🠄 Back to blog

RFC: Position paper on EU procurement for Open Source digital sovereignty

2025-01-26

The European Commission has launched an evaluation of its Public procurement directives with, among its stated goals:

  • enable preference to be given to European products in public procurement for certain strategic sectors;
  • help ensure EU added value and security of supply for vital technologies, products and services;
  • modernise and simplify public procurement rules, in particular with EU start-ups and innovators in mind.

(Source: Political Guidelines 2024-2029, Ursula von der Leyen)

The following is the draft of a position paper that we intend to submit to the European Commission as part of the public consultation process. We welcome your feedback and suggestions to help us refine this document before the submission deadline on 7th March 2025. (Use the communications channels listed here.)

Position Paper: Reforming Public Procurement to Achieve Digital Sovereignty – A EuroStack Perspective

To: The European Commission
From: The EuroStack Initiative
Date: TBD
Subject: Response to the Call for Evidence on Public Procurement Directives – Evaluation
Status: Draft for Public Consultation

The EuroStack Initiative welcomes the European Commission's call for evidence on the evaluation of public procurement directives. We believe that public procurement is a powerful, yet currently underutilized, strategic instrument for achieving digital sovereignty, fostering a thriving European digital ecosystem, and promoting the adoption of open source software (OSS). This position paper outlines the EuroStack Initiative's perspective on how to reform public procurement practices to align with the goals of digital sovereignty and build a resilient, innovative, and value-driven digital future for Europe. It specifically addresses the urgent need to revise current procurement guidelines that inadvertently favor proprietary software and limit the opportunities offered by open source solutions. We also highlight the importance of initiatives like FOSSEPS (Free and Open Source Solutions for European Public Services) in achieving these goals, and we draw upon the principles articulated in the Strasbourg Declaration on the Common Values and Challenges of European Public Administrations to further strengthen our arguments.

The Strategic Importance of Open Source in Public Procurement

The EuroStack Initiative firmly believes that open source software is not merely a technical alternative but a strategic imperative for achieving digital sovereignty. OSS offers unparalleled transparency, security, flexibility, and cost-effectiveness. It empowers users to avoid vendor lock-in, customize solutions to their specific needs, and contribute to a collaborative innovation ecosystem. Moreover, OSS aligns with core European values of democracy, transparency, and inclusivity, as explicitly recognized in the Strasbourg Declaration.

The current evaluation of the public procurement directives presents a critical opportunity to embed open source principles into the heart of European procurement practices and address the current guidelines that are biased against open source. By adopting an "open source first" approach, the EU can leverage its immense purchasing power to:

  • Reduce dependence on non-European tech giants: Shifting public procurement towards OSS solutions will lessen reliance on proprietary software from a handful of dominant players, enhancing Europe's technological autonomy and resilience against extraterritorial laws like the US CLOUD Act.
  • Foster a competitive European digital ecosystem: Prioritizing OSS creates a level playing field for European businesses, particularly SMEs, enabling them to compete with larger, established vendors and driving innovation across the continent.
  • Enhance cybersecurity: The transparent nature of open source code allows for independent security audits, reducing the risk of hidden vulnerabilities and backdoors. The "many eyes" principle of OSS development contributes to faster identification and resolution of security flaws.
  • Improve public services: OSS solutions offer greater flexibility and customization options, allowing public administrations to tailor software to their specific needs and improve the quality, efficiency, and transparency of public services, as highlighted by the Strasbourg Declaration's emphasis on user-centricity and continuous improvement.
  • Ensure long-term cost-effectiveness: While requiring initial investment in implementation and training, OSS can lead to significant cost savings over the long term by eliminating licensing fees, reducing dependence on expensive proprietary support contracts, and allowing for greater control over software lifecycles.

These principles and a methodic action plan have been developed in our Proposal for the European Commission 2024-2027 Open Source Strategy.

Addressing the Shortcomings of Current Procurement Guidelines

Current procurement guidelines present a significant obstacle to the widespread adoption of open source solutions. The ability to purchase software licenses directly or through resellers and brokers inherently favors products from a single software vendor, often large, non-European entities. This practice undermines the fundamental principles of procurement law, which are designed to ensure equal opportunities for all suppliers.

This bias towards single-vendor solutions has several detrimental effects:

  • Restricts Competition: It limits the ability of smaller, innovative companies, particularly those offering open source solutions, to compete for public contracts.
  • Reduces Diversity: It narrows the range of available options for public administrations, potentially leading to suboptimal choices that do not fully meet their needs.
  • Increases Costs: By limiting competition, it can lead to higher prices and less favorable terms for public bodies.
  • Undermines Innovation: It stifles innovation by favoring established players and hindering the development of new and potentially superior solutions.
  • Creates Vendor Lock-in: It leads to dependence on specific vendors, making it difficult and costly to switch to alternative solutions in the future.

Recommendations for Reforming Public Procurement Directives

The EuroStack Initiative proposes the following concrete recommendations for reforming public procurement directives to achieve digital sovereignty through open source and address the limitations of current guidelines. These recommendations are further strengthened by the principles and objectives outlined in the Strasbourg Declaration:

Mandate "Open Source First" in Public Procurement

  • Directive Amendment: Amend the public procurement directives (2014/24/EU and 2014/25/EU) to explicitly include an "open source first" principle, making OSS the default choice for public sector IT projects. Proprietary software should only be procured when a suitable OSS alternative is demonstrably unavailable, with a clear and transparent justification provided. This aligns with the Strasbourg Declaration's emphasis on leveraging digital tools to improve public services (page 5) and promoting open source software within public administrations (page 9).
  • Implementation Guidelines: Develop clear and comprehensive guidelines for implementing the "open source first" principle, providing practical guidance to procurement officials on how to identify, evaluate, and procure OSS solutions. These guidelines should address issues such as:
    • Defining "open source" in accordance with established definitions (e.g., the Open Source Initiative's definition).
    • Developing criteria for assessing the suitability of OSS alternatives, including functionality, security, community support, maturity, and total cost of ownership (TCO).
    • Addressing common misconceptions about OSS, such as perceived risks related to security, support, or reliability.
    • Providing templates and checklists for evaluating OSS solutions.
  • Exceptions and Justifications: Establish a transparent process for granting exceptions to the "open source first" rule, requiring a detailed justification based on specific technical or operational needs. These justifications should be publicly documented to ensure accountability.

Explicitly Allow for Open Source Procurement and Sharing

  • Clarify Free Download of OSS: Amend the directives to explicitly state that it is permissible to download and use open source software free of charge, without a formal procurement process for the software itself.
  • Tender Services Separately: Procurement processes should focus on tendering the services required for implementing, customizing, supporting, and maintaining open source solutions, rather than the software itself. This will open up opportunities for a wider range of service providers, including SMEs.
  • Enable Software Sharing Between Public Bodies: Allow government organizations that have already adopted and potentially customized open source software to share that software, along with associated configurations and documentation, with other public sector organizations without the need for a new procurement process. This will foster collaboration, reduce duplication of effort, and maximize the return on public investment. This could be facilitated by utilizing existing initiatives such as JoinUp or the future platform developed as part of FOSSEPS. This aligns with the Strasbourg Declaration's call for greater pooling and sharing of digital investments between European administrations (page 8).
  • Promote "Public Money, Public Code": As much as possible, software that has been procured and/or modified by public money should be made available as open source.

Develop Clear Criteria for Evaluating Open Source Solutions

  • Beyond Cost: Evaluation criteria should go beyond simply comparing upfront costs and consider the total cost of ownership (TCO) over the entire lifecycle of the solution. This includes factors such as eliminating licensing fees, reducing maintenance, support, training, customization, and exit costs thanks to the open nature of open source.
  • Security: Emphasize security as a key evaluation criterion, including the availability of security audits, the responsiveness of the community to security vulnerabilities, and the project's overall security track record. Compliance with relevant security standards (e.g., ISO 27001) should be considered, but care must be taken to ensure that certification schemes do not create barriers to entry for smaller providers or OSS projects. Alternatives to EUCS must be considered for SMEs.
  • Interoperability and Open Standards: Mandate adherence to open standards, as defined by the European Interoperability Framework (EIF), and prioritize solutions that demonstrate a strong commitment to interoperability. This is directly supported by the Strasbourg Declaration's emphasis on interoperability and the implementation of the once-only principle (page 8).
  • Community Support: Evaluate the strength and vibrancy of the OSS community supporting a particular solution, including factors such as the size and activity level of the community, the responsiveness of developers, the availability of documentation and support resources, and the project's governance model.
  • Vendor Independence: Assess the degree of vendor independence offered by an OSS solution, including the risk of vendor lock-in, the ease of switching to alternative solutions or providers, and the availability of multiple support options.
  • Maturity and Stability: Evaluate the maturity and stability of an OSS project, considering factors such as the project's age, release history, user base, and the presence of a clear roadmap for future development.
  • Scalability and Performance: Assess the scalability and performance of OSS solutions, particularly for mission-critical applications, through performance testing and benchmarking.
  • Accessibility and Inclusivity: Prioritize OSS solutions that are accessible to users with disabilities and have diverse and inclusive development teams, aligning with the Strasbourg Declaration's emphasis on inclusivity (pages 4, 7, and 8).
  • Localization and Language Support: Consider the availability of localization and language support for diverse European contexts.

Provide Training and Support for Procurement Officials

  • Comprehensive Training Programs: Develop and deliver comprehensive training programs for public procurement officials on how to effectively evaluate and procure OSS solutions. These programs should cover topics such as open source principles and licensing, OSS business models, evaluating OSS communities, security considerations, TCO analysis, open standards, and legal and compliance issues.
  • Practical Tools and Resources: Provide procurement officials with practical tools and resources, such as checklists, templates, decision-support tools, and case studies of successful OSS procurement projects.
  • Ongoing Professional Development: Establish mechanisms for ongoing professional development, such as online learning platforms, webinars, and conferences, to keep procurement officials updated on the evolving OSS landscape.
  • Establishment of OSPOs: Encourage the establishment of Open Source Program Offices (OSPOs) within public administrations to provide expertise, support, and guidance on OSS procurement and adoption. The Commission's own OSPO, FOSSEPS, and initiatives like the "EU leadership exchange program" mentioned in the Strasbourg Declaration (page 5) can play a leading role in developing and disseminating best practices for OSPOs across Europe.

Promote "Buy European" and Support SMEs

  • "Buy European Tech Act": Implement a "Buy European Tech Act," similar to the US Buy American Act, mandating preferential treatment for European digital solutions, particularly those based on open source, in public procurement. This could include price preferences, set-asides for European SMEs, and domestic content requirements.
  • "Buy Open Source Act": Implement a specific "Buy Open Source Act", either as a standalone legislation or integrated into the "Buy European Tech Act", to specifically favor Open Source solutions, beyond the "Open Source First" principle.
  • SME-Friendly Procurement Procedures: Reform procurement processes to make it easier for SMEs to participate, including:
    • Modular Procurement: Breaking down large IT projects into smaller, modular components, as suggested by the modularity principle of the EuroStack (point 68 of the manifesto).
    • Simplified Bidding Procedures: Reducing the administrative burden on SMEs.
    • Pre-Commercial Procurement: Utilizing pre-commercial procurement to fund the development of innovative OSS solutions.
    • Dynamic Purchasing Systems: Implementing dynamic purchasing systems to allow new suppliers, including SMEs, to join at any time.
  • Defining "European": Establish clear and transparent criteria for defining a "European" provider, considering factors such as headquarters location, ownership structure, development activities, data processing and storage, and contribution to the European OSS ecosystem.
  • Targets for European Procurement: Set specific, measurable, achievable, relevant, and time-bound (SMART) targets for procuring digital solutions from European providers, particularly SMEs specializing in open source.

Address Legal and Regulatory Frameworks

  • WTO Rules: Explore the possibility of invoking the "cultural exception" within WTO rules to justify preferential treatment for European digital solutions, arguing that this is necessary to protect European cultural and linguistic diversity in the digital sphere.
  • National Security Exemptions: Argue that digital sovereignty, particularly in areas like cloud computing and critical infrastructure, is a matter of national security, justifying a preference for European providers and OSS solutions under WTO national security exemptions.
  • EU Procurement Directives: Amend the EU procurement directives to explicitly include digital sovereignty, support for the European digital ecosystem, and the promotion of open source as legitimate criteria for awarding contracts.
  • State Aid Rules: Explore using exceptions within EU state aid rules to justify support for the European OSS ecosystem, arguing that it is necessary to address market failures and promote strategic autonomy.
  • Promoting OSS within Existing Frameworks: Develop guidelines and best practices for procuring OSS solutions in compliance with EU procurement rules, clarify the application of existing regulations to OSS, promote the use of open standards, and encourage the publication of publicly funded software under open source licenses ("Public Money, Public Code"). This aligns with the Strasbourg Declaration's call for leveraging open source solutions to strengthen collaboration (page 9).

Foster Transparency and Accountability

  • Publicly Document Procurement Decisions: Mandate that all procurement decisions related to digital solutions, including justifications for choosing proprietary software over OSS alternatives, be publicly documented and easily accessible.
  • Establish a Centralized Knowledge Base: Create a centralized repository of best practices, case studies, evaluation criteria, and other resources related to OSS procurement, building upon existing platforms like the Open Source Observatory and Repository (OSOR) and leveraging the expertise and resources developed through FOSSEPS.
  • Monitor and Report on Progress: Establish mechanisms for monitoring progress towards digital sovereignty goals in public procurement, including collecting data on the origin and type of digital solutions procured, analyzing the impact of procurement policies on the European digital market, and regularly reporting on the results to the European Parliament and the public.

The Role of FOSSEPS, the Strasbourg Declaration, and the EuroStack Initiative

The Free and Open Source Solutions for European Public Services (FOSSEPS) initiative, building on the legacy of OSOR, ISA2, and EU-FOSSA, was established to foster a collaborative European approach to open source adoption in the public sector. FOSSEPS's mission to catalyze cooperation and establish shared resources aligns perfectly with the EuroStack Initiative's goals.

The Strasbourg Declaration on the Common Values and Challenges of European Public Administrations provides further impetus and a valuable framework for our recommendations. The Declaration's emphasis on open source (page 9), interoperability (page 8), digital skills development (page 5), and the importance of a user-centric approach (page 6) strongly supports the EuroStack Initiative's vision.

The EuroStack Initiative sees FOSSEPS and the Strasbourg Declaration as vital components in achieving a unified European approach to digital sovereignty through open source. We believe that:

  • FOSSEPS can provide the necessary expertise, support, and community-building platform for public administrations adopting open source.
  • The Strasbourg Declaration provides the political momentum and shared principles to guide the implementation of our recommendations.
  • The EuroStack Initiative offers a comprehensive framework and concrete projects, such as the EuroStack Directory Project (ESDP), to translate these principles into action.

The EuroStack Initiative is committed to working closely with FOSSEPS, OSOR (the Commission's OSPO), the signatories of the Strasbourg Declaration, and other stakeholders accross Europe to implement these recommendations and build a truly sovereign European digital future. Our key projects and initiatives, such as the EuroStack Directory Project (ESDP), are designed to:

  • Identify and promote European OSS solutions: The ESDP is comprehensive, curated, and categorized directory of European-made and/or European-supported digital technologies, vetted for compliance with EuroStack principles, including open source, interoperability, security, and sustainability. This directory complements and build upon the work of FOSSEPS and contributes to achieving the goals of the Strasbourg Declaration.
  • Advocate for "open source first" and "Public Money, Public Code" policies: We actively engage with policymakers and public administrations to promote the adoption of these policies across Europe, in line with the Strasbourg Declaration's objectives.
  • Develop cross-border educational programs: We collaborate with universities, training centers, and industry partners to develop and deliver educational programs that foster open source skills and build a digitally-ready workforce, as called for in the Strasbourg Declaration (page 5).
  • Advocate for sustainable funding for open source projects: We work to raise awareness among policymakers and investors about the importance of long-term, sustainable funding for critical OSS projects, as emphasized in the Strasbourg Declaration (page 9).
  • Streamline regulatory and operational hurdles for European digital businesses: We will actively participate in policy discussions and consultations to identify and address regulatory barriers that hinder the growth of European SMEs and the adoption of open source solutions.

Conclusion

The evaluation of the public procurement directives is an opportunity for the European Union to take decisive action towards achieving digital sovereignty. By embracing an "open source first" approach, reforming procurement practices to promote OSS and support European SMEs, and fostering a vibrant European open source ecosystem, the EU can create a more resilient, innovative, and competitive digital future that aligns with its core values. This includes addressing the current flaws in procurement guidelines that inadvertently favor proprietary, single-vendor solutions and leveraging the valuable resources and expertise being developed through initiatives like FOSSEPS. The principles and objectives outlined in the Strasbourg Declaration provide further support and a political framework for these reforms.

We believe that by working together, we can build a EuroStack, a European digital infrastructure that empowers European public administrations, businesses and citizens, safeguards our digital future, and positions Europe as a global leader in ethical and responsible technology development. We urge the Commission to seize this opportunity and take bold steps towards a truly sovereign European digital future, starting with the needed reforms of public procurement practices.

References

  • https://apell.info/2024/11/01/apell-conference-report-2024-shaping-the-future-of-open-source-in-europe/ (2024)
  • https://fortune.com/europe/2024/05/28/buy-european-double-eu-budget-french-president-emmanuel-macron-germany-visit/ (2024)
  • https://www.euractiv.com/section/economy-jobs/news/buy-european-act-an-effective-response-to-the-us-inflation-reduction-act/ (2023)
  • https://www.bfmtv.com/economie/entreprises/industries/emmanuel-macron-appelle-a-un-reveil-europeen-face-a-l-inflation-reduction-act-americain_AV-202211080727.html (2022)
  • https://www.usinenouvelle.com/blogs/sarah-guillou/un-buy-european-act-en-reponse-aux-plans-americains-rien-de-magique.N2073586 (2022)
  • https://www.lenouveleconomiste.fr/le-buy-european-act-devra-attendre-96429/ (2022)
  • https://www.latribune.fr/economie/union-europeenne/buy-european-l-impossible-reponse-europeenne-face-au-protectionnisme-americain-942502.html (2022)
  • https://acteurspublics.fr/articles/la-construction-de-notre-independance-numerique-est-une-question-de-volonte-politique (2022)
  • https://www.solutions-numeriques.com/tribune-des-quotas-technologiques-pour-la-souverainete-numerique-par-jean-paul-smets-ceo-de-rapid-space/ (2021 - NB: this is not Jean-Paul Smets on the picture)
  • https://www.robert-schuman.eu/en/european-issues/457-international-trade-the-conditions-of-an-ambition (2018)
  • https://commande-publique.collectivites.legibase.fr/actualites/prospective/buy-european-act-demmanuel-macron-la-pilule-ne-passe-pas-aupres-de-la (2017)