Like all the best Jenga towers, the internet is simultaneously solid and dangerously reliant on one or two crucial building blocks of open-source software. Such is the theme of ‘Dependency,’ a widely shared web comic portraying this shared global communications network as a crenellated superstructure whose continued existence is dependent on a minuscule ‘project some random person in Nebraska has been thanklessly maintaining since 2003’ not caving under its immense weight.
In reality, there are several such thin, overburdened building blocks holding up the modern internet – but the principle remains the same. It’s a problem championed by the growing digital sovereignty movement, which advocates for greater control of technology and data within national boundaries, and depends on open source to function. In response, a new open letter published by the OpenForum Europe think tank urges the European Union to create a €350mn Sovereign Tech Fund – and warns that inaction puts Europe at risk of “stagnation” that threatens the success of its “entire digital agenda”.
The letter arrives as digital sovereignty fast climbs Brussels’ policy agenda. European politicians are increasingly wary of US-made tech, as Silicon Valley appears to inch closer to the policy goals of the Trump administration.
In February, US Vice President JD Vance’s ‘Munich speech‘ caused a rift between Washington and Brussels. European politicians broadly understood the event as an attack on their values. Since then, US tech firms have courted the White House and occasionally appeared to act as its enforcers, such as when Microsoft shut down the email address of the International Criminal Court’s chief prosecutor, recently sanctioned by the Trump administration.
Spooked by these events, the dominance of the hyperscalers, and legislation such as the Cloud Act – which stipulates that data held by US companies can be viewed by that country’s intelligence services – policymakers, technologists and civil society groups have all called for urgent intervention in EU-wide tech.
But a prerequisite for achieving this sovereignty is open source software, which offers greater control and visibility over technology stacks than proprietary products.
Though used daily by governments, businesses and citizens, crucial components in the open source ecosystem are built and run by volunteers. This is a ticking time bomb, suggests the letter, which proposes that member states commit to an open source slush fund for securing these components over the next seven years.
The fund would be administered by a new organisation located in Europe. Resources could then be portioned out for maintaining those critical open source infrastructure projects, upon which much of the digital economy – and digital sovereignty initiatives – depend.
“This proposal is in Europe’s strategic and economic interest,” says Nicholas Gates, senior policy advisor at OpenForum Europe. “It’s focusing on some of the most under-recognised and undervalued software components that form the baseline for our everyday lives.”
The open source maintenance problem
Chronic under-investment in open source, argues the open letter, has exposed governments, businesses and citizens to a high degree of risk – a kind of digital house of cards that could tumble should maintenance cease.
Addressing this problem is the primary reason that Nextcloud signed the letter, says its co-founder, Jos Poortvliet. While many of the biggest open source initiatives have strong communities to maintain them, smaller projects are at risk of falling by the wayside. Even in the case of well-supported projects, many of them rely on contributions from the private sector. As such, these schemes are vulnerable if the strategic priorities of those companies shift.
“It’s a lot of fun to build something cool, but maintaining it – that’s a chore,” Poortvliet says. “When things become critical, it’s important that there’s a maintenance model. But it’s a tricky thing – people shouldn’t have to work for free.
“[These proposals] will help organisations that build and use sovereign technology, with maintenance, trust and security.
“The letter is part of the puzzle; it’s not going to solve Europe’s digital sovereignty problem,” adds Poortvliet, arguing that the most effective way to do so would be deploying open source technology on a grander scale, rather than “nibbling round the edges”.
State-level initiatives
But the European public sector is increasingly using open source. Municipalities in countries across the bloc are coding their own sovereign software and, in some cases, some even ditching Microsoft completely for open source alternatives. Yet their efforts are splintered, with little overarching support from the EU at large.
This growing uptake of open source, says Mirko Boehm, director of community development at the Linux Foundation Europe, has highlighted another problem for the ecosystem: namely, that many organisations are using code more than they are contributing back.
Boehm views the proposals in the letter as an opportunity to correct that imbalance with codified EU funding. “The public sector isn’t contributing to something that’s a public good, and that is the opportunity that I see here,” he says. “We can fix that.”
Inspired by the recently established German Sovereign Tech Agency, the signatories exhort legislators to adopt the Sovereign Tech Fund in the EU’s upcoming budget, the Multiannual Financial Framework for 2028–2034.
An accompanying feasibility study sets out possible paths for creating the fund, which the authors claim would be a “bold institutional step forward in treating open digital infrastructure as a strategic priority, on par with energy, defence, or semiconductors”.
Initial policy briefings have so far been received positively, says Gates, though he concedes the letter is more of a conversation starter right now.
However, intervention will be required sooner or later, adds Frank Feldmann, the chief strategy officer of SUSE. “I think there’s no version of the next six months where we won’t see the EU take a stance [on digital sovereignty],” Feldmann says. “Whether it’s at this type of scale or bigger.”
Read more: What a new mega-worm says about open source risk
