Saltar a contenido

Mandatory Contribution Back to Open-Source Projects

About this policy

These policies encourage or require public sector institutions to give back to the open-source projects they use. By contributing bug fixes, improvements, or new features upstream, governments help strengthen the sustainability, security, and resilience of the broader open-source ecosystem—while also avoiding fragmentation and duplication of effort.

What we include

This section includes strategies, legal mandates, and operational guidelines that require or strongly encourage public entities to contribute their modifications to the original open-source projects they use, rather than maintaining isolated or private forks. This includes rules on upstream collaboration, transparency, and alignment with project governance.

🌍 Policies

🇨🇦 Canada

  • 🔗 Guide for Contributing to Open Source Software

  • 📄 Overview:

    The Guide for Contributing to Open Source Software outlines the Government of Canada's process for contributing improvements back to third-party OSS projects. It recommends that departments publish all modifications whether accepted upstream or not and ensures contributions comply with open-source licenses and community policies. Contributions can be made directly by staff or through contractors, following legal and managerial approvals. This approach supports transparency, aligns with the Digital Standards, and encourages reuse across government and the broader OSS community.

  • 🔗 Government of Canada Enterprise Architecture Framework

  • 📄 Overview:

    The Enterprise Architecture Framework requires departments to contribute improvements back to open-source communities when using OSS, as stated under “Application Architecture.” This obligation supports reuse, encourages collaboration, and ensures that enhancements developed by government are shared upstream. It also applies to customized SaaS extensions, which must be published as open source modules when feasible.

🇫🇷 France

  • 🔗 Interministerial Support and Expertise Contracts for Free Software

  • 📄 Overview:

    The interministerial OSS support contracts coordinated by DGFiP mandate that all fixes and improvements whether for bugs, security, or compatibility be contributed back to the original open-source projects. This ensures government-funded enhancements strengthen the upstream codebase and reinforces the commons-based model of OSS development.

  • 🔗 Call for Comments on the State’s Open Source Contribution Policy

  • 📄 Overview:

    Initiated by Etalab in 2017–2018, this public consultation aimed to formalize a national policy encouraging civil servants and contractors to contribute upstream to open-source projects. Building on France’s digital republic law and later reinforced by the 2021 circulaire, the policy promotes institutional alignment with open-source norms by making contribution a standard practice for government-developed software.

🇮🇹 Italy

  • 🔗 Guidelines on the acquisition and reuse of software for public administrations
  • 📄 Overview:

    Italy’s open-source reuse guidelines emphasize responsible collaboration with original project maintainers when public administrations adopt or modify external open-source software. The Responsible party must propose bug fixes and new features through standard open contribution channels (e.g. pull requests, issue trackers) and aim to consolidate changes into the main codebase for broader reuse. Even when contributions are accepted upstream, the public administration must still publish its version clearly referencing the original source in its own code repository, in line with Article 69 of the Digital Administration Code (CAD). This ensures transparency, traceability, and reusability across the public sector.

🇰🇷 South Korea

  • 🔗 Software Promotion Act
  • 📄 Overview:

    The Software Promotion Act integrates open source into national strategy by requiring the Master Plan (Article 5) and annual Implementation Plans (Article 6) to support OSS adoption and public release. Article 25 mandates that software developed with national R\&D funding be made publicly available, and Article 36 promotes a culture of openness and collaboration. These provisions embed OSS into South Korea’s long-term digital policy.

🇨🇭 Switzerland

  • 🔗 OSS Licensing Guidelines for the Federal Administration

  • 📄 Overview:

    The guidelines encourage a "share-alike" model by recommending specific licenses. Section 6 advises using strong copyleft licenses like AGPL v.3 or GPL v.3 when the strategic goal is to ensure that modifications and improvements made by third parties "flow back" to the federal authorities. This policy ensures that the public continues to benefit from derivative works.

  • 🔗 OSS Community Guidelines for the Federal Administration

  • 📄 Overview:

    The guidelines encourage active participation in OSS ecosystems. Section 1 explicitly states the document is for those who "contribute to such an application." By providing a formal structure for managing contributions, including review processes and committer rights as outlined in Section 2, the policy aims to professionalize and encourage the practice of contributing back to open source projects.

🇺🇸 United States

  • 🔗 Federal Source Code Policy (M-16-21)
  • 📄 Overview:

    While not a strict mandate, Section 5.2 strongly encourages federal agencies and their contractors to participate in the broader OSS community. This includes contributing improvements made to existing open source projects back to the upstream community. The policy frames this as a key practice for fostering collaboration and leveraging the benefits of open development.

🇺🇾 Uruguay

  • 🔗 CISA Open Source Software Policy

  • 📄 Overview:

    The policy commits the agency to actively participating in the open source ecosystem. It establishes a default position to contribute improvements back to the FOSS projects it uses. The document states CISA will be an active contributor to the software it or its clients utilize, ensuring a two-way relationship with the open source community.

  • 🔗 Law No. 19179: Regulation on Digital Information Formats and Software

  • 📄 Overview:

    The law strongly implies a contribution-back requirement. Article 5 defines one of the core conditions of the free software that the government must use and produce as the ability for improvements to be made and then released back to the public, ensuring a cycle of community contribution.

🇪🇺 European Commission

  • 🔗 Regulation (EU) 2024/2847 (Cyber Resilience Act)

  • 📄 Overview:

    The regulation mandates that manufacturers, upon discovering a vulnerability in an integrated component, including open-source software, must report it to the component's maintainer. Under Article 13(6), they are also obligated to share the software or hardware modification developed to address the vulnerability, effectively contributing security patches back to the original project.

  • 🔗 Open Source Software Strategy 2020-2023: Think Open

  • 📄 Overview:

    The strategy encourages active participation in the open source ecosystem. The "Contribute" principle in Section 5.4 commits the Commission to becoming an active contributing member of key communities. It builds on the European Interoperability Framework's call for public administrations to contribute to developer communities whenever possible, as cited in Section 3.2.

🤝 How to contribute

Want to add a policy?

See something missing? Open a policy suggestion