The EU Open Source Policy Summit 2025, held on 31 January in Brussels, brought together policymakers, industry leaders, and open source advocates from across Europe to discuss the crucial role of open source software (OSS) in shaping Europe’s digital future.
With the advent of a new Commission – which shortly after the Summit released its annual 2025 Work Programme – and the upcoming Multiannual Financial Framework (MFF) negotiations, now is a critical time to think about open source in the EU’s digital and industrial policy ambitions, as well as its future postures towards competitiveness and simplification. During the Summit, panellists and attendees shared their perspectives and proposed new ideas and strategies for shaping the digital policy framework over the next five years. Here are some of our key takeaways.
Takeaway #1: Open and collaborative innovation solves the dilemma of competitiveness and sovereignty
“If we are to have answers to Draghi and to Letta, to the Competitiveness Compass that was put to us, [then] open source needs to be part of the answer.” – Pearse O’Donohue, DG-CNECT, European Commission
The EU Open Source Policy Summit 2025 underscored that open source is not just compatible with Europe’s twin ambitions of competitiveness and sovereignty—it is fundamental to achieving them. Open, collaborative innovation empowers Europe to create its own digital future, reducing dependency on a small number of technology providers while strengthening its competitiveness.
The advent of DeepSeek has made the connection between competitiveness, sovereignty and open source abundantly clear — now it is time for Europe to create its playbook.
Cristina Caffarra, an economist and advocate for digital sovereignty, issued a stark warning about Europe’s reliance on a small number of non-European tech giants: “We are colonised by Big Tech, with 90% of our infrastructure owned by them.” This dominance, she argued, creates critical vulnerabilities in supply chains and data sovereignty, making it imperative for Europe to take a more assertive approach in fostering homegrown technological capabilities.
A key proposal emerging from the Summit was the creation of a European Open Source Cloud and AI ecosystem, ensuring that open technologies form the backbone of digital services rather than relying on a limited number of proprietary providers. This vision aligns with the goals of past EU initiatives like GAIA-X, which aims to build a federated European data infrastructure, and the EuroStack initiative, which was discussed at the BruxConf2025 the day before our event and elaborated in a subsequent report.
As the European Commission starts its new term, with the release of its 2025 Work Programme and upcoming Multiannual Financial Framework (MFF) negotiations, the role of open source in the EU’s digital and industrial strategy has never been more relevant. The discussions at the Summit reinforced that open, collaborative innovation is not just a means to an end—it is the bridge that reconciles the EU’s pursuit of both sovereignty and competitiveness.
Takeaway #2: Now is the time to invest in open source maintenance and security
“Treating open source as a public good means that we all need to work together to maintain it.” – Felix Reda, GitHub
One of the most pressing issues discussed was the sustainability of open source projects, particularly regarding their long-term maintenance and security. While OSS is at the core of Europe’s digital infrastructure and supports independence, competitiveness and innovation for the European economy and society, many foundational projects suffer from chronic underfunding. Speakers stressed that policymakers and industry leaders must move beyond one-time grants and short-term funding cycles toward structured, ongoing investment models that prioritise maintenance, security updates, and contributor support.
Pearse O’Donohue from the European Commission highlighted that too often, public and private funding is directed toward launching new open source projects, while existing software, which underpins everything from public services to enterprise systems, remains neglected. He stated: “We fund a project for a limited number of years, and then gently disappear.” The risk for our ecosystem moving forward is that without continuous investment, security vulnerabilities can accumulate, exposing critical infrastructure to cyber threats.
To address this, panellists at the Summit discussed the development of EU-backed funding mechanisms that provide stable financial support to maintainers and security professionals working on essential OSS. This could take the form of dedicated European Open Source Maintenance Grants or a public fund that ensures key projects receive the necessary resources to remain secure and operational.
In the coming months, we will be working on a feasibility study for such a fund with GitHub, Fraunhofer ISI and Dr. Thomas Streinz of the European University Institute, which OFE Policy Advisor Nicholas Gates discussed more at FOSDEM the weekend after the event.
Takeaway #3: Building sustainable open source ecosystems remains challenging but necessary
“The existing funding framework is too slow. Traditional funding models can be too slow, limiting adoption and spread of open source technologies. […] We must meet the needs of developers and projects. Make it easier for open source developers and projects to access funding.” – Markus Rettstatt, Mercedes-Benz
In addition to the maintenance and security challenge, a key challenge for the open source ecosystem on a more macro level is the lack of sustainable funding models more broadly. As Gabriele Columbro from Linux Foundation Europe highlighted, there is a gap in the European funding landscape. Columbro emphasised that while funding is available for early-stage open source projects, that seed investment is not matched with a rich ecosystem of businesses built on open source technologies that can then take on those projects.
Adriana Groh from the Sovereign Tech Agency emphasised the importance of recognising and supporting the often-overlooked foundational technologies that power modern digital infrastructure. “Sovereign technology is not a nice-to-have, but a must-have, because we use it every day,” she stated. Without sustained investment, critical projects risk abandonment, leading to major security and reliability concerns, as we highlighted in the first takeaway.
For many, the key issue is that while companies and governments benefit from OSS, many projects depend on unpaid contributors or short-lived grants. To tackle this issue, experts at the Summit proposed several measures, including mandatory funding contributions from corporations using OSS and the adoption of fair compensation models for maintainers.
Takeaway #4: Open source is being increasingly regulated in Europe, and the new challenge is implementation and compliance
“In Europe, we really have the need to act really fast and put [us] in a position where we can fight for our rights, our freedoms, our values. There is a [lot of talk] but the action is missing.” – Frank Karlitschek, Nextcloud
To ensure open source growth aligns with European strategic interests, policymakers are considering new regulatory frameworks that more accurately safeguard the interests of the open source community and in some cases even promote it. These will be discussed in various contexts which might include the Public Procurement Directives and a new EU Open Source Strategy.
At the same time, we are entering the implementation phase of some big pieces of technology regulation, such as the Cyber Resilience Act and EU AI Act. While the open source ecosystem has spent four decades building legal expertise, the focus has been on copyright. Market regulation for software is completely new and open source organisations are now working hard to prepare. “[The focus on regulation] has put more of a burden on the foundations. I can’t promise there will never be unintended consequences again, but we are better equipped than we have ever been before,” said Mike Milinkovich, Executive Director of the Eclipse Foundation.
The Summit explored ways to provide legal and financial incentives for European companies that contribute to open source. These could include tax incentives, grant programs, and government-backed security audits to ensure OSS remains safe and trustworthy for widespread adoption. EU lawmakers are considering policies that would require organisations using OSS in critical infrastructure to contribute financially to security audits and maintenance efforts. Another critical aspect of policy discussions was cybersecurity regulation and the implementation of the CRA, where there is a need for clearer standards and accountability mechanisms.
Takeaway #5: The importance of inclusive and balanced collaboration for open source success in Europe
“Collaboration is everything: collaboration within the public sector, collaboration between governments, collaboration within the open source community. […] We need to make sure the concept of open collaboration is well understood.” – Jutta Horstmann, German Center for Digital Sovereignty (ZenDis)
Although the Summit focused on strengthening Europe’s position in the open source ecosystem, many participants acknowledged the importance of global collaboration to achieve Europe’s policy ambitions, as well as ensure they are in conversation with what is happening globally. This was at the heart of the intervention from Omar Mohsine and the UN Tech Envoy Mr. Amandeep Singh Gill, which showcased the work of the UN Office of Digital and Emerging Technologies (UN-ODET) on global open source collaboration and the steps they are taking to link up communities, most notably through its annual OSPOs for Good Symposium.
Panellists called for a balanced approach that prioritises European technological autonomy while ensuring that open source projects remain open, inclusive, and accessible to developers worldwide, as well as sharing European collaborations and values globally. It’s easier said than done, though. As Daniel Goldscheider, CEO of the OpenWallet Foundation, noted: “When you talk about public-private collaboration, it’s very easy to say ‘That’s something we can do’, but it’s much harder to get all the right players to the table.”
Additionally, there was discussion about diversifying the open source ecosystem by supporting underrepresented communities, including women and developers from the Global South. Ensuring that OSS is not dominated by a few large players was seen as a crucial step towards fairer and more resilient digital infrastructure globally.
Conclusion: European leaders need to invest in open source to secure a digitally sovereign Europe
The EU Open Source Policy Summit 2025 reinforced that open source is not just a technical issue – it is an imperative, vital and strategic priority for Europe’s many policy ambitions, including digital sovereignty, competitiveness, security, and economic growth. However, to fully realise its potential, open source ecosystems require robust and sustainable investment, strong yet carefully considered regulatory support, and a commitment to long-term security and maintenance of the open source code at the heart of it all.
By shifting funding priorities toward ongoing support for maintainers and security infrastructure, promoting open source-first policies in public institutions, and fostering global collaboration, Europe can position itself as a leader in open source collaboration for our digital age. The message of the open source community ought to be clear: open source is the foundation of a free, innovative, and sovereign digital Europe – and now is the time to invest in it.