Position paper on EU procurement for Open Source digital sovereignty

The European Commission has launched an evaluation of its Public procurement directives with, among its stated goals:

• enable preference to be given to European products in public procurement for certain strategic sectors;
• help ensure EU added value and security of supply for vital technologies, products and services;
• modernise and simplify public procurement rules, in particular with EU start-ups and innovators in mind.

(Source: Political Guidelines 2024-2029, Ursula von der Leyen)

The following is the position paper that we have submitted to the European Commission as part of the public consultation process.

---

Position Paper: Reforming Public Procurement to Achieve Digital Sovereignty – A EuroStack Perspective

To: The European Commission
From: The EuroStack Project (www.euro-stack.com)
Date: 7 March 2025
Subject: Response to the Call for Evidence on Public Procurement Directives – Evaluation
Status: Final

The EuroStack Project welcomes the European Commission's call for evidence on the evaluation of public procurement directives. We believe that public procurement is a powerful, yet currently underutilized, strategic instrument for achieving digital sovereignty, fostering a thriving European digital ecosystem, and promoting the adoption of Open Source software (OSS). This position paper outlines the EuroStack Project's perspective on how to reform public procurement practices to align with the goals of digital sovereignty and build a resilient, innovative, and value-driven digital future for Europe. It specifically addresses the urgent need to revise current procurement guidelines that inadvertently favor proprietary software and limit the opportunities offered by Open Source solutions. We also highlight the importance of initiatives like FOSSEPS (Free and Open Source Solutions for European Public Services) in achieving these goals, and we draw upon the principles articulated in the Strasbourg Declaration on the Common Values and Challenges of European Public Administrations to further strengthen our arguments.

Our key propositions, detailed below, include:

1. Mandate "Open Source First" in Public Procurement Directives: Amend Directives 2014/24/EU and 2014/25/EU to establish a clear "Open Source first" principle. This means Open Source software should be the default choice for public sector IT projects. Procurement of proprietary software should require a demonstrably justified exception, with the justification publicly documented. This is the foundational change that sets the stage for all other reforms. It directly addresses the current bias.

2. Separate Software from Services in Procurement: Explicitly allow the free download and use of Open Source software without a procurement process for the software itself. Procurement processes should focus exclusively on tendering services (implementation, customization, support, maintenance) related to the Open Source solution. This immediately opens the market to a wider range of service providers, particularly SMEs, and prevents "bundling" that locks out competition.

3. Develop and Enforce Clear Evaluation Criteria: Establish comprehensive, EU-wide guidelines and criteria for evaluating Open Source solutions that go beyond cost. These criteria must include: Total Cost of Ownership (TCO) over the entire lifecycle, security (audits, community responsiveness), adherence to open standards (as defined by the EIF) and interoperability, community support and vibrancy, vendor independence, and maturity/stability. This ensures fair and informed comparisons between OSS and proprietary options, preventing subjective biases.

4. Invest in Procurement Official Training and OSPOs: Mandate comprehensive training programs for public procurement officials across the EU on evaluating and procuring Open Source solutions. Encourage and provide resources for the establishment of Open Source Program Offices (OSPOs) within public administrations to offer expertise and guidance. This addresses the knowledge gap and builds internal capacity for effective Open Source adoption. It's a critical enabling reform.

5. Promote "Buy European" and SME Participation, with Clear Definitions: Implement policies that favor European digital solutions, particularly those based on Open Source, in public procurement, combined with measures to actively facilitate SME participation. Crucially, provide a clear and operational definition of "European" provider, considering factors like headquarters location, ownership, development activities, data processing location, and contribution to the European OSS ecosystem. This addresses digital sovereignty directly, while fostering a competitive European market. This needs to be done in a way that is compliant with international trade rules, focusing on objective criteria and avoiding outright protectionism.

---

The Strategic Importance of Open Source in Public Procurement

The EuroStack Project firmly believes that Open Source software is not merely a technical alternative but a strategic imperative for achieving digital sovereignty. OSS offers unparalleled transparency, security, flexibility, and cost-effectiveness. It empowers users to avoid vendor lock-in, customize solutions to their specific needs, and contribute to a collaborative innovation ecosystem. Moreover, OSS aligns with core European values of democracy, transparency, and inclusivity, as explicitly recognized in the Strasbourg Declaration.

The current evaluation of the public procurement directives presents a critical opportunity to embed Open Source principles into the heart of European procurement practices and address the current guidelines that are biased against Open Source. By adopting an "Open Source first" approach, the EU can leverage its immense purchasing power to:

• Reduce dependence on non-European tech giants: Shifting public procurement towards OSS solutions will lessen reliance on proprietary software from a handful of dominant players, enhancing Europe's technological autonomy and resilience against extraterritorial laws like the US CLOUD Act.
• Foster a competitive European digital ecosystem: Prioritizing OSS creates a level playing field for European businesses, particularly SMEs, enabling them to compete with larger, established vendors and driving innovation across the continent.
• Enhance cybersecurity: The transparent nature of Open Source code allows for independent security audits, reducing the risk of hidden vulnerabilities and backdoors. The "many eyes" principle of OSS development contributes to faster identification and resolution of security flaws.
• Improve public services: OSS solutions offer greater flexibility and customization options, allowing public administrations to tailor software to their specific needs and improve the quality, efficiency, and transparency of public services, as highlighted by the Strasbourg Declaration's emphasis on user-centricity and continuous improvement.
• Ensure long-term cost-effectiveness: While requiring initial investment in implementation and training, OSS can lead to significant cost savings over the long term by eliminating licensing fees, reducing dependence on expensive proprietary support contracts, and allowing for greater control over software lifecycles.

These principles and a methodic action plan have been developed in our Proposal for the European Commission 2024-2027 Open Source Strategy.

Addressing the Shortcomings of Current Procurement Guidelines

Current procurement guidelines present a significant obstacle to the widespread adoption of Open Source solutions. The ability to purchase software licenses directly or through resellers and brokers inherently favors products from a single software vendor, often large, non-European entities. This practice undermines the fundamental principles of procurement law, which are designed to ensure equal opportunities for all suppliers.

This bias towards single-vendor solutions has several detrimental effects:

• Restricts Competition: It limits the ability of smaller, innovative companies, particularly those offering Open Source solutions, to compete for public contracts.
• Reduces Diversity: It narrows the range of available options for public administrations, potentially leading to suboptimal choices that do not fully meet their needs.
• Increases Costs: By limiting competition, it can lead to higher prices and less favorable terms for public bodies.
• Undermines Innovation: It stifles innovation by favoring established players and hindering the development of new and potentially superior solutions.
• Creates Vendor Lock-in: It leads to dependence on specific vendors, making it difficult and costly to switch to alternative solutions in the future.

Recommendations for Reforming Public Procurement Directives

The EuroStack Project proposes the following concrete recommendations for reforming public procurement directives to achieve digital sovereignty through Open Source and address the limitations of current guidelines. These recommendations are further strengthened by the principles and objectives outlined in the Strasbourg Declaration:

Mandate "Open Source First" in Public Procurement

• Directive Amendment: Amend the public procurement directives (2014/24/EU and 2014/25/EU) to explicitly include an "Open Source first" principle, making OSS the default choice for public sector IT projects. Proprietary software should only be procured when a suitable OSS alternative is demonstrably unavailable, with a clear and transparent justification provided. This aligns with the Strasbourg Declaration's emphasis on leveraging digital tools to improve public services (page 5) and promoting Open Source software within public administrations (page 9).
• Implementation Guidelines: Develop clear and comprehensive guidelines for implementing the "Open Source first" principle, providing practical guidance to procurement officials on how to identify, evaluate, and procure OSS solutions. These guidelines should address issues such as:
  • Defining "Open Source" in accordance with established definitions (e.g., the Open Source Initiative's definition).
  • Developing criteria for assessing the suitability of OSS alternatives, including functionality, security, community support, maturity, and total cost of ownership (TCO).
  • Addressing common misconceptions about OSS, such as perceived risks related to security, support, or reliability.
  • Providing templates and checklists for evaluating OSS solutions.
• Exceptions and Justifications: Establish a transparent process for granting exceptions to the "Open Source first" rule, requiring a detailed justification based on specific technical or operational needs. These justifications should be publicly documented to ensure accountability.

Explicitly Allow for Open Source Procurement and Sharing

• Clarify Free Download of OSS: Amend the directives to explicitly state that it is permissible to download and use Open Source software free of charge, without a formal procurement process for the software itself.
• Tender Services Separately: Procurement processes should focus on tendering the services required for implementing, customizing, supporting, and maintaining Open Source solutions, rather than the software itself. This will open up opportunities for a wider range of service providers, including SMEs.
• Enable Software Sharing Between Public Bodies: Allow government organizations that have already adopted and potentially customized Open Source software to share that software, along with associated configurations and documentation, with other public sector organizations without the need for a new procurement process. This will foster collaboration, reduce duplication of effort, and maximize the return on public investment. This could be facilitated by utilizing existing initiatives such as JoinUp or the future platform developed as part of FOSSEPS. This aligns with the Strasbourg Declaration's call for greater pooling and sharing of digital investments between European administrations (page 8).
• Promote "Public Money, Public Code": As much as possible, software that has been procured and/or modified by public money should be made available as Open Source.

Develop Clear Criteria for Evaluating Open Source Solutions

• Beyond Cost: Evaluation criteria should go beyond simply comparing upfront costs and consider the total cost of ownership (TCO) over the entire lifecycle of the solution. This includes factors such as eliminating licensing fees, reducing maintenance, support, training, customization, and exit costs thanks to the open nature of Open Source.
• Security: Emphasize security as a key evaluation criterion, including the availability of security audits, the responsiveness of the community to security vulnerabilities, and the project's overall security track record. Compliance with relevant security standards (e.g., ISO 27001) should be considered, but care must be taken to ensure that certification schemes do not create barriers to entry for smaller providers or OSS projects. Alternatives to EUCS must be considered for SMEs.
• Interoperability and Open Standards: Mandate adherence to open standards, as defined by the European Interoperability Framework (EIF), and prioritize solutions that demonstrate a strong commitment to interoperability. This is directly supported by the Strasbourg Declaration's emphasis on interoperability and the implementation of the once-only principle (page 8).
• Community Support: Evaluate the strength and vibrancy of the OSS community supporting a particular solution, including factors such as the size and activity level of the community, the responsiveness of developers, the availability of documentation and support resources, and the project's governance model.
• Vendor Independence: Assess the degree of vendor independence offered by an OSS solution, including the risk of vendor lock-in, the ease of switching to alternative solutions or providers, and the availability of multiple support options.
• Maturity and Stability: Evaluate the maturity and stability of an OSS project, considering factors such as the project's age, release history, user base, and the presence of a clear roadmap for future development.
• Scalability and Performance: Assess the scalability and performance of OSS solutions, particularly for mission-critical applications, through performance testing and benchmarking.
• Accessibility and Inclusivity: Prioritize OSS solutions that are accessible to users with disabilities and have diverse and inclusive development teams, aligning with the Strasbourg Declaration's emphasis on inclusivity (pages 4, 7, and 8).
• Localization and Language Support: Consider the availability of localization and language support for diverse European contexts.

Provide Training and Support for Procurement Officials

• Comprehensive Training Programs: Develop and deliver comprehensive training programs for public procurement officials on how to effectively evaluate and procure OSS solutions. These programs should cover topics such as Open Source principles and licensing, OSS business models, evaluating OSS communities, security considerations, TCO analysis, open standards, and legal and compliance issues.
• Practical Tools and Resources: Provide procurement officials with practical tools and resources, such as checklists, templates, decision-support tools, and case studies of successful OSS procurement projects.
• Ongoing Professional Development: Establish mechanisms for ongoing professional development, such as online learning platforms, webinars, and conferences, to keep procurement officials updated on the evolving OSS landscape.
• Establishment of OSPOs: Encourage the establishment of Open Source Program Offices (OSPOs) within public administrations to provide expertise, support, and guidance on OSS procurement and adoption. The Commission's own OSPO, FOSSEPS, and initiatives like the "EU leadership exchange program" mentioned in the Strasbourg Declaration (page 5) can play a leading role in developing and disseminating best practices for OSPOs across Europe.

Promote "Buy European" and Support SMEs

• "Buy European Tech Act": Implement a "Buy European Tech Act," similar to the US Buy American Act, mandating preferential treatment for European digital solutions, particularly those based on Open Source, in public procurement. This could include price preferences, set-asides for European SMEs, and domestic content requirements.
• "Buy Open Source Act": Implement a specific "Buy Open Source Act", either as a standalone legislation or integrated into the "Buy European Tech Act", to specifically favor Open Source solutions, beyond the "Open Source First" principle.
• SME-Friendly Procurement Procedures: Reform procurement processes to make it easier for SMEs to participate, including:
  • Modular Procurement: Breaking down large IT projects into smaller, modular components, as suggested by the modularity principle of the EuroStack (point 68 of the manifesto).
  • Simplified Bidding Procedures: Reducing the administrative burden on SMEs.
  • Pre-Commercial Procurement: Utilizing pre-commercial procurement to fund the development of innovative OSS solutions.
  • Dynamic Purchasing Systems: Implementing dynamic purchasing systems to allow new suppliers, including SMEs, to join at any time.
• Defining "European": Establish clear and transparent criteria for defining a "European" provider, considering factors such as headquarters location, ownership structure, development activities, data processing and storage, and contribution to the European OSS ecosystem.
• Targets for European Procurement: Set specific, measurable, achievable, relevant, and time-bound (SMART) targets for procuring digital solutions from European providers, particularly SMEs specializing in Open Source.

Address Legal and Regulatory Frameworks

• WTO Rules: Explore the possibility of invoking the "cultural exception" within WTO rules to justify preferential treatment for European digital solutions, arguing that this is necessary to protect European cultural and linguistic diversity in the digital sphere.
• National Security Exemptions: Argue that digital sovereignty, particularly in areas like cloud computing and critical infrastructure, is a matter of national security, justifying a preference for European providers and OSS solutions under WTO national security exemptions.
• EU Procurement Directives: Amend the EU procurement directives to explicitly include digital sovereignty, support for the European digital ecosystem, and the promotion of Open Source as legitimate criteria for awarding contracts.
• State Aid Rules: Explore using exceptions within EU state aid rules to justify support for the European OSS ecosystem, arguing that it is necessary to address market failures and promote strategic autonomy.
• Promoting OSS within Existing Frameworks: Develop guidelines and best practices for procuring OSS solutions in compliance with EU procurement rules, clarify the application of existing regulations to OSS, promote the use of open standards, and encourage the publication of publicly funded software under Open Source licenses ("Public Money, Public Code"). This aligns with the Strasbourg Declaration's call for leveraging Open Source solutions to strengthen collaboration (page 9).

Foster Transparency and Accountability

• Publicly Document Procurement Decisions: Mandate that all procurement decisions related to digital solutions, including justifications for choosing proprietary software over OSS alternatives, be publicly documented and easily accessible.
• Establish a Centralized Knowledge Base: Create a centralized repository of best practices, case studies, evaluation criteria, and other resources related to OSS procurement, building upon existing platforms like the Open Source Observatory and Repository (OSOR) and leveraging the expertise and resources developed through FOSSEPS.
• Monitor and Report on Progress: Establish mechanisms for monitoring progress towards digital sovereignty goals in public procurement, including collecting data on the origin and type of digital solutions procured, analyzing the impact of procurement policies on the European digital market, and regularly reporting on the results to the European Parliament and the public.

The Role of FOSSEPS, the Strasbourg Declaration, and the EuroStack Project

The Free and Open Source Solutions for European Public Services (FOSSEPS) initiative, building on the legacy of OSOR, ISA2, and EU-FOSSA, was established to foster a collaborative European approach to Open Source adoption in the public sector. FOSSEPS's mission to catalyze cooperation and establish shared resources aligns perfectly with the EuroStack Project's goals.

The Strasbourg Declaration on the Common Values and Challenges of European Public Administrations provides further impetus and a valuable framework for our recommendations. The Declaration's emphasis on Open Source (page 9), interoperability (page 8), digital skills development (page 5), and the importance of a user-centric approach (page 6) strongly supports the EuroStack Project's vision.

The EuroStack Project sees FOSSEPS and the Strasbourg Declaration as vital components in achieving a unified European approach to digital sovereignty through Open Source. We believe that:

• FOSSEPS can provide the necessary expertise, support, and community-building platform for public administrations adopting Open Source.
• The Strasbourg Declaration provides the political momentum and shared principles to guide the implementation of our recommendations.
• The EuroStack Project offers a comprehensive framework and concrete projects, such as the EuroStack Directory Project (ESDP), to translate these principles into action.

The EuroStack Project is committed to working closely with FOSSEPS, OSOR (the Commission's OSPO), the signatories of the Strasbourg Declaration, and other stakeholders accross Europe to implement these recommendations and build a truly sovereign European digital future. Our key projects and initiatives, such as the EuroStack Directory Project (ESDP), are designed to:

• Identify and promote European OSS solutions: The ESDP is comprehensive, curated, and categorized directory of European-made and/or European-supported digital technologies, vetted for compliance with EuroStack principles, including Open Source, interoperability, security, and sustainability. This directory complements and build upon the work of FOSSEPS and contributes to achieving the goals of the Strasbourg Declaration.
• Advocate for "Open Source first" and "Public Money, Public Code" policies: We actively engage with policymakers and public administrations to promote the adoption of these policies across Europe, in line with the Strasbourg Declaration's objectives.
• Develop cross-border educational programs: We collaborate with universities, training centers, and industry partners to develop and deliver educational programs that foster Open Source skills and build a digitally-ready workforce, as called for in the Strasbourg Declaration (page 5).
• Advocate for sustainable funding for Open Source projects: We work to raise awareness among policymakers and investors about the importance of long-term, sustainable funding for critical OSS projects, as emphasized in the Strasbourg Declaration (page 9).
• Streamline regulatory and operational hurdles for European digital businesses: We will actively participate in policy discussions and consultations to identify and address regulatory barriers that hinder the growth of European SMEs and the adoption of Open Source solutions.

Conclusion

The evaluation of the public procurement directives is an opportunity for the European Union to take decisive action towards achieving digital sovereignty. By embracing an "Open Source first" approach, reforming procurement practices to promote OSS and support European SMEs, and fostering a vibrant European Open Source ecosystem, the EU can create a more resilient, innovative, and competitive digital future that aligns with its core values. This includes addressing the current flaws in procurement guidelines that inadvertently favor proprietary, single-vendor solutions and leveraging the valuable resources and expertise being developed through initiatives like FOSSEPS. The principles and objectives outlined in the Strasbourg Declaration provide further support and a political framework for these reforms.

We believe that by working together, we can build a EuroStack, a European digital infrastructure that empowers European public administrations, businesses and citizens, safeguards our digital future, and positions Europe as a global leader in ethical and responsible technology development. We urge the Commission to seize this opportunity and take bold steps towards a truly sovereign European digital future, starting with the needed reforms of public procurement practices.

References

• Robin Berjon, Cristina Caffarra, Francesco Bonfiglio, Vittorio Bertola, Sebastiano Toffaletti, Kai Zenner... (2025). EuroStack - A Pitch Paper. Retrieved from https://euro-stack.eu/a-pitch-paper/
• Francesca Bria, Bertelsmann Stiftung. (2025). EuroStack – A European Alternative for Digital Sovereignty. Retrieved from https://euro-stack.eu/francesca-bria-paper/
• EuroStack Project. (2025). EuroStack Response to the Single Market Strategy Consultation. Retrieved from https://euro-stack.com/blog/2025/1/eurostack-response-single-market-strategy
• EuroStack Project. (2025). EuroStack and the Paradigm Shift to Digital Self-Determination. Retrieved from https://euro-stack.com/blog/2025/1/eurostack-paradigm-shift
• EuroStack Project. (2024). Some Thoughts on Interoperability. Retrieved from https://euro-stack.com/blog/2024/12/interoperability-thoughts
• Apell. (2024). Apell Conference Report 2024: Shaping the Future of Open Source in Europe. Retrieved from https://apell.info/2024/11/01/apell-conference-report-2024-shaping-the-future-of-open-source-in-europe/
• Fortune Europe. (2024). 'Buy European,' double EU budget: French President Emmanuel Macron on Germany visit. Retrieved from https://fortune.com/europe/2024/05/28/buy-european-double-eu-budget-french-president-emmanuel-macron-germany-visit/
• Euractiv. (2023). 'Buy European Act': An effective response to the US Inflation Reduction Act?. Retrieved from https://www.euractiv.com/section/economy-jobs/news/buy-european-act-an-effective-response-to-the-us-inflation-reduction-act/
• BFMTV. (2022). Emmanuel Macron appelle à un réveil européen face à l'Inflation Reduction Act américain [Emmanuel Macron calls for a European awakening in the face of the American Inflation Reduction Act]. Retrieved from https://www.bfmtv.com/economie/entreprises/industries/emmanuel-macron-appelle-a-un-reveil-europeen-face-a-l-inflation-reduction-act-americain_AV-202211080727.html
• Guillou, S. (2022). Un 'Buy European Act' en réponse aux plans américains : rien de magique [A 'Buy European Act' in response to American plans: nothing magical]. L'Usine Nouvelle. Retrieved from https://www.usinenouvelle.com/blogs/sarah-guillou/un-buy-european-act-en-reponse-aux-plans-americains-rien-de-magique.N2073586
• Le Nouvel Economiste. (2022). Le 'Buy European Act' devra attendre [The 'Buy European Act' will have to wait]. Retrieved from https://www.lenouveleconomiste.fr/le-buy-european-act-devra-attendre-96429/
• La Tribune. (2022). 'Buy European' : l’impossible réponse européenne face au protectionnisme américain ['Buy European': the impossible European response to American protectionism]. Retrieved from https://www.latribune.fr/economie/union-europeenne/buy-european-l-impossible-reponse-europeenne-face-au-protectionnisme-americain-942502.html
• Acteurs Publics. (2022). La construction de notre indépendance numérique est une question de volonté politique [The construction of our digital independence is a question of political will]. Retrieved from https://acteurspublics.fr/articles/la-construction-de-notre-independance-numerique-est-une-question-de-volonte-politique
• Smets, J.-P. (2021). Tribune : Des quotas technologiques pour la souveraineté numérique ? [Opinion: Technological quotas for digital sovereignty?]. Solutions Numériques. Retrieved from https://www.solutions-numeriques.com/tribune-des-quotas-technologiques-pour-la-souverainete-numerique-par-jean-paul-smets-ceo-de-rapid-space/
• Fondation Robert Schuman. (2018). International Trade: The Conditions of an Ambition. Retrieved from https://www.robert-schuman.eu/en/european-issues/457-international-trade-the-conditions-of-an-ambition
• Légibase Collectivités. (2017). 'Buy European Act' d’Emmanuel Macron : la pilule ne passe pas auprès de la Commission européenne ['Buy European Act' by Emmanuel Macron: the pill does not go down well with the European Commission]. Commande Publique. Retrieved from https://commande-publique.collectivites.legibase.fr/actualites/prospective/buy-european-act-demmanuel-macron-la-pilule-ne-passe-pas-aupres-de-la

About the EuroStack Project

The EuroStack Project is dedicated to promoting European technological sovereignty by connecting businesses, public organizations, and individuals with digital solutions that reflect European values: transparency, privacy, security, and sustainability. We believe in empowering users to make informed choices that support a resilient and thriving European digital ecosystem.

What We Do:

The EuroStack Directory provides a trusted platform to discover:

• European Cloud Services: Explore providers offering secure, scalable, and GDPR-compliant cloud infrastructure within Europe.
• Open Source Technologies: Find robust and innovative software solutions built on the principles of transparency, collaboration, and community-driven development.
• Interoperable Tools: Identify tools and platforms designed with open standards to ensure seamless integration and avoid vendor lock-in.

The "Euro Stack" Vision:

The term "Euro Stack" represents a broad vision for a sovereign European digital infrastructure. This vision, initially articulated during discussions at the "Toward European Digital Independence: Building the Euro Stack" event in September 2024 (organized by Francesca Bria, Cristina Caffarra, and Meredith Whittaker), an more recently in several white papers, emphasizes:

• Digital Sovereignty and Data Autonomy: European control over data and technology, reducing reliance on non-European entities.
• Open Source Foundation: Prioritizing Open Source software and standards for transparency, interoperability, and privacy.
• SME Empowerment: Supporting small and medium-sized enterprises as key players in the European digital market.
• Avoiding Lock-in: Promoting cloud interoperability and data portability to prevent vendor lock-in.
• Sustainability: Integrating green technologies and energy-efficient practices.

Several organisations, including ours, support this ambitious vision, are are currently working concurrently, to help realise this vision.