS sector. Ambitious and measurable commitments, such as the goal of exclusively operating software in European open source cloud infrastructures from 2030, would create long-term planning security and stimulate massive private investment in the quality, security and maintenance of open source, thereby automatically creating an ecosystem.
In addition, there are unfortunately still prejudices and false statements about open source software (OSS is not secure, OSS is not competitive). The EU could use a dual strategy of training and image campaigns to do important educational work on this problem. At the same time, this would also ensure that a skills gap in the assessment of OSS among decision-makers in the procurement process would be reduced.
For many companies, especially those whose core business is not in the IT or cloud sector, the large hyperscalers appear to be the simplest and most obvious solution. Companies that are just starting out on their journey to the cloud often make a pragmatic decision in favour of these providers without sufficiently considering the long-term lock-in effects or possible political and regulatory risks (e.g. regional access restrictions by third countries). Although many decision-makers are aware of the concept of digital sovereignty, it is often not understood or prioritised as strategically relevant. Open source alternatives, on the other hand, are often perceived as complex, resource-intensive or less user-friendly, with a lack of corresponding expertise within companies. Proprietary providers continue to benefit from their strong brand perception as „trustworthy standard solutions“ (supported, for example, by cooperation agreements with national security authorities), which further increases European companies' dependence on non-European cloud providers.
(ii) What are the main barriers to a sustainable sustainable contribution to open source communities?
A large part of open source software development takes place in communities around and between different projects. The typical funding of software does not usually focus on this aspect, but rather on a set of features to be fulfilled. All the other work required to build a community, such as organising evening events, project governance, code reviews, weekend hackathons, renting workshop rooms, triaging issues, networking different communities, providing and maintaining regular conference calls where participants can exchange ideas and discuss problems, etc. are not usually funded, but are absolutely essential for fostering vibrant communities and open source software projects. In particular, quality-promoting measures such as documentation are rarely focussed on. Projects can only work sustainably if just as much emphasis is placed on documentation (onboarding, contribution guide, diátaxis) as on features.
Young professionals in particular often lack low-threshold access to open source technologies, as the relevant content has so far been insufficiently taught in training and university programmes. Proprietary cloud providers are already actively recruiting at universities and influencing students at an early stage before they start their careers. This creates one-sided skills profiles and early dependencies on proprietary ecosystems. There is a concrete need for action here to systematically integrate open source software, open standards and concepts of digital sovereignty into training and study curricula. In addition, civil society initiatives and associations that promote open source skills should be specifically supported in order to ensure sustainable European talent and skills development.
With regard to the cloud sector, we have to recognise that both finding and training new employees is a challenge. The software used for Infrastructure-as-a-Service and Kubernetes-as-a-Service is generally very complex, resource-intensive and therefore cost-intensive. The provision of free-to-use infrastructure and learning materials such as MOOCs, e.g. for OpenStack, could be very beneficial.
2. what is the added value of open source solutions for the public and private sectors?
Improve the speed of innovation: Open source software accelerates the speed of development and innovation immensely. The collaboration between two ALASCA founding companies made the creation of Yaook, our ALASCA flagship project, possible in the first place. The large number and diversity of libraries has significantly accelerated the speed of innovation.
Avoid lock-in effects: The large number of cloud services offered by the major American hyperscalers inevitably lead to a lock-in to a specific service. Only by using open software and standards can such path dependencies be avoided from the outset and it is possible to switch to other providers.
Creating digital sovereignty: By using open source software, we can clearly demonstrate what happens to our data and what does not. We cannot be blackmailed and can use our IT systems to fulfil the public services of around 450 million Europeans independently of the influence of non-European states and companies and even adapt them much better to our own needs.
3. what concrete measures can be implemented at EU level to support the development of the EU open source sector?
In future, the EU should particularly promote ecosystem services that do not explicitly focus on specific software features, but rather those that consolidate and expand the community of a project or project family. Assistance should be provided on how such projects can be sustainably financed and managed (governance).
The EU should consistently fulfil its role as an anchor customer and purchase exclusively open source software. It should draw up a clear roadmap in order to achieve planning security for all parties involved. The EU should raise awareness of the importance of digital sovereignty and open source software among decision-makers, especially in non-technical companies.
4. which technology areas should be prioritised and why?
Cloud technology: According to analyses by the Synergy Research Group[1] the market share of European cloud providers in Europe will be around 15% in 2024. If we do not want to repeat the same mistake here as with solar systems, for example, and become completely dependent on a few American or Chinese providers in a short space of time, action must be taken here as quickly as possible.
Source code management: Software development currently takes place almost exclusively on platforms such as Github or Gitlab. Should access for EU citizens ever be restricted here, for example through sanctions, essential services could be massively disrupted. In this case, it cannot be ensured that updates can be provided for software that is already in operation.
Containers and charts: Today, modern software is usually operated in containers or charts that are managed by orchestration software such as Kubernetes. Many software projects rely on container and chart definitions from the community. The purchase of Bitnami by Broadcom and the subsequent removal or licence change of these definitions has shown how problematic such dependencies can be. A freely accessible infrastructure for most basic technologies, such as the one published by ZenDiS in Germany[2] would therefore be a great help. It would support all IT companies in the EU, reduce costs and make software development significantly safer and faster.
[1] https://www.srgresearch.com/articles/european-cloud-providers-local-market-share-now-holds-steady-at-15
[2] https://container.gov.de/
5. in which sectors could increased use of open source software lead to greater competitiveness and cyber resilience? cyber resilience?
Whether administration, business, science or civil society, all sectors benefit from greater use of open source. They can thus reduce or at least diversify one-sided dependencies. Cooperative open source development enables cost sharing across the EU and makes powerful software freely and widely available.
This measure is co-financed with tax revenue on the basis of the budget approved by the Saxon state parliament.
