The European Commission signaled in January 2026 that it wanted to commercialize European open-source software as part of its push for digital sovereignty.
According to the consultation, the EU faces a “significant” problem in its dependence on non-EU countries in the digital sphere, which “reduces users’ choice, hampers EU companies’ competitiveness and can raise supply chain security issues.”
Much of the value generated by open-source projects – which are publicly available to be inspected, modified and enhanced by anyone – is exploited outside of the EU, often benefiting tech giants, as per researchers.
For European startups, this context raises the question: if open-source underpins a big part of the digital economy, why rely so heavily on big tech companies?
The open-source foundations of sovereignty
Europe’s focus on digital sovereignty has sharpened as policymakers question whether reliance on foreign technology providers creates economic and security risks.
In February, Maria Luis Albuquerque, the EU’s financial services commissioner, said that Europe must keep control over key technologies underpinning its economy if the bloc is expected to become reliant on U.S.-based tech moguls.
For entrepreneurs, however, digital sovereignty is not just a Brussels slogan; it affects the tools companies build on, the infrastructure they depend on, and the degree of control they retain as they scale.
Those tensions were explored during a Sovereign Tech Europe 2026 conference panel on open-source, competitiveness, cybersecurity, and technological sovereignty.
“What we build and what we rely upon in the digital economy is built on a foundation of open-source software,” said Paul Sharratt, policy and research lead at Germany’s Sovereign Tech Agency. Open-source, in his view, is part of the infrastructure which startups, public services and large companies already rely upon.
One of the problems, according to Sharratt, is that much of the work is carried out by people he described as “volunteers” – many whom are under-resourced despite maintaining critical software. The mission of the Sovereign Tech Agency, he stressed, is providing these professionals with resources they need to keep digital infrastructure resilient and secure.
Meanwhile, Felix Reda, senior director of developer policy at GitHub, also noted that funding should be paired with regulation. In noting that open software is “a great way” of de-risking some challenges associated with digital sovereignty and dependence on foreign companies, he also argued that it is not simply an alternative to vendors, but a way for organisations to build internal capacity and retain control.
For the GitHub executive, the European Commission should focus on ensuring that open-source projects are well-governed, well-financed, and “under licenses that give us the trust that they will continue to be available for everyone to use in the future.”
From compliance to competitive advantage
Regulation, as per Sharrat, continues to be a critical piece of the puzzle. “It’s been a positive process. I sit on the expert group of the Cyber Resilience Act (CRA), and one of the things we’ve seen is the development of novel legal categories to accommodate how open-source software development works,” he said.
“Providers of software components embedded in proprietary software stacks and deep in software supply chains are subject to the requirements of CRA. The problem is then making it feasible for these organizations to meet the requirements that come with regulation,” Sharratt continued.
And, while policymakers are still refining how regulation should apply, Reda suggested that the Commission has already made progress in understanding the open-source ecosystem:
“There can be vulnerabilities in open-source software – just like in proprietary software – but because it is open, more people can identify and address them.”
He also pointed to Europe’s existing strengths in the field. “Europe is in a very good position. We have 25 million developers from Europe on GitHub, and they are the largest contributors to open-source software.”
However, there are also risks associated with licensing models. Companies, he said, need to be careful to not build their businesses on software that can then be closed off or monetized by a single actor.
“At the end of the day, digital sovereignty is about choice, and if you don’t have reliable, secure, well-maintained open-source components, then you don’t have a choice in the same way,” Sharratt noted.
This is probably the clearest business case for open-source: it is not just about ideology but about preserving choice in the market.
Open-source in name only
What Sharratt expects from the new strategy is more resources to be directed towards the open-source ecosystem: proprietary products often depend on open-source components maintained outside traditional commercial structures, although “a big gap” remains in the critical components under which these softwares are built.
At the same time, the growing importance of open-source has also led to new concerns about how the term itself is used. Zach Meyers, director of research at the Centre on Regulation in Europe (CERRE), described one such phenomenon as “open-source washing,” noting that some large technology companies use the term for marketing without fully complying with the open-source principles.
Even imperfect use, however, suggests that open-source has become important, according to Laszlo Igneczi, executive director of OpenForum Europe:
“I’m happy, because even the solutions that do not fully comply with open-source show that it has created value,” he stressed, adding that open approaches can bring “modularity, interoperability, and replaceability.”
For hundreds of firms throughout Europe, such interoperability and replaceability determine whether a business can move away from a supplier and avoid being trapped in one ecosystem – and, in doing so, quietly chip away at the dependencies that digital sovereignty seeks to address.
Featured image: Allison Saeng via Unsplash+
