Summary from the EU Open Source Policy Summit 2023
Some takeaways after two intense days in Brussels, including the #EUOpenSource Policy Summit 2023 hosted by OpenForum Europe.
- Open source has started to come up on the agenda among policy and decision-makers on the European level. Policy goals mainly center on interoperability, innovation, and digital sovereignty. The latter is emphasized through the ongoing war in Ukraine.
- Governments at all levels have started to establish centers of competency and support for open source, also known as Open Source Program Offices (OSPO). The Netherlands announced it is launching one on the departmental level. Other examples include the City of Paris, Trinity College in Ireland, and the Center for Digital Souverignity in Germany.
- The EU Commission OSPO has established a network gathering these different OSPOs through which common challenges can be discussed and collaboratively addressed, highlighting the spirit of openness and helping governments on all levels to progress and establish their own OSPOs.
- Digital sovereignty is about technological independence and the ability to make a free and independent choice based on needs and values. Open source is a means to achieve such independence. It is not about setting up a digital border between Europe and the rest of the world and creating European OSS.
- Software security is a topic of general concern and specific to OSS. Several aspects are highlighted. One is general and open access to source code and vulnerability data. Another is contributing to and ensuring the sustainable maintenance of critical open source projects. Auditing and capacity building is also highlighted in terms of heightening security and becoming more proactive regarding vulnerability management.
- Different funding options are being trialed by public and private actors in isolation and collaboration. The German Souverign Tech Fund is a leading and exciting example of a government approach. Open Source Security Foundation drives an initiative mainly financed by private actors. The Open Tech Fund represents a collaborative effort across the sectors.
- Policy regulators are easily confused by the complexity and reality of how open source works and is developed. For example, requirements and demands should be directed to the companies and entities putting out products and services based on the open source rather than the individuals and communities maintaining the open source for free and providing it as-is.
- Collaborative requirements specification and dialogue, along with the provisioning of open APIs, are two means for public sector organizations to push and enable innovation and competition among software suppliers, explicitly allowing for the growth of SMEs and open source-based solutions.
- Co-opetition among vendors should be encouraged.
- The value, and foremost the sustainability of open source, is enabled through reciprocity. It does not come automatically but requires a collaborative and open mindset and culture among suppliers and users in the public and private sectors.
- Contribution and sharing of IPR, including patents, contribute to the open and “permissionless” development that, in turn, is what drives innovation and collective value creation. Opening up interfaces and enabling data portability is another driver. The latter is promoted and enforced through regulations like the Digital Markets Act, highlighting the driving role Europe has in terms of policy-making balancing between power and role of market and government.
- Open source provides numerous yet untapped opportunities for the public sector, e.g., providing innovative citizen services at a lower cost. Covid pass exemplified.
- There is a need for a talented workforce for a sustainable open source ecosystem. This needs to start early in the educational system but also as part of life-long learning. The public sector also requires training to become more attractive for the talented workforce and to understand how to tap into the many opportunities open source provides. Hackers-in-residence has been highlighted multiple times.
And that’s mainly from various talks and panels. Topics, ideas, and projects resulting from hallway tracks and 1on1 discussions are not included :)