Back to all

For EU Open Source, the Budget Is the Policy

2026-06-03

If Vikunja is useful to you, please consider buying me a coffee, sponsoring me on GitHub or buying a sticker pack. I'm also offering a hosted version of Vikunja if you want a hassle-free solution for yourself or your team.

In 2020, the European Commission wrote a document about open source and addressed it to itself. Today it published a strategy for the whole continent. The distance between those two documents is the part worth talking about.

The 2020 to 2023 strategy was about how the Commission would use and share its own code, and its strongest line was a hedge: open source “will be preferred when equivalent in functionalities, total cost and cybersecurity”. Back then, it was a careful internal memo. Useful, but pointed inward.

Today’s European Technological Sovereignty Package points outward. It comes with a dedicated Open Source Strategy aimed at all of Europe, well beyond one institution’s data center. It wants European open-source alternatives to non-EU proprietary tools. It wants to turn open source into sustainable businesses, with accelerators and an “Open Source Maintenance Instrument.” It pushes public procurement toward open standards and talks about “openness and sovereignty by design.”

Treating open source as industrial policy instead of an internal cost-saving preference is the right instinct, and it’s years overdue. After almost a decade of the FSFE’s “Public Money? Public Code!” campaign, the recognition is real. Credit where it’s due.

The Commission’s own diagnosis is blunt, and I agree with it: leaning on non-EU vendors for critical software narrows user choice, weakens European companies, and turns every supply chain into someone else’s leverage.

Lately the leverage has stopped being only commercial. When the US sanctioned the International Criminal Court’s chief prosecutor in early 2025, he lost access to his Microsoft email and moved to a Swiss provider. The ICC spent the rest of the year migrating off Microsoft Office onto open-source software, because the question it could no longer answer was whether an American company would keep serving it through a political fight it didn’t control. Henna Virkkunen, the Commission’s tech sovereignty chief, named the fear directly: the point of this package is making sure nobody holds a “kill switch” over critical European systems.

Europe’s governments have already started acting on this without waiting for a strategy. Denmark’s digital ministry, the German state of Schleswig-Holstein, and France have all begun moving public workplaces off Microsoft and onto Linux and open formats. In a lot of ways, this strategy is Brussels catching up to its own member states.

That same 2020 memo quotes the Tallinn Declaration, where EU Member States called on the Commission to strengthen the requirements for open-source solutions in EU-funded systems “by 2020.” That deadline came and went. It’s 2026, and the FSFE notes the new strategy is still non-binding.

There’s a money problem underneath it. The FSFE puts the EU’s open-source commitment at roughly two billion euros over seven years, against the around 264 billion euros Europe spends on proprietary software every year. A plan funded at a rounding error of the problem it describes hasn’t committed to anything yet. It has noted a concern.

Now, the strategy talks about creating sustainable European open-source businesses as if they have to be summoned out of nothing. But some of them already exist. Just days before the package, a group of them said as much in public: Nextcloud, Proton, Mastodon, and OVHcloud, along with civil-society groups and MEPs, signed a sovereignty declaration. Europe already has the open alternatives. What they need is a market to sell into.

Vikunja is one of them, and I’ll be honest about the scale: it’s niche. Growing, but niche. It’s also exactly the shape of thing the strategy says Europe needs. Vikunja is AGPL-3 licensed, built and run in Germany, self-hostable on your own infrastructure, and funded by the people who use it rather than by investors waiting for an exit. I wrote about why that matters elsewhere.

If you’re a team or a public body trying to actually act on this strategy, the words “open source” on a pricing page aren’t much to go on. The things that make a tool genuinely sovereign are less obvious. It runs on infrastructure you control, inside the EU. It’s under a genuine copyleft license rather than a “source available” arrangement that only looks open. It can do the enterprise things, like single sign-on, without a five-hundred-user minimum. And its maintenance is something a buyer can actually fund. Hold products to that and a lot of them fall out, including plenty that wave the open-source flag while holding a CLA in one hand and a term sheet in the other. Otherwise you’re buying a logo and calling it sovereignty. If you want to make that case inside your own organization, I wrote a page for exactly that.

So here’s my ask for the people who wrote the strategy.

Make “Public Money? Public Code!” binding. As a preference, it gets dropped the first time it’s inconvenient. Code paid for with public money should be public by default, and procurement is where that either becomes real or stays a slogan.

Fund maintenance. The strategy even names an “Open Source Maintenance Instrument,” which is the right idea. The unglamorous work of keeping critical software alive is what breaks for lack of money, and it’s the work least likely to attract an accelerator or a press release.

Use the lever you already control. The strategy wants to create sustainable open-source businesses. What turns a niche-but-growing project into a sustainable one is steady, paying demand. Accelerators and grants help at the beginning, but they don’t create sustainable businesses. The EU is one of the largest software buyers on Earth, and that 264 billion euros a year is the same number from earlier, seen from the other side. As a gap, it’s an embarrassment. As a budget, it’s the most powerful open-source policy Europe has. Point even a sliver of it at open, European, self-hostable tools, and you don’t have to invent the businesses. You make the ones already fighting for it viable, and you leave room for the next hundred. The companies behind that declaration asked Brussels for the same thing: procurement that buys European and open. It costs nothing new. The budget already exists.

There’s a practical condition attached, though, and I’ll say it from direct experience: how you buy matters as much as how much. Public-sector sales cycles are brutal. 8+ months for a single sales cycle is normal, and small open-source companies often don’t have the resources to do it. So when procurement stays this slow and this heavy, the money flows to exactly the large vendors the strategy says it wants Europe to depend on less. Shorter cycles, lighter procurement for smaller contracts, and a process a five-person company can navigate without a dedicated bids team would do as much for European open source as any accelerator.

Vikunja stays open. Europe’s strategy now says it should too. The next move is Brussels’.