EU law as an engine of digital sovereignty: Mandating open source and self-hosting for Europe’s public sector
EU law as an engine of digital sovereignty
Mandating open source and self-hosting for Europe’s public sector
Abstract
This paper argues that the EU can operationalise “digital sovereignty” by requiring open-source software (OSS) across public administrations, prioritising self-hosting over hyperscale clouds, and replacing proprietary licensing spend with grant-based investment in OSS features. The proposal builds on existing EU policy trajectories that link openness to autonomy—most notably the European Commission’s Open Source Software Strategy (“Think Open”) , which frames open development and reuse as instruments for digital autonomy, cost control, and security. A live European precedent exists: Switzerland now obliges its federal administration to publish government-developed software as open source, and has named open source a 2025 priority within its Digital Switzerland strategy . Crucially, an OSS mandate also creates digital public goods —open building blocks that all humanity can adopt—advancing global equity and resilience beyond Europe.
Public money, public code
First, public bodies should be legally limited to OSS for core IT (“public money, public code”) . Doing so reduces vendor lock-in, enables independent security auditing, and fosters cross-administration reuse. Europe’s own civil society and policy fora have already articulated and mainstreamed this principle; codifying it in EU secondary law would align procurement with sovereignty goals and ensure that taxpayer-funded code remains a reusable public good.
Self-hosting, sharing enables global backup
Second, self-hosting should be the public-sector default—with open-source stacks like Nextcloud Hub for collaboration and storage— and EU law should also recognise that when data is client-side encrypted and erasure-coded into shards, its physical resting place becomes operationally irrelevant. IPFS and Storj split information into many encrypted shards and distribute them across independent nodes worldwide; so no single node holds readable data and availability remains high even when shards are spread globally, decoupling integrity from location.. In practice, governments can self-host Nextcloud while backing storage with IPFS or Storj style distributed networks, making sovereignty a function of cryptography and quorum—not geography.
OSS grants instead of license fees
Third, redirecting licence budgets to OSS grants can professionalise maintenance and accelerate feature delivery keyed to public-sector needs. The EU has precedents: EU-FOSSA bug-bounty programmes directly funded security improvements for widely used OSS; Interoperable Europe now documents and aggregates funding routes; and member-state initiatives like Germany’s Sovereign Tech Fund show how public instruments can steward digital commons at scale. EU law can normalise this approach—e.g., by making feature-granting a standard procurement pathway.
Open source highest-stakes infrastructure
Finally, the highest-stakes public infrastructures—European Digital Identity and a potential digital currency—should be open source by default to maximise transparency and verifiability. The EU has published an open-source EUDI Wallet Reference Implementation . For monetary rails, open codebases such as Project Hamilton show how public scrutiny can harden performance and security—an approach the EU should emulate for a potential digital euro. Similarly, Chaumian e-cash architectures merit evaluation for digital currency retail-grade privacy and resilience: Fedimint is an open-source, federated mint that issues blinded e-cash tokens. The project’s roadmap and FAQs outline how federation-backed assets can be supported—including applicability for a potential digital euro – a transparent policy choice.
Summary & contribution to global equity
Contribution. This abstract offers a blueprint: (i) an OSS-only obligation for public software; (ii) a self-hosting presumption; (iii) a shift from proprietary procurement to OSS grants and bounties; and (iv) open-source mandates for EUDI and potential digital-euro implementations. Together, these measures convert digital sovereignty from an abstract goal into a concrete governance regime that enhances security, transparency, economic circulation inside and beyond Europe, and long-term independence. By legislating ‘public money, public code,’ the EU not only strengthens its own autonomy, it also adds to the global commons.
Write a comment