For the first time, the European Commission has placed open source software at the heart of its digital sovereignty agenda through its newly unveiled Tech Sovereignty Package. This strategy integrates open source into critical infrastructure and legislative initiatives, aiming to reduce reliance on proprietary technologies and strengthen Europe’s digital independence.
- Open source prioritized as a strategic tool for EU digital sovereignty
- EUR 264 billion annual reliance on proprietary IT highlighted as vulnerability
- Targets 30 million users of open source collaboration tools by 2030
What happened
In June 2026, the European Commission released its European Technological Sovereignty Package, placing open source software squarely at the center of the EU’s digital policy landscape for the first time. This comprehensive package includes a dedicated Open Source Strategy alongside legislative proposals like the Cloud and AI Development Act (CADA) and the CHIPS Act 2.0.
The strategy explicitly addresses the EU’s dependence on proprietary IT products and services, recognizing this as a source of structural vulnerability. It defines open source as a critical enabler of sovereignty by promoting transparency, auditability, and cybersecurity, while setting measurable goals such as achieving 30 million active users of open source collaboration tools by 2030.
Why it matters
This package breaks new ground by framing open source software not as a niche or peripheral element but as a foundational pillar for Europe’s digital future. Previous EU policies acknowledged open source mainly in limited contexts like procurement or research. Now, it is integrated as a strategic lever to reduce vendor lock-in and mitigate risks caused by concentration of digital infrastructure with a small number of non-EU providers.
By mandating open source use in key initiatives—such as the EU Digital Identity Wallet—and supporting the development of a sustainable open source ecosystem with trusted services, governance frameworks, and stewardship organizations, the Commission is setting a global precedent. This approach also challenges narratives that question open source security, firmly positioning it as a cybersecurity asset.
What to watch next
Stakeholders will be closely monitoring the implementation of this Tech Sovereignty Package, including the Cloud and AI Development Act, to see how well the ambitious goals around open source adoption and ecosystem development are met. The establishment and coordination of governance bodies like the EU OSPO Network and the proposed European Digital Public Infrastructure Steward Organization will play a critical role.
Future developments will also hinge on the Commission’s ability to foster a thriving, trusted open source community, maintain momentum behind stewardship initiatives, and balance regulatory requirements with innovation. The outcomes will shape not only Europe’s digital independence but could influence global open source policy frameworks.