Open source powers the world, but who should to keep it running—and who should decide where the money goes?
Free and Open Source Software has a huge problem, that was recently summarized on the GitHub blog: while the annual contribution of FOSS to the economy has been estimated to be about €65-95 billion in the EU alone, 1/3 of FOSS maintainers are unpaid, 1/3 are the only maintainer of their open source project, and almost three quarters of surveyed FOSS projects are maintained by three people or fewer.
A 102-pages study published in July calls the EU public sector to fix the huge mismatch between the importance of open source maintenance and the money it gets, and recommends scaling up to the EU level by adopting the model and principles of the German Sovereign Tech Agency, which already has a good record of supporting open source.
The study clearly describes the dangers of not supporting open source maintenance:
- “Chronic under-investment in open source technologies creates systemic risks — exposing Europe to (among other things) cybersecurity threats, supply chain vulnerabilities, and strategic dependencies on non-European technology providers.”
- Without “sustainable funding and support, it is entirely foreseeable that critical components [of open source software] will degrade, leaving entire industries exposed to systemic risk.”
Equally clear is the conclusion that if the EU wants to meet its own public and industrial goals, its public policy must also support maintenance of the open source ecosystem. According to the study, an EU-wide Sovereign Tech Fund with a seven-year budget of at least €350 million (about $408.2 million US) — plus further contributions from EU Member States and industries — would finance:
- Identification of the EU’s most critical open source dependencies.
- Maintenance, security, and improvement of the related FOSS.
- Strengthening the general open source ecosystem.
What an EU Sovereign Tech Fund Might Look Like
An EU-STF could be either one centralized, dedicated institution, or a consortium of EU member states that provides the initial funding and then applies for additional resources from the EU budget. In either case, the fund should follow the same key principles that have made its German predecessor successful, which I would personally cluster in three groups:
- community focus and transparency
- political independence and strategic alignment
- pooled financing, flexible funding, and low bureaucracy
The first group is obvious: no program of this kind could last without concrete collaboration with the open source community to co-define funding priorities on the one hand, and proving the money is spent properly on the other.
Political independence and strategic alignment should be equally as easy to grasp. EU-STF should not receive funding unless it can demonstrate the potential for positive impact on the EU’s strategic objectives — such as economic competitiveness, digital sovereignty and cybersecurity. Use of the funds should also remain independent from changes in the EU Commission or in the governments of member states.
The last principles are essential to making sure money is spent as intended and is accessible by the people it’s supposed to reach. These days, getting EU funding for anything is a life-sucking experience — requiring applicants to discover and apply for dozens of separate funds, each with its own requirements, its own language and its own arcane procedures. Some of that complexity is unavoidable, but it doesn’t change the fact that, as things stand, the open source maintainers this proposal is supposed to help would need far more time and bureaucratic skills than they could—or should—ever have just to secure any money.
The German agency that the EU-STF should replicate seems to be a good model. During separate email interviews, OpenStreetMap Foundation Board Member Maurizio Napolitano and Claudio Agosti with the Italy-based ‘Hacking for Human Rights’-associated Hermes Center pointed me to two of its recent grants as a proof of its effectiveness. One was a grant of €384 thousand to OSM to ensure the stability, growth and modernization of OpenStreetMap’s core software. The other was more than €400 thousand going to OpenSSL Foundation to improve its security and address a backlog of user-submitted GitHub issues.
What’s Missing, or Could Go Wrong
Right after saying that he’d really like to see an EU version of the STA, Agosti observed, “Any fund deliberately limited to maintenance cannot, by definition, deliver breakthroughs or innovation. That’s not necessarily bad though, and what matters is that open source software stays in good shape.”
I agree. Maintenance of infrastructures — digital or not — may not look as glamorous as start-ups or as becoming the next Silicon Valley, but it’s something that actually keeps the world going. Personally, I’m more worried about the potential for corporate openwashing, or that EU-STF ends up funding FOSS that’s useful only to governments or large enterprises instead of the FOSS components that make the fediverse work.
To see what I mean, consider that one of the two forewords of the study is by the behemoth SAP, and the other by… Mercedes-Benz, which explains its interest as follows:
“As vehicles evolve into software-defined platforms, the foundation of innovation increasingly rests on open digital base technologies. At Mercedes-Benz, we recognise that open source software is not a trend but a strategic imperative. It enables collaboration at scale, accelerates innovation, and ensures Europe’s technological sovereignty in an era of geopolitical and economic uncertainty.”
Seriously? More interest in FOSS maintenance is great, but FOSS purpose built to sell uselessly complicated cars is not FOSS I would fund with public money.
Another way in which an EU-STF may undermine expectations is by not having enough synergies with other Open Tech EU programs such as Eurostack. On this score, Amanda Brock, CEO of OpenUK, points out that merely funding maintainers cannot produce long lasting benefits without some reforms of the organizations tasked with regulating, maintaining or using FOSS.
We’ll see.
Working Across Borders
In the meantime, something else that may undermine expectations hides in plain sight in GitHub’s article:
“Living in the EU should not be a requirement for receiving funding, just like the German Sovereign Tech Agency does not restrict funding to Germans. To benefit the EU economy and society, software doesn’t have to be Made in the EU, as long as it is Made Open Source.”
Or, in Brock’s words: “a joined-up approach across geographies is critical to the future of funding.”
My own translation: a non negligible part of the fund money may and should go to programmers just as competent as European ones, but living anywhere on the planet. I think that’s right, but I also hope that this doesn’t become one further justification for more Europeans to vote far right, or not vote at all.
Marco Fioretti is an aspiring polymath and idealist without illusions based in Rome, Italy. Marco met Linux, Free as in Freedom Software, and the Web pre-1.0 back in the ’90s while working as an ASIC/FPGA designer in Italy, Sweden, and Silicon Valley. This led to tech writing, including but not limited to hundreds of Free/Open Source tutorials. Over time, this odd combination of experiences has made Marco think way too much about the intersection of tech, ethics, and common sense, turning him into an independent scholar of “Human/digital studies” who yearns for a world with less, but much better, much more open and much more sensible tech than we have today.
Be First to Comment