🠄 Back to blog

The year 2024 in Review: Open Source and Digital Sovereignty in Europe

2025-01-01

Open Source and Digital Sovereignty: The Year 2024 in Europe.

The year 2024 has been a pivotal one for the intersection of Open Source software (FOSS) and digital sovereignty in Europe. With increasing awareness of the strategic importance of controlling digital infrastructure and data, the debate has moved from theoretical discussions to concrete actions, policy proposals, and real-world implementations. Throughout the year, we've seen a flurry of activity across the continent, with governments, organizations, and individuals grappling with the complexities of achieving true digital independence in an interconnected world.

A Year of Awakening and Action

One of the key themes that emerged in 2024 was the recognition of FOSS as a fundamental pillar for digital sovereignty. This wasn't just about reducing costs or avoiding vendor lock-in; it was about reclaiming control over technology, data, and ultimately, the digital destinies of European citizens and businesses.

APELL, representing the interests of European Open Source businesses, significantly stepped up its activities in 2024. The organization's conference in Berlin served as a rallying point for the European FOSS community, bringing together industry leaders, policymakers, and advocates to discuss the path forward.

A key takeaway from the conference was the urgent need to move beyond mere rhetoric and towards concrete actions. APELL's establishment of a permanent presence in Brussels, with a dedicated Director of EU Government Affairs, marked a significant step in this direction, strengthening the organization's ability to engage with EU institutions and influence policy.

The Cyber Resilience Act (CRA) Takes Center Stage

The Cyber Resilience Act (CRA) became a major point of discussion and contention in 2024. While intended to enhance cybersecurity across the EU, many in the Open Source community, including the CNLL and APELL, expressed serious concerns about its potential impact on FOSS projects. The ambiguous definition of "commercial activity" and the disproportionate compliance burdens placed on smaller, non-profit initiatives were major sticking points.

Throughout the year, we saw organizations like the APELL, Eclipse Foundation, the Linux Foundation Europe, OW2, the Open Source Initiative (OSI), etc. actively engaging with policymakers to address these concerns. They argued that the CRA, as initially drafted, could stifle innovation, discourage contributions, and ultimately undermine the very security it aimed to improve. This debate highlighted the crucial need for a nuanced understanding of the FOSS ecosystem and its unique development models when crafting regulations. The pushback against certain aspects of the CRA, and the call for clearer definitions and exemptions for non-commercial FOSS projects, demonstrate the growing influence of the Open Source community in shaping policy.

At the end of the year, the CNLL published a guide for FOSS actors, to help them navigate the complexities of the CRA.

Public Procurement: A Lever for Change

APELL and other F/OSS advocacy organizations across Europe continued to champion the "Public Money, Public Code" principle, urging governments to prioritize Open Source solutions in public procurement. The organization highlighted the need for procurement policies that recognize the specificities of F/OSS business models and support the growth of European SMEs. They specifically advocated for a "Buy European Act" for software. Germany's OZG 2.0 law, mandating a preference for Open Source in federal procurement, served as a notable example.

The Open Source Monitor France study, while led by the CNLL, Numeum, and Systematic, provided valuable data to support APELL's advocacy efforts. This was the first large scale study to do so in France. It showed high levels of Open Source adoption in France, but also revealed a gap between usage and strategic integration.

Digital Sovereignty: Beyond the Buzzword

In 2024, discussions around digital sovereignty matured, moving beyond simplistic notions of data localization. The debate encompassed a broader understanding of:

  • Technological Independence: Recognizing the need for European control over critical digital infrastructures, from hardware to software, with projects like the proposed "Euro-Stack" gaining traction. The critique of the "cloud de confiance" strategy in France, which relied on licensing US technologies, highlighted the limitations of a purely legalistic approach to sovereignty.
  • Economic Resilience: Promoting a thriving European digital industry, particularly supporting SMEs, became a key aspect of the sovereignty debate. APELL and others advocated for a "Buy European Act" for software and emphasized the importance of public procurement in fostering a robust FOSS ecosystem, as noted above.
  • Ethical and Societal Considerations: Digital sovereignty was increasingly linked to European values, including data protection, privacy, transparency, and democratic control over technology. The discussions around AI, particularly in the context of the EU AI Act, reflected these concerns. The debate also touched on the need for digital literacy and a workforce skilled in Open Source technologies.

A Call for a "Euro-Stack"

One of the most ambitious ideas to emerge from the discussions in 2024 was the concept of a "Euro-Stack" – a fully European, Open Source-based digital infrastructure. This vision, championed by organizations like EUCLIDIA and supported by open source advocates, aims to provide a viable alternative to the dominant US cloud providers, ensuring greater control over data, enhanced security, and a more level playing field for European tech companies. The Sovereign Cloud Stack (SCS) project was often mentioned as an example of such an initiative.

Open Source vs. "Techno-Feudalism": A Clash of Visions

2024 also saw a sharpening of the debate between the Open Source model and what some, like Yanis Varoufakis, have termed "techno-feudalism." Varoufakis's critique, detailed in his book, argued that platforms like Amazon, Google, and Facebook have created closed "cloud fiefs" where users produce value without compensation, enriching the platform owners. He sees this as a fundamental shift from capitalism to a new form of feudalism driven by digital technology. This analysis resonated with many in the Open Source community who have long warned about the dangers of centralized platforms and the concentration of power in the hands of a few tech giants.

In response to this trend, FOSS advocates, including Stefane Fermigier of the CNLL and Tariq Krim, founder of Jolicloud and Netvibes, presented Open Source as a counter-model. They emphasized its potential for creating decentralized, interoperable systems that empower users and promote digital sovereignty. They also championed the idea that "worse is better" when it comes to software, arguing that simpler, more modular systems are often more resilient and adaptable than complex, monolithic ones. This principle, long embraced by the Unix community, was presented as a key advantage of the Open Source approach. This concept was notably explored in a presentation by Stefane Fermigier.

The Call for EU-Linux

Adding to the growing calls for action, an Austrian citizen launched a petition at the European Parliament, calling for the development and deployment of an open source Linux-based operating system, named "EU-Linux," across all EU public administrations. This proposal, intended to reduce reliance on proprietary software, strengthen GDPR compliance, enhance digital sovereignty, and promote transparency, received significant attention, demonstrating public interest in the issue, and a desire for concrete, open source solutions at the European level. Stefane Fermigier published a detailed analysis of the proposal, further fueling the debate.

EU Elections: A Test of Commitment to Digital Sovereignty

The 2024 European Parliament elections provided a crucial opportunity to assess the level of commitment to digital sovereignty and Open Source across the political spectrum. APELL and other organizations, including the CNLL in France and OSBA in Germany, engaged in outreach efforts to raise awareness and gauge candidate positions on these issues.

The CNLL sent a detailed questionnaire to French political parties, probing their stance on digital sovereignty, FOSS adoption in public administration, support for European SMEs, and the role of open source in education and innovation. However, the response from mainstream parties was disappointingly muted. Only Volt France and the Parti Pirate responded substantively, demonstrating a strong commitment to FOSS principles and proposing concrete measures to promote its use.

This lack of engagement from major parties raised concerns about the depth of understanding and commitment to digital sovereignty within the broader political landscape. It suggested that, despite the rhetoric, many policymakers still view open source as a niche issue rather than a strategic imperative. The Open Source Business Alliance (OSBA) in Germany had more success in engaging with political parties, and published a detailed analysis of their positions.

The election results and the subsequent formation of the new European Commission will have a significant impact on the future of open source policy in Europe. The degree to which the new Parliament and Commission prioritize digital sovereignty and embrace FOSS as a key enabler will be closely watched by the open source community in the coming years. There are, however, some reasons for optimism, with Henna Virkkunen, a known supporter of open source, being appointed as executive vice president for Tech Sovereignty.

Concrete Initiatives and Emerging Trends

Beyond the policy debates, 2024 saw several concrete initiatives and emerging trends:

  • Skills and Education: Recognizing the critical skills gap, there was a strong push for integrating open source principles and practices into education at all levels. Proposals included specialized training programs, OSPOs in universities, and curricula that emphasize digital literacy, ethical considerations, and practical FOSS development skills. The Open Source Observatory published a factsheet detailing the role of open source in Irish education, suggesting a rising trend.
  • Funding and Investment: The need for sustainable funding models for FOSS projects was a major point of discussion. The Sovereign Tech Fund in Germany was cited as a positive example, and there were calls for similar initiatives at the European level. The NGI0 Commons Fund, managed by NLnet, was also highlighted as an important initiative.
  • The Role of s: Open Source Program Offices (OSPOs) were increasingly recognized as vital for bridging the gap between public administrations and the FOSS ecosystem. The OSPO Alliance and the OSPO++ network played key roles in promoting best practices and fostering collaboration. The Brno Open Source Declaration was also highlighted as a framework for establishing national OSPOs.
  • The Cloud Conundrum: The debate surrounding the "cloud de confiance" strategy in France intensified, with critics arguing that it ultimately favored US tech giants. The Health Data Hub controversy reminds us of the challenges of data sovereignty in the cloud era, as well as a clear example of the failures of the current French approach, choosing to prioritize using US-based solutions over local alternatives. The Cigref (a French association of large companies and administrations) supported the government's approach.
  • The Geopolitical Dimension: 2024 saw an increased awareness of the geopolitical implications of digital sovereignty. Discussions highlighted the extraterritorial reach of US laws like the CLOUD Act and FISA, the risks of relying on Chinese technology, and the need for Europe to chart its own course. The year also saw the publication of a report on data vulnerabilities in the European defense sector, as well as increased scrutiny of real-time bidding and its implications for surveillance.

Looking Ahead

While 2024 was a year of intense debate and growing awareness, it also laid the groundwork for future action. The APELL conference in Berlin, and the Open Source Experience event in Paris, provided platforms for stakeholders to discuss concrete steps towards achieving digital sovereignty through open source.

The discussions in 2024 made it clear that digital sovereignty is not a simple, monolithic concept. It requires a multi-faceted approach that encompasses technological development, economic policies, legal frameworks, and a fundamental shift in mindset. The FOSS community, with its emphasis on collaboration, transparency, and user empowerment, is uniquely positioned to play a leading role in this transformation.

As we move forward, it will be crucial to translate the ideas and proposals discussed in 2024 into tangible actions. This will require continued engagement between policymakers, industry leaders, and the FOSS community, as well as a sustained commitment to investing in European talent, innovation, and infrastructure. The year 2024 has set the stage for a critical juncture in Europe's Digital Decade, and the coming years will determine whether the continent can truly reclaim its digital destiny.