CALL FOR EVIDENCE

FOR AN INITIATIVE (without an impact assessment)

This document aims to inform the public and stakeholders about the Commission’s work, so they can provide feedback and participate effectively in consultation activities.

We ask these groups to provide views on the Commission’s understanding of the problem and possible solutions, and to give us any relevant information they may have.

Title of the initiative

Towards European open digital ecosystems

Lead DG – responsible unit

Directorate-General for Communications Networks, Content and Technology (DG CNECT) – Unit E.3: Future Internet

Directorate-General for Digital Services (DG DIGIT) – Unit B.2: Interoperability and Digital Government

Likely type of initiative

Communication from the Commission to the European Parliament and the Council

Indicative timing

Q1-2026

Additional information

This document is for information purposes only. It does not prejudge the final decision of the Commission on whether this initiative will be pursued or on its final content. All elements of the initiative described by this document, including its timing, are subject to change.

A. Political context, problem definition and subsidiarity check

Political context

President von der Leyen’s political guidelines, the mission letter for Executive Vice-President for Tech Sovereignty, Security and Democracy Virkkunen and the 2025 State of the Union speech identified EU technological sovereignty as one of the objectives for this College’s term of office.

Against this background, the Commission will set out a strategic approach to the open-source sector in the European Union and present a review of the Commission’s 2020-2023 open-source software strategy, which will outline the Commission’s plan for its own digital environment. The new strategy will address the economic and political importance of open source, as a crucial contribution to a strategic framework for EU technological sovereignty, competitiveness and cybersecurity. It will also set out actions to strengthen the broader EU open ecosystem of solutions and products in critical sectors, including internet technologies, cloud, artificial intelligence (AI), cybersecurity, open hardware, and industrial applications (e.g. automotive and manufacturing).

Open-source technologies have the potential to enable greater control over digital infrastructure and to reduce the EU’s dependencies, ensure greater supply chain transparency and support cybersecurity vulnerability management. Therefore, there is also a case for reviewing what support actions can be put in place to: (i) encourage greater adoption of open source by public and private users, and encourage organisations to contribute to open-source development; (ii) boost the development and competitiveness of the emerging EU open-source sector; and (iii) strengthen the position of start-ups in the innovation ecosystems.

This initiative complements the upcoming Cloud and AI Development Act, for which a dedicated consultation was conducted, and which will be adopted alongside the open-source strategy, as a package.

Problem the initiative aims to tackle

The EU faces a significant problem of dependence on non-EU countries in the digital sphere. This reduces users’ choice, hampers EU companies’ competitiveness and can raise supply chain security issues as it makes it difficult to control our digital infrastructure (both physical and software components), potentially creating vulnerabilities including in critical sectors. In the last few years, it has been widely acknowledged that open source – which is a public good to be freely used, modified, and redistributed – has the strong potential to underpin a diverse portfolio of high-quality and secure digital solutions that are valid alternatives to proprietary ones. By doing so, it increases user agency, helps regain control and boost the resilience of our digital infrastructure. Open-source software is deeply embedded in the digital economy as it represents the basis for most software solutions (between 70% and 90% of all lines of code 1 ). The exponential growth of open AI models is one example of such embeddedness. Against this background, the EU can count on a very active and rich ecosystem of communities of open-source developers, among the largest worldwide, whose work is well aligned with EU digital rights and principles. The use of open-source solutions varies across sectors – in some, open source is widespread, in others, its business value is still being explored. However, much of the value generated by open-source projects is exploited outside the EU, often benefiting tech giants. EU stakeholders generally struggle with high entry barriers and network effects of dominant players both in the public procurement market and in the private sector market. EU open-source stakeholders must also deal with limited access to public procurement, growth capital, support and hosting infrastructures (such as web-based repositories, cloud platforms and software-defined infrastructure tools). In the area of open-source hardware, the business ecosystem is developing fast and its importance is growing, in particular in sectors such as high-performance computing and edge computing.

Over time, the EU has invested in open source and its communities, with good results – for example through the Next Generation Internet initiative, the FIWARE framework, the GenAI4EU initiative, the investment in RISC‑V hardware and an open-source software-defined vehicle core stack under the Chips Joint Undertaking, or the Commission’s ongoing Simpl programme, which aims to support open source, secure and smart middleware for European data spaces. However, it has emerged that supporting open-source communities solely through research and innovation programmes is not sufficient for successful upscaling and that it is critical to support emerging developer communities and businesses in scaling up via sustainable support and governance frameworks aiming for community upscaling, industrial deployment, market integration and commercial viability of open-source innovations.

More recently, in several EU regions and Member States, the use of open source in government processes is gaining traction. The recent creation of the European Digital Infrastructure Consortium for Digital Commons 2 – which aims to provide a collaborative framework to sustain and scale up open-source technologies essential for (but not limited to) public services – further shows that a joined-up EU approach is an asset to build solid EU alternatives and provide a framework for European open-source communities and industry to scale up.  

Basis for EU action (legal basis and subsidiarity check)

Legal basis

N/A – non-legislative

Practical need for EU action

EU action is needed to provide for a number of initiatives/actions to address and improve the framework conditions for EU open-source ecosystems – composed of communities of developers, companies and foundations productising solutions, and providers/sectors scaling up adoption – to grow and further contribute to the EU’s tech sovereignty agenda, including by reducing external dependencies.

B. What does the initiative aim to achieve and how?

The initiative seeks to support the EU’s tech sovereignty and competitiveness agenda. It will identify some of the barriers that are currently hampering the EU’s open-source potential and propose a path forward to eliminate them. In particular, the initiative will focus on improving the EU open-source sector’s ability to grow and develop further. A strong and developed open-source sector can effectively contribute to further EU innovation and accelerate standardisation, strengthening the EU’s international competitiveness, preserving its sovereignty, and ensuring its continuous economic prosperity, security, resilience and global influence. Innovators, start-ups and small to medium-sized enterprises are significant drivers as they bring innovative open-source-based products and solutions to the market. To enable such sector development, the strategy should provide a set of short- and medium-term solutions, incorporating the overall EU approach to tech sovereignty taking into account cybersecurity, sovereign alternatives, thriving ecosystems, business model innovation, sustainable deployment in key sectors, a vibrant EU developer community and an EU-centred foundation infrastructure. The strategy should complement existing and forthcoming regulatory measures with policy and funding measures, including public-private partnerships, covering the full open-source life cycle – from development to maintenance and sustainability and market integration – across critical sectors (AI, cloud, edge, internet of things (IoT), cybersecurity, internet technologies, and industrial ones, such as automotive, among others), and taking into consideration the potential that open-source solutions have for the competitiveness of the EU’s core industrial ecosystems, such as automotive.

Key objectives include:

-continuing development and ensuring appropriate visibility of EU high-quality and secure open-source solutions and demonstrating their added value;

-addressing issues of deployment, usability, software supply chain security and governance, maintenance of code and project sustainability to ensure take-up and upscaling; 

-supporting emerging open-source business and sustainability models for open-source companies and foundations, including by developing public-private partnerships;

-promoting best practice and encouraging the public sector, specialised business sectors and large customers to contribute to and adopt open source; and

-supporting market integration, especially with legacy systems and policy alignment.

In terms of proportionality, it is expected that a combination of funding and policy measures will stimulate the EU open-source sector, with trusted and sovereign solutions largely adopted by individuals, companies and the public sector. This, in turn, will trigger further investment in development and infrastructure, which will commoditise some of the most expensive or excessively data-extractive proprietary stacks on the EU market, again freeing up resources to strengthen this ecosystem.

Likely impacts

The expected impact is more accessible, coordinated and effective EU support to development and competitiveness of the EU open--source sector. The strategy should also help Member States to identify the necessary steps to be taken to support national open-source companies and communities. A sustainable open digital ecosystem requires in fact a broader EU environment in which critical open technologies are developed, maintained, deployed and governed in the public interest, in cooperation with Member States, EU agencies, research institutions, civil society, and industry. Strengthening this ecosystem is a strategic investment in the EU’s long-term technological capacity, competitiveness and sovereignty. It will ensure that essential digital capabilities – from cybersecurity, IoT platforms, cloud services and AI frameworks to network and edge infrastructure and data systems – are not dependent on external actors or non-transparent technologies, but instead grounded in trustable, open, interoperable and verifiable foundations.

Future monitoring

The Commission will use internal resources and may contract external experts to conduct ad hoc studies.

C. Better regulation

Impact assessment

No impact assessment will be conducted since this is not a legislative initiative. The strategy will take the form of a Commission communication. The initiative will set out a general approach and will propose: (i) actions relying on further commitments; and (ii) an implementation process.

Consultation strategy

This call for evidence aims to gather feedback from different interested stakeholders, to enrich the strategy with various perspectives.

More specifically, stakeholders are invited to reply to the following questions:

1. What are the strengths and weaknesses of the EU open-source sector? What are the main barriers that hamper (i) adoption and maintenance of high-quality and secure open source; and (ii) sustainable contributions to open‑source communities?

2. What is the added value of open source for the public and private sectors? Please provide concrete examples, including the factors (such as cost, risk, lock-in, security, innovation, among others) that are most important to assess the added value.

3. What concrete measures and actions may be taken at EU level to support the development and growth of the EU open-source sector and contribute to the EU’s technological sovereignty and cybersecurity agenda?

4. What technology areas should be prioritised and why?

5. In what sectors could an increased use of open source lead to increased competitiveness and cyber resilience?

The call for evidence will remain open for four weeks and will be promoted through the Commission’s institutional channels, including on social media.

Why are we consulting?

The consultation aims to gather input and evidence on the state of play on open source in the EU, including on strengths, weaknesses, barriers to adoption, viable business models, value of open source for public and private organisations as well as possible actions that could boost the European open-source ecosystem.

Target audience

The consultation aims to gather views of all interested stakeholders, in particular the European open-source community (including individual contributors, open-source companies and foundations), public administrations, specialised business sectors, the ICT industry, academia and research institutions.

(1)  Source: Synopsys’s security report (OSSRA), https://phasepacific.com/wp-content/uploads/2024/08/rep-ossra-2024.pdf.
(2)  The term ‘digital commons’ is defined as a shared online resource – such as software, data, design, or digital content – that is collectively created, maintained and governed by a community, and freely accessible for anyone to use, modify and share.