Johan Linåker

Senior Researcher at RISE Research Institutes of Sweden and Adjunct Assistant Professor at Lund University

17 minute read

TL;DR / Summary:

  • Digital sovereignty (i.e., having control and influence of your own digital destiny and infrastructure) is being iterated across the board in the last couple of months.
  • The new German Coalition Treaty is a fresh signal of where we are heading, various governments decision to pivot towards European cloud vendors another.
  • These and other calls both take different and overlapping paths to how sovereignty can be gained, but open source is typically highlighted as one.
  • Open strategic autonomy highlights how sovereignty can be gained while promoting interoperability, reuse, and collaboration.
  • Open source provides a tool for growing an open strategic autonomy (i.e., sovereignty), meaning, you can have control and influence without having full ownership of the technology, -and- without closing down and isolating yourself from the rest of the world
  • To use a tool correctly, the necessary capabilities and know-how are needed and come through a skilled workforce.
  • Capabilities need to be grown together across all levels of society and industry, requring several actions, including:
    • Cross-cutting training and skills development progames
    • Promotion of sustainable business ecosystems
    • Strong policies and strategies for public sector and industry with the necessary support structures in place
    • Long-term strategic planning of procurement, incentivizing business investments
    • Government facilitation and seed funding for key verticals
    • Joint and overlapping investments in maintenance of key and foundational technologies
  • Strategic planning is needed for how to leverage capabilities appropriately. By investing and contributing to key technology, control, and influence are gained that help steer technologies in alignment with internal goals.
  • There are several front-runners setting an example for how to grow and leverage the necessary capabilities and several examples of initiatives and solutions that provide viable alternatives to existing solutions where external dependencies are an issue.
  • Germany provides a rich example with their Centre of Digital Sovereignty (ZenDIS), Sovereign Tech Agency, Open Source Business Alliance, and solutions such as OpenDesk, along with clear and repeating strategies pointing to the road ahead.
  • The first order of business for anyone should be to look both inwards and outwards. Ask what the potential risks and threats are for your organization or level of government and whether plans and capabilities for resilience and contingency management are appropriately sized. Ask how others are working to achieve control and influece over their own digital future.
  • Last but not leaast, I find it important to iterate that open source is a powerful tool in many ways. For growng collaboration, while promoting competition; for gaining control of technology, while enabling interoperability; for solving your own needs, while benefitting others. It is a tool for breaking dependencies while building bridges at the same time. Use it accordingly.
Increasing need for control in a world that's turning

The world is turning in a strange way these days. Tariffs and sanctions are increasingly used to pressure and push agendas onto others. Digital sovereignty has, accordingly, singled up to a more general discourse and top of people’s minds. Sense of urgency is now moving beyond data sovereignty (and whether the Trans-Atlantic Data Privacy Framework gives any comfort or not) to the broader question of “what if” - what if tariffs and sanctions are brought into the software domain (beyond what it already has)? What if large foreign vendors and service providers are required to pull the switch? Speaking for most of Sweden, we would be shut down. From a European standpoint (and for many other geograohical regions as well), governments and industries need to think about how they can gain control of their own infrastructure, data, and digital future (because most probably they aren’t).

Enter digital sovereignty, but what does it actually imply? In essence, it comes down to having control and influence over your own digital destiny and design choices. You can make these decisions based on your own norms, values, and legislation. By extension, this is no different from being free from lock-in to vendors, platforms, technologies, and data formats at large, a type of independence most have been seeking way before the recent turn of (global) events.

The next question is, how do you gain and ensure your digital sovereignty? There can be many answers to this question. This post will be dedicated to one, as highlighted in the title, the Open Way. This is implicitly hinted through the aligning construct of open strategic autonomy. This construct, which I find more heavily used in the EU context, highlights the importance of growing and maintaining strategic autonomy (or sovereignty) while promoting interoperability, data portability, collaboration, and the sharing and reuse of digital assets across borders. Strategic autonomy does not come at the expense of interoperability; they come hand in hand.

- “[Open Strategic Autonomy] reflects the EU’s fundamental belief that addressing today’s challenges requires more rather than less global cooperation… Open strategic autonomy is a policy choice, but also a mind-set for decision makers. It builds on the importance of openness, recalling the EU’s commitment to open and fair trade with well-functioning, diversified and sustainable global value chains”

While this post will zoom in on open source -software-, the Open way includes a whole tool suite of open technologies, i.e., technology-related artifacts that is shared, reused and collaboratively developed between its users and stakeholders. This also includes open source AI, open standards, open hardware, open knowledge, and open innovation. Making and keeping knowledge open gives you transparency, flexibility, and control of your digital assets. Of course, this does not come by default. To benefit from a tool, you need to know how to use it; otherwise, you might risk causing harm far outweighing the positives.

Growing the capabilites necessary to gain control

To grow open strategic autonomy, you need to grow the right capabilities for leveraging the various tools. For Europe, this implies all levels of society and industry. Joint capabilities are needed to create and influence key technologies to leverage open source strategically and long-term.

Capabilities, in turn, are made up of people. People with the mind and skillset required to understand and master how open source works, both in culture and practice. People, including engineers and artisans, who can leverage the arts and sciences, along with knowledge and curiosity, to drive innovation and solve complex problems.

While there definitely is quality, Europe still lacks the necessary quantity of people with the required mind- and skillset. Training and skills development on STEM and open technolgies must be pushed more strongly through the Skills agendas both on the European and national levels, and injected through elementary and high school, higher education, and lifelong learning. The current generational shift happening in open source is not leaving Europe unaffected. Training programs must consider roles across society, from policy and decision-makers to procurement officers, civil servants, product owners, developers, IT technicians, etc.

Beyond skills training, there is also a need for significant growth in entrepreneurs and SMEs that can help to serve the many specialized needs of Euroepan industries and society. Public sector organizations, especially on the municipal level, generally lack the technical capabilities themselves and are dependent on suppliers that can offer and support the adoption of the many open source solutions available.

The public sector must enable and promote new and existing open source solutions and vendor ecosystems by considering open source options in public procurement firsthand (on an equal and just level with other options). While policies advocating or requiring such considerations keep on popping up (EMBAG in Switzerland most recently), governments also need to explicitly define and describe how open source can or should be used as an instrument in their national strategies for digital transformation. Public sector bodies on across the different levels of government should further be supported in defining how open source may be leveraged in their own strategies for digital transformation, in line with the national strategies.

Having a policy and strategy is one thing, but implement is something else. The necessary support structures are needed for them to have any effect at all. Support functions such as Public sector Open Source Program Offices and the creation of public sector stewards, such as municipal associations that can provide means of pooling resources and building joint capabilities.

Such strategies should (among other things) show intent of dedicated and long-term investments into open source technology (i.e., going beyond words) to further incentivize SMEs to invest in existing and develop new open source solutions per market needs. Requiring open-by-default on outputs from R&I programs and convening industry (competition across) to trigger collaboration on commodity parts of the stack has also shown promise in nudging the European automotive industry, a recipe to trial in across other sectors as well.

Japan and South Korea present an additional take through the implementation of industry policy, encouraging the use of the open source in industry to strengthen the national sovereignty. In Europe, the trend is rather the opposite, with a clear focus on government. An example worth highlighting is the recent German Coalition Treaty between CSU, CDU, and SPD, taking an explicit and clear stance on the criticality of supporting digital sovereignty.

- “We ensure our digital sovereignty. We define cross-level open interfaces, open standards, and drive open source forward with private and public actors in the European ecosystem, including the Center for Digital Sovereignty (ZenDiS), the Sovereign Tech Agency, and the Federal Agency for Disruptive Innovation (SPRIND). For this, we strategically align our IT budget and set ambitious goals for open source.”

The German Coalition Treaty implicitly also highlights the importance of ensuring the robustness and security of the supply chain, public and collective funding is also needed to maintain the digital infrastructure. OpenForum Europe recently proposed a European Sovereign Tech Fund, styled after the Sovereign Tech Agency in Germany. Although the solution is not set, it is not a one fund to rule them all. A system of multiple and overlapping initiatives are needed to provide both short-term (e.g., audits and fuzzing) and long-term interventions (e.g., employment contracts and social benefits) from both private and public sides (e.g., through procurement and regulation). From a cybersecurity standpoint, Europe needs to ensure the sustainability of the building blocks its infrastructure is constructed by and stands on.

Execising the capabilites to gain control

While building the capabilities is one thing, another is knowing how to use them. There is, for example, no need to go about creating “European open source” solutions. Open source is borderless and ruled by those who develop the projects. If you’re not pleased, you are typically free to contribute and ideally influence it in a direction more favorable, although in co-opetition with the rest of the community. If you’re still unsatisfied, you can fork and continue in your preferred direction.

By extension, strategic autonomy through open source is built by growing and leveraging the necessary influence to steer the direction of key technologies in alignment with your own agenda. While tensions and restrictions apply in the physical world, these do not necessarily extend to the open source domain because open source is borderless. The communities collaborate on building commodity technology and platforms on which anyone is free to compete and differentiate.

Joint control requries joint effort

Europe is, however, not at a standstill. Front runners are doing a lot of work across the continent on various levels of government and parts of society. All parts are needed to grow a joint institutional capabilities and sovereignty.

On the national level, some countries stand out among others. In Germany, the work has been led since 2022 by the Center for Digital Sovereignty (ZenDIS), a dedicated state company under the Ministry of the Interior. ZenDIS also serves as a national OSPO and knowledge hub that supports capability and capacity development in the German public sector at all levels to increasingly use open source and open standards to strengthen national sovereignty. Corresponding work is carried out in France through the Interministerial Digital Agency (DINUM) and in Italy through Developers Italia (a joint initiative between the Department of Digital Transformation and the Agency for Digital Italy).

On the regional level, there have been strong movements for a long time towards open source as a means of promoting regional sovereignty in many Spanish regions, e.g., by localizing various open source solutions to the regional languages and culture. Galicia is one of the more progressive, recently releasing their latest open source strategy. Schleswig-Holstein in Germany is another prominent example, which through its recent strategy announcement are aiming to rid itself of proprietary solutions within a few years.

On the local level, multiple cities are leveraging open source to drive change and create independence. Large open source platforms have, through the years, come out of cities like Madrid (Consul), Barcelona (Decidim), Valencia (gvSIG), and Paris (Lutece). Many of the cities have established their own OSPOs, with Paris and Munich being among the more progressive. These larger and typically more resourceful cities play an essential role in supporting those less capable, democratizing digital transformation, and improving sovereignty on the national scale. The cities of Sundsvall, Bratislava, and Ventspils provide a guiding light for others to follow. Municipal associations taking on the role of open source stewards and centralized OSPOs also provide a critical role, including OS2 in Denmark, ADDULACT in France, VNG in the Netherlands, and Open Cities in the Czech Republic.

On a European level, the European Commission’s OSPO is a key driver and champion. One of their initiatives involves the EU OSPO network, which gathers many of the public entities mentioned above and others to share tools and knowledge on how open source can be leveraged to promote open government and innovation in their respective contexts. If you represent a public sector organization working strategically with open source in any way, I highly recommend reaching out and engaging in the network.

Finally, it is also important to recognize and highlight the broader industry and vendor ecosystem. Open source adoption would be far behind without their part and drive for innovation. Many vendors are organized in national open source vendor associations and united under APELL, their Eurpean umbrella. They provide an important voice for policymakers and governments on how to consider open source in relation to policy and in procurement and acquisition of new software services.

Eurostack, an initiative on growing and promoting a European technology stack, is a recent and quickly evolving example of how industry, SMEs, business associations, and Academia are starting to organize themselves in order to push policymakers towards a more sovereign agenda. Since the formal launch about a year ago in a high-level gathering at the European Parlament, the initiative seems to have split into one branch more focused on leveraging existing solutions on available, while another branch seems to be wanting to create a new stack from scratch. Despite inclination, they signal an overarching agenda that there is a need for action and provide a broad list of recommendations to consider.

Sovereignty through open source exemplified

There is already a lot of work being done throughout Europe to leverage, reuse, collaborate on, and get inspiration from far beyond the traditional tooling and infrastructure space. France and Germany, e.g., recently also together with the Netherlands, are working on developing entire office suites (OpenDesk and La Suite numérique) that can provide all the functionality that officials and civil servants may need daily.

The two initiatives are mostly packaging and adaptations of several existing open source solutions developed by European suppliers. The work is carried out in open and close collaboration with external actors to ensure sustainability in current solutions’ maintenance and service delivery. The German version is offered as a containerized solution for self-hosting as well as a SaaS and is reported to have 40,000 users and is growing.

Along with OpenDesk, there is also the OpenCode platform, a GitLab-based social collaboration and source code management platform for hosting German public sector open source projects (including OpenDesk). Again, this offers greater control of the development and maintenance efforts and removes doubts and risks related to data storage on foreign platforms while promoting increased share and reuse and co-development with the public sector (coming back to how open source adoption can be supported and enabled). Similar platforms are hosted in other countries, including the European Commission, and the ambition is for OpenCode to provide a blueprint for other countries. The platform today has about 5,400 users and 2,300 repositories, also growing.

Another example from Germany worth recognition, which I was introduced to during FOSDEM, is the Gesundheitsamt-Lotse project, a healthcare system developed by and for the German federal state of Hessen. It’s been developed using an agile approach in collaboration with teams of developers from external suppliers. New functionality is added continuously, increasing interest and contributions coming in from other federal states.

In Sweden, a corresponding development has taken off since the Swedish Tax Agency considered the communication tools Teams and Skype as not compatible with European data legislation. The work continued through the authority collaboration eSam, which, through a survey, identified various solutions for communication and collaboration. Similar to the French and German initiatives, it was found that there is no corresponding solution, but several modular solutions that together can constitute a comprehensive and alternative alternative.

Since identified solutions are based on open source and open standards, integration is simplified, as is the willingness to collaborate. This was subsequently demonstrated in the dialogues between authorities and suppliers of the various modular and open solutions. Today, the Swedish Insurance Agency provides an internal packaging of solutions such as Jitsi for video meetings and Nextcloud for document management. Similarly, suppliers like Redpill Linpro have started offering corresponding services via private cloud operations.

Many more examples can be found in the various public sector open source catalogs that have emerged across several European countries in recent years. A new development is the recent release of a European federated open source catalog created by the European Commission’s OSPO and hosted in the Interoperable Europe portal. It gathers public sector open source projects using the publiccode.yml metadata standard, including Italy, France, Germany, and the Netherlands.

What can you do today?

The intention of this post was to bring attention to how sovereignty, or open strategic autonomy, can be gained and maintained through an open approach. You can have control and influence without having full ownership of the technology, without closing down and isolating yourself from the rest of the world. The many examples highlighted above are just a sample of what’s being done out there and are meant to inspire but also as starting points for others to take off from.

Open source is not easy. It’s a change process involving culture, organization, processes, and, foremost, people. Going open or thinking open is not a default mindset. Learning from others is pivotal to accelerating the change process and key to building the institutional capabilities required for Europe to grow an open strategic autonomy, which is increasingly important.

With that, what can you do right now? What’s the next step in exploring how the open source tool suite can be leveraged to promote an open strategic autonomy for your organization and level of government? First, it’s realizing and understanding the way the world is turning and what threats and risks come with it. Second, it’s growing the courage to question existing setups and asking whether your organization has the resilience and contingencies needed should the potential threats and risks be realized. Third, it’s looking how others are doing to increase their control and influence of their digital future.

To kickstart and fuel conversations, reach out to the closest OSPO contact points within your own or external organizations. If you don’t know where to find them, consult the Open Source Observatory or reach out to the EU OSPO network, which will most probably be able to direct you. Continue by reading up on what policies apply to your organization, what specific jurisdiction or level of government, and what support there is to get (e.g., through the OSOR Intelligence reports). Further, investigate existing open alternatives to concerned parts of your software systems and infrastructure. Reach out to relevant initiatives and ask questions. Finally, consult the broader discourse on digital sovereignty for further inputs on ways forward. The Eurostack initiative, coming out of a wider community of industry and SMEs, provides a long set of potential actions.

Breaking dependencies, while building bridges

Before ending, I want to reiterate that open source has no borders. There are no flags or colors to it. It’s people collaborating and pushing the boundaries of innovation towards common goals. This is still true, covering everything from the SDGs and social challenges to industry verticals ranging from automotive, agriculture, and energy to infrastructure components powering everything from phones, dishwashers, space stations, and the Mars rover.

Open source is a powerful tool for growing collaboration while promoting competition, gaining control of technology while enabling interoperability, solving one’s own needs while benefiting others. With that in mind, it is also important to recognize the potential and need for leveraging open source as a tool for preserving the freedoms and values we care for and live by. Open source is a tool for breaking dependencies while building bridges at the same time.

Categories:

Updated:

You May Also Enjoy

Public Sector Open Source Projects – How is development organized?

12 minute read

While the practice and process for Open Source Software (OSS) development is quite explored in industry and general community contexts, less is known about how development is done on OSS in the public sector context, specifically those developed and governed by Public Sector Organizations (PSOs). To shed light on this, we looked at six mature examples of public sector OSS projects, identified b...

Health Check-ups on OSS Software Projects: Managing Risks while Promoting (Re)use

7 minute read

Getting an overview of Open Source Software (OSS) intake (including upstream dependencies) is a challenge as consumption is ever-growing. Each OSS component comes with a risk in terms of its ability to stay maintained long-term, with high quality and without interruption. Analyzing and monitoring the health of OSS intake can enable proactive management of potential risks, but it is also a mount...

Paper: Sustaining Availability of the Maintenance Labor with Human Infrastructure Key for Healthy Open Source Software Projects

11 minute read

We (Me, Georg Link, and Kevin Lumbard) explore how the health and sustainability of Open Source Software projects depends on the human activity invested by project maintainers and contributors. The activity invested is labeled Maintenance Labor and can, accordingly, originate from either the maintainers (Maintainer Labor) or the contributors (Contributor Labor). The latter includes the full spe...

Research on Experimentation in Game Development: Want to contribute?

1 minute read

As part of WASP-funded research project, we are investigating how game companies experiment with and evaluate new ideas, features, and changes throughout the development process. The goal is to be able to reject or accept any assumption about an idea as early as possible based on the experiment, for example, based on the technical and commercial viability among (potential) users. Earlier feedba...