Skip to content
You can now search across every topic, entity and event.What's new
European Tech Sovereignty
30JUN

EU backs open source with €2bn plan

2 min read
17:31UTC

The EU adopted an Open Source Strategy worth €2bn over seven years on 3 June, yet the €350m Sovereign Tech Fund meant to pay maintainers still has no Commission host.

TechnologyDeveloping
Key takeaway

The EU pledged €2bn to open source, but the fund to pay maintainers still has no host.

The European Commission adopted an Open Source Strategy on Wednesday 3 June as part of its Tech Sovereignty Package, allocating €2bn over seven years for open-source accelerators, an Open Internet Stack, stewardship and skills, with a free-software-first procurement requirement for public administrations under CADA 1. The strategy operates at EU level what Germany's Sovereign Tech Agency already runs nationally , paying the maintainers of critical open-source software that public services quietly depend on. The gap is the funding vehicle: the €350m Sovereign Tech Fund proposed by OpenForum Europe still has no Commission host or budget line, so the EU-level equivalent of the German programme remains a plan rather than a payer. Recent Cyber Resilience Act guidance on open-source contributor liability cleared one obstacle the procurement mandate would otherwise have hit.

Deep Analysis

In plain English

Most European government websites, databases and services run on open-source software: computer code that anyone can view, modify and use for free. The EU adopted a strategy on 3 June to spend €2 billion over seven years supporting open-source software, including a rule that public administrations should prefer open-source tools in their procurement. The problem the strategy tries to solve is that governments rely on free software written by unpaid volunteers, who can burn out or stop maintaining it. When a bug appears in widely used code, governments have no way to pay for an urgent fix if no one owns the software. A proposed €350 million fund to pay professional maintainers would address this directly, but as of 10 June it has no home within the Commission and no confirmed budget line, so the most important part of the strategy is still unbuilt.

Deep Analysis
Root Causes

Open-source software represents approximately 70-80% of the code stack in European public administration, yet none of the maintainers of that code are funded by European institutions.

When a critical vulnerability appears in OpenSSL, Log4j or curl, European governments have no institutional lever to accelerate a patch because they have no employment or funding relationship with any maintainer. The Open Source Strategy is structurally a response to the 2021 Log4Shell crisis, which exposed European public services to a zero-day in unmaintained infrastructure.

OpenForum Europe proposed a €350m Sovereign Tech Fund to fill the maintenance gap, but as of 10 June 2026 it has no Commission host and no budget line. Germany's Sovereign Tech Agency funds its own maintainers at national level; the EU strategy creates a procurement mandate but no federal-level maintenance body to mirror it.

Until the €350m fund gets a Commission host and a budget line, the strategy's industrial substance is limited to demand-side procurement mandates rather than supply-side infrastructure investment.

What could happen next?
  • Precedent

    The EU Open Source Strategy's free-software-first procurement mandate under CADA is the first binding EU obligation of this kind, establishing a legal baseline for open-source preference that national administrations can enforce in public tenders.

    Medium term · Assessed
  • Risk

    Without the €350m Sovereign Tech Fund getting a Commission host, the strategy's procurement mandate will create demand for open-source alternatives that European maintainer infrastructure cannot support at scale, repeating the Log4Shell-style maintenance gap.

    Medium term · Reported
  • Opportunity

    The €2bn Open Internet Stack programme could seed European alternatives to US-dominated developer-infrastructure platforms (package registries, CI/CD tooling, code-hosting), reducing the supply-chain dependency that currently routes European developer activity through GitHub and npm.

    Long term · Suggested
First Reported In

Update #8 · Sovereignty law adopted; $40bn US chip buy

FSFE· 10 Jun 2026
Read original
Different Perspectives
United States (Google/Alphabet)
United States (Google/Alphabet)
Alphabet lost its final Android appeal on 2 July with no further court to hear it, a result its Computer and Communications Industry Association allies frame as precedent, not deterrence, since the €4.1bn fine changed nothing about Google's Play Store terms across eight years of litigation.
UK Department for Science, Innovation and Technology
UK Department for Science, Innovation and Technology
DSIT opened its £96m second Sovereign AI wave on 3 July, switching from April's equity stakes to fixed-price contracts because Britain has no domestic hyperscaler or Bpifrance-style lender to fund capacity another way. It is betting on buying outcomes it controls alone rather than joining an EU-wide framework.
German federal government
German federal government
Berlin backed both German deliverables this week, Infineon's fab and Aleph Alpha's merger, but is finding one far harder to close than the other. It wants enforceable protective rights inside Cohere's cap table before the merger closes, a legal instrument the Bundeskartellamt has no filing to review yet.
European Commission
European Commission
The Commission banked a clean CJEU win on the eight-year Android case on 2 July, removing Google's last comparator argument before President von der Leyen rules on the far larger DMA self-preferencing fine due 27 July. Brussels treats Infineon's early Dresden delivery as proof the Chips Act mechanism works, at the node Europe already led.
Bruegel (EU industry sceptics)
Bruegel (EU industry sceptics)
Bruegel economist Mario Mariniello argued the EU sovereignty package mimics US and Chinese strategy while EU cloud providers hold roughly 15% of their home market; using nationality as a proxy for security without fixing the underlying capital and energy gaps that drive the dependency creates €86bn of migration cost without the security benefit it is sold as delivering.
France
France
France published a joint sovereignty definition with Germany at VivaTech and mobilised €13bn under Tibi Phase 3, placing SAP's partnership with Mistral as the working proof that a German enterprise-software giant running a French sovereign model inside public administration is what digital sovereignty looks like in practice.