The European Commission adopted an Open Source Strategy on Wednesday 3 June as part of its Tech Sovereignty Package, allocating €2bn over seven years for open-source accelerators, an Open Internet Stack, stewardship and skills, with a free-software-first procurement requirement for public administrations under CADA 1. The strategy operates at EU level what Germany's Sovereign Tech Agency already runs nationally , paying the maintainers of critical open-source software that public services quietly depend on. The gap is the funding vehicle: the €350m Sovereign Tech Fund proposed by OpenForum Europe still has no Commission host or budget line, so the EU-level equivalent of the German programme remains a plan rather than a payer. Recent Cyber Resilience Act guidance on open-source contributor liability cleared one obstacle the procurement mandate would otherwise have hit.
EU backs open source with €2bn plan
The EU adopted an Open Source Strategy worth €2bn over seven years on 3 June, yet the €350m Sovereign Tech Fund meant to pay maintainers still has no Commission host.
The EU pledged €2bn to open source, but the fund to pay maintainers still has no host.
Deep Analysis
Most European government websites, databases and services run on open-source software: computer code that anyone can view, modify and use for free. The EU adopted a strategy on 3 June to spend €2 billion over seven years supporting open-source software, including a rule that public administrations should prefer open-source tools in their procurement. The problem the strategy tries to solve is that governments rely on free software written by unpaid volunteers, who can burn out or stop maintaining it. When a bug appears in widely used code, governments have no way to pay for an urgent fix if no one owns the software. A proposed €350 million fund to pay professional maintainers would address this directly, but as of 10 June it has no home within the Commission and no confirmed budget line, so the most important part of the strategy is still unbuilt.
Open-source software represents approximately 70-80% of the code stack in European public administration, yet none of the maintainers of that code are funded by European institutions.
When a critical vulnerability appears in OpenSSL, Log4j or curl, European governments have no institutional lever to accelerate a patch because they have no employment or funding relationship with any maintainer. The Open Source Strategy is structurally a response to the 2021 Log4Shell crisis, which exposed European public services to a zero-day in unmaintained infrastructure.
OpenForum Europe proposed a €350m Sovereign Tech Fund to fill the maintenance gap, but as of 10 June 2026 it has no Commission host and no budget line. Germany's Sovereign Tech Agency funds its own maintainers at national level; the EU strategy creates a procurement mandate but no federal-level maintenance body to mirror it.
Until the €350m fund gets a Commission host and a budget line, the strategy's industrial substance is limited to demand-side procurement mandates rather than supply-side infrastructure investment.
- Precedent
The EU Open Source Strategy's free-software-first procurement mandate under CADA is the first binding EU obligation of this kind, establishing a legal baseline for open-source preference that national administrations can enforce in public tenders.
Medium term · Assessed - Risk
Without the €350m Sovereign Tech Fund getting a Commission host, the strategy's procurement mandate will create demand for open-source alternatives that European maintainer infrastructure cannot support at scale, repeating the Log4Shell-style maintenance gap.
Medium term · Reported - Opportunity
The €2bn Open Internet Stack programme could seed European alternatives to US-dominated developer-infrastructure platforms (package registries, CI/CD tooling, code-hosting), reducing the supply-chain dependency that currently routes European developer activity through GitHub and npm.
Long term · Suggested
Update #8 · Sovereignty law adopted; $40bn US chip buy
