Some Thoughts on the Institutionalisation of Software

12 November 2023

Author: Astor Nummelin Carlberg

Those of us engaged in the politics of software now know that a new era in digital policy is taking shape, characterised by the institutionalisation of the software market. The technology sector is no stranger to cycles of innovation, disruption, and regulation. These cycles tend to lead to an institutionalised market replete with established regulations, governing bodies, and associations. This framework will delineate the winners and losers for the ensuing decades. Although this is a novel era for software, it echoes patterns recurring throughout history and across various technological spheres. What we need to ask ourselves, to paraphrase Professor Debora Spar’s key inquiries concerning her framework for technological regulation: Why do these new rules emerge? And who will be the primary players in their formation?

We are arguably witnessing the end of this cycle within the software industry: a once open period of innovation, exploration, and discovery has resulted in market winners and governmental bodies coalescing to make it more structured, and perhaps more rigid. It appears that we’re in the middle of the transition into a state of regulation and institutionalisation. Though this may sound deterministic, the results of this process remain uncertain. Who will be the winners and losers among nations and corporations? Which innovation model will prevail after decades of competition: closed or open?

OFE’s Concerns

Simultaneously, as we observe and participate in this process, open source software (OSS) serves as the foundation of our digital world, underpinning the majority of software applications that govern our lives, industries, and societies. With an estimated 80-90% of all software licensed under an open source licence, it’s critical to realise that discussions on software regulation and institutionalisation is inherently a discussion of the future of open source and open innovation. These are delicate ecosystems predicated on a social contract of reciprocity and sharing that has given rise to the most valuable value chain in history.

What’s also noteworthy is that these cycles have historically occurred in verticals, while the software market is horizontal. Consequently, institutionalisation and regulation will have both direct and indirect impacts on all societal sectors. Have the drivers behind this institutionalisation assessed the full impact, one might ask?

Regulatory Developments

Recent years have seen developments indicating we are heading towards institutionalisation, which will shape the future of software. EU legislative proposals like the Cyber Resilience Act, the New Product Liability Directive, and the AI Act are paving the way for future regulatory landscapes. These pieces of legislation propose a comprehensive revision of requirements and obligations for every part of the software ecosystem, from individual developers to large companies creating and using software. Intriguingly, although these laws primarily regulate open source—since most of today’s software is open source—they scarcely reference this innovation model. A number of unintended impacts that would follow have already been identified.

Addressing Old and New Paradigms

These proposals, and their deficiencies, have provoked several reactions. Major open source foundations are responding by hiring policy professionals to liaise with governments and regulators. I interpret this professionalisation of interactions between OSS entities and public bodies as another aspect of the institutionalisation process. Global coordination to respond to governmental attention is in progress.

But there are other new players in this policy field. ‘Traditional’ security-focused think tanks have acknowledged the significance of open source for our infrastructure’s resilience, the geopolitics of open source, and more. We welcome their novel perspectives and analytical tools of their very able and skilled analysts. Bringing open source into the ‘old world’ of trade policy, defence policy, and procurement policy—i.e. national security priorities—is intriguing and important. However, their top concerns might differ from those organisations focused primarily on the open/closed spectrum.

Instead of thrusting the new into the old, by for example extending old liability regimes based in the hardware world to software, we should pursue an institutionalisation that understands the nature of software as replicable intangibles and does not ensure stability by favouring incumbents.

Roles and Reactions of Companies

Within the software market, the emergence of winners or companies at an unprecedented scale may indicate this process’s progression. Historically, market winners coming out of the innovation phases gradually not only embrace regulation—they invite it. A more rigid market is often in the interest of the incumbents.

Large companies have mechanisms to handle governmental attention. For us at OFE, observing how prepared or mature the open source ecosystem is to deal with it will be interesting. Global efforts like the Open Policy Alliance and events such as the Open Source Congress in Geneva this summer aim to foster global dialogue on the evolution of OSS amidst this institutionalisation. Yet, while open source is everywhere, its institutions are small and often non-profits. And if compared to successful tech companies, they are minuscule in terms of revenue and staff.

On a smaller, yet extremely important scale, we’ve observed the formation of APELL – the European Open Source Business Association. We view this as a timely milestone in the political representation of OSS in Europe. APELL strives to protect and promote the interests of open source SMEs—the companies creating software at scale in Europe. Just a few years ago, this group was far removed from political discussions. They are the proverbial canary in the coal mine in this process, and their voices should too be heard.

Beyond Europe

In the United States, proposals for substantial investment to secure the global software supply chain have emerged. Initiatives like OpenSSF and events like the White House Open Source Security Summit indicate the increased political focus on the open source software ecosystem. There’s ongoing dialogue between the White House and large software companies, who comprise a significant part of the OSS ecosystem in the United States.

It’s also worth taking a look at government attention to OSS in China. The Chinese Communist Party has outlined a robust commitment to open source in its latest 5-year plan. It has established a set of distinct goals which encompass nurturing domestic open source communities, alleviating patent risks for new technologies, actively participating in international open source ecosystems, and fostering the development of open source mobile platforms. Additionally, they are putting an emphasis on accelerating the growth of international communities and platforms, alongside the advancement of artificial intelligence through open source communities. This ambitious approach signifies China’s understanding of the strategic advantages and economic opportunities that open source presents.

Is This New? Is This Different?

While these developments mark a significant shift in the digital landscape, they also reflect the evolution of institutional frameworks for past transformational technologies. The key difference is that software is omnipresent and underpinned by an open source ecosystem that few policymakers fully grasp.

At OpenForum Europe, we assert that the design of these institutional frameworks will decide the future winners and losers. As advocates for open source, open technologies, and open innovation, we are committed to help shaping these emerging institutions to preserve the principles that have made open technologies the driving force of innovation it is today.

Keep in mind, however, that this may be uncharted territory for software, but similar transitions have occurred frequently throughout history. Drawing on these historical lessons, OFE aims to collaborate with all stakeholders to ensure that openness remains central to the new software institutions. Our goal is to foster a digital future that is user-centric, competitive, sustainable, and inclusive of broader communities that don’t necessarily fit within the old economy’s regulatory frameworks. That’s how we ensure that our future is resilient, inclusive, and innovative.