Blogpost

09.02.2026

Insides

Cloudogus comments on the European Open Digital Ecosystem Strategy

The European Open Digital Ecosystems initiative develops a strategic approach to the open source sector in the EU that addresses the importance of open source as a crucial contribution to EU technological sovereignty, security and competitiveness. The initiative asked for feedback and as an open-source company, we answered.

Johannes Schnatterer

Field CTO

We also shared this post via the official European Commission's Call for Evidence. Attached is our feedback as a mid-sized company in the digital industry that offers its products as open source software and has also been active in the public sector for almost 10 years.

European Open Digital Ecosystem Strategy

As an SME that has published open source software since its founding over ten years ago, we, Cloudogu GmbH, are particularly pleased to contribute to this Call for Evidence regarding the European Commission’s initiative for a European Open Digital Ecosystem Strategy. Our company’s history serves as a prime example of public-private partnerships within the open source domain: We are a spin-off of an SME service provider (Triology GmbH). By 2017, we had already invested several person years into the open source product Cloudogu EcoSystem, a platform for easily operating modular tool stacks (e.g. for software development or project management) composed of established open source tools, running on-premises or on arbitrary cloud providers. The Cloudogu EcoSystem, which was already production-ready at the time, met the requirements of a public authority (ITZBund - central IT service provider for the German federal administration), leading to our first major contract. This public commissioning of a small open source provider laid the foundation for the success of our company, as well as for the success of ITZBund’s Software Entwicklungsplattform Cloud (“software development platform cloud”) and its successor Bundescloud Entwicklungsplattform (“federal cloud development platform”). By now, Cloudogu employs more than 80 people and has created an ecosystem of like-minded SME open source companies. Our open source product, the Cloduogu EcoSystem, is used daily by thousands of users. This success story was possible thanks to the visions and courage of individual civil servants. Such success stories would be repeated more often if there were guidelines in public procurement prioritizing open source solutions. In addition, we find it remarkably challenging to find reuse for our still lesser-known but successful open source solution in the public sector. Here, a public European showroom or marketplace focusing on proven, successful open source software (and highlighting SMEs) could increase traction for many hidden gems. In our opinion, open source first procurement and a European market place for successful open source solutions should be among the major objectives of the European Open Digital Ecosystem Strategy. Please find attached our answers to the specific questions of the call for evidence. For further questions I am at your disposal at any time.

Kind regards, Johannes Schnatterer, Field CTO Cloudogu GmbH

1. Strengths and weaknesses of EU open-source sector

What are the strengths and weaknesses of the EU open-source sector? What are the main barriers that hamper (i) adoption and maintenance of high-quality and secure open source; and (ii) sustainable contributions to open-source communities?

Strengths The EU open-source sector has…

  • long tradition of open source community work (e.g. FOSDEM, Chaos Communication Congress),
  • produced many widely used open source tools that serve as alternative to proprietary solutions (e.g. Linux, MySQL/MariaDB, Nextcloud, Matrix, VLC, Mistral, Matomo, ProxMox, Arduino, Mastodon),
  • many other successful but less-known open source tools including Cloudogu EcoSystem,
  • an increasing number of organizations boosting open source (e.g. Eclipse Foundation, NeoNephos, FSF Europe, The Document Foundation, Sovereign Tech Fund, NLnet, SPRIND - also including business associations like APELL and OSBA),
  • prominent successful public-private partnerships (e.g. SCS, ALASCA, OpenDesk, La Suite),
  • again many other successful but less-known public-private partnerships including Cloudogu’s with ITZBund,
  • and as this shows, many companies, even SMEs willing to invest in open standards and open source.

In addition, Europe has

  • a high density of motivated, well-educated software professionals,
  • democratic values (matching perfectly with open source governance - values that are not present or increasingly eroding in other parts of the world)
  • and regulatory practices opening walled gardens, supporting open standards and open source. For example,
    • DMA: app “sideloading”, messenger interoperability.
    • DSA: transparency in social media algorithms.
    • Data Act: promotes cloud switching.
    • GDPR: matches inherent traits of open source like transparency.

Weaknesses

  • No guidelines in public procurement towards open source solutions.
  • In the past, open-source software was far less user friendly than proprietary software. This has changed drastically. However, whenever people hear about open source, they are afraid of reduced productivity and higher maintenance cost.
  • Proprietary solutions are more widespread and have a reputation of technological advance and better usability. Making them an “easier” choice.
  • Political lobby for open source is weak. Even in 2025 and 2026, as digital sovereignty gains momentum due to geopolitical shifts, we still see continued sales success for large vendors of proprietary software from outside of Europe.
  • No protection against so-called sovereignty washing (hosting in Europe but still being subject to US CLOUD Act).
  • All of this leads to lower demand for open source solutions, even from the public sector.
  • In turn, value creation often happens for proprietary software, missing out on strengthening our local open source economy.
  • Regulation is not only a strength but also a weakness: complexity might make it hard, especially for SMEs. Examples:
    • GDRP: Large corporations stretching rules and arguing over details of the legal basis for years, which smaller companies cannot afford.
    • CRA: liability requirements threatening the open source ecosystem.
  • On the other hand, regulation could enforce open standards or interoperability (e.g. data export with SaaS) even more, leveling the playing field for open source market opportunities.

Barriers for adoption and maintenance

  • Popularity and supposed better usability of big proprietary vendors, makes them the “easier” choice. Classic example: Microsoft Office vs OpenOffice.
  • Vendor lock-in: Once locked-in to proprietary solution it is costly if not impossible (due to missing export options) to switch.
  • Simpler operations often win: Proprietary SaaS solutions like GitHub, MS 365, and Google Workspace.
  • Successful open source solutions are often not well-known.
  • Tenders for open-source solutions are rare or challenging for smaller open source companies to participate in.
  • Legal concerns or rumors (e.g. copyleft anxiety).

Barriers for sustainable contributions

  • Corporations only contribute if they see economic value.
  • Open source business models are more challenging, especially in the private sector: Why pay for something free?
  • Privacy concerns: e.g. public servants not allowed to contribute because personal details of committers are published in Git.
  • Fear of liability requirements, e.g. introduced by CRA.

2. Added value

What is the added value of open source for the public and private sectors? Please provide concrete examples, including the factors (such as cost, risk, lock-in, security, innovation, among others) that are most important to assess the added value.

  • Cloudogu’s USP is to make digital sovereignty easy by making open source easily accessible. In our definition, digital sovereignty has six dimensions: vendor independence, infrastructure independence, security, data privacy, sustainability, accessibility. All of which are contributed to by open source.
  • Vendor and infrastructure independence reduce the risk of vendor lock-in on different levels. Open-source product tenders allow for multiple suppliers, providing reliability through diversity. The resulting competition encourages innovation and cost-effectiveness. On the infrastructure level, the open source operating system Linux is the foundation. On top of it, additional open standards like Open Container Initiative and Kubernetes (the “operating system of the cloud”) have come up. All of which are important building blocks for Cloudogu to provide infrastructure independence. A very prominent concrete example of vendor independence by open source is the acquisition of Sun Microsystems by Oracle. Products like OpenJDK, MySQL, OpenOffice, Hudson all continued, now driven by different vendors or foundations like Eclipse Foundation, MariaDB, Document Foundation, Linux Foundation.
  • Security and data privacy are aided by transparency provided by open source. It is much easier to find security-critical bugs in open source be it by manual audits, white-box fuzzing, or AI-driven code analysis. Concrete examples can be found in almost all widespread open source tools or libraries such as OpenSSL.
  • Open source can be re-used and forked, which is much more sustainable than reinventing. Concrete examples are Owncloud, Nextcloud and OpenCloud. Another argument for sustainability by open source avoiding e-waste by allowing hardware to be used even after being discontinued by vendors. Concrete examples are OpenWRT (based on Linux) and LinageOS (based on Android/Linux; security is limited by proprietary firmware in this case).
  • Accessibility often is a core philosophy of inclusive open source communities. Concrete examples are the desktop environment Gnome and its screen reader Gnome.

The above arguments are true for both public and private sectors, but there are some arguments applying to the public sector in particular:

  • Vulnerability to blackmail or aggression by other states (e.g. sanctions to ICC by the U.S. President in 2025).
  • Public Money Public Code: taxpayer’s money is used to create a sustainable result that can be reused even after contracts are over.
  • In the private sector, reducing cost is one of the main drivers. It is common practice for large corporations to keep their suppliers under constant price pressure instead of building sustainable relationships. The public sector should have different priorities and view open source as an investment in the future: preserving digital independence, enabling innovation, and can also save costs in the long run.

3. Measures and actions

What concrete measures and actions may be taken at EU level to support the development and growth of the EU open-source sector and contribute to the EU’s technological sovereignty and cybersecurity agenda?

  • Public funding can drive open source solutions both as a catalyst and as a customer.
  • Increase public sector demand through an open source by default policy in tenders. Proprietary solutions only in justified exceptional cases.
  • Provide a central showroom or marketplace for promoting successful solutions. These should federate proof of success by linking to national showrooms or marketplaces. This way solutions like La Suite, OpenDesk or the Cloudogu EcoSystem could find reuse within the EU even across national borders. Existing or upcoming solutions like EuroStack or Deutschland-Stack do not prioritize open source solutions at the moment. If the show room is not exclusive to open source projects, at least there should be a prominent filter to help find open solutions for public tenders. The same is true for SMEs and startups: Solutions by SMEs could be highlighted (by use of a badge or similar). On the one hand, they usually have more difficulty succeeding in tenders and on the other hand, they are a more natural choice for the public sector, because they offer a higher degree of flexibility in implementing specific requirements in their software. This would both strengthen the local economy and improve the digital sovereignty of institutions.
  • Actively promote open social media platforms. There are open alternatives to closed and non-transparent networks such as X, Instagram, LinkedIn, WhatsApp, etc. The EU and the entire public sector (including politicians) should lead by example and use open platforms exclusively to promote their adoption.

4. Technology Areas

What technology areas should be prioritised and why?

  • Cloud/SaaS: Europe has a high dependency on US hyperscalers and software as a service providers. These impose a high risk for political pressure, as seen in 2025.
  • Hardware: There is RISCV as open format, it is not ready to be used on desktop or server in mainstream. This is especially true for GPUs, which with the advent of AI have gained importance.
  • Mobile OS: The whole mobile market is owned by a duopoly (Apple and Google) with no European influence.
  • Large Language Models: There are only a few European companies that can compete with international frontier LLMs.

5. Sectors

In what sectors could an increased use of open source lead to increased competitiveness and cyber resilience. As stated above, we see special synergies between the public sector and open source. That said, most advantages stated above also apply to the private sector.

Tags