Complete Country Overview¶
About this page
This page presents a country-by-country overview of official documents related to open-source software (OSS) policies. For each country, we include a table listing the relevant policy types, the corresponding legal or strategic documents, and a brief summary of how each document addresses OSS.
🌍 Policies¶
🇧🇷 Brazil¶
| OSS Policy Type | 📄 Document | 📄 Overview |
|---|---|---|
| Public Release of State-Owned Software | Law Nº 14.063/2020 | Article 16 of Law Nº 14.063/2020 requires public entities to release software they develop under open-source licenses, allowing reuse and modification. This applies retroactively, with exceptions for legal, security, or contractual restrictions. |
| Prioritize Open Source in Procurement | Law Nº 14.063/2020 | Article 16 of Law Nº 14.063/2020 requires public entities to release software they develop under open-source licenses, allowing reuse and modification. This applies retroactively, with exceptions for legal, security, or contractual restrictions. |
| Open Standards Requirement | Law Nº 14.129/2021 | Law Nº 14.129/2021 mandates the use of open and non-proprietary formats in government digital services, reinforcing open standards as a legal requirement. Article 3, item XXV, and the definitions in Article 4 emphasize that government systems must adopt open, documented, and patent-free technologies to ensure interoperability and accessibility. These provisions support the broader goal of efficient and transparent digital governance. |
| OSS Training Programs | Law Nº 14.129/2021 | Law Nº 14.129/2021 encourages the creation of innovation laboratories as collaborative spaces between government and society to develop and test new public service solutions. Defined in Article 4, item VIII, these labs promote the use of open and free technologies but do not explicitly establish training or capacity-building programs for OSS adoption or sustainability. While supportive of OSS principles, the law stops short of mandating or funding OSS-specific training efforts. |
| OSS in Strategic Planning Documents | Decree Nº 10.332/2020 | Decree Nº 10.332/2020, which established Brazil's Digital Government Strategy (2020–2022), references open-source software in its strategic planning by promoting the use of systems and applications built on open and interoperable code. This appears in Initiative 12.7, under Objective 12, which aims to enhance the adoption of digital signatures and identity solutions. The inclusion of open-source principles within this strategic initiative signals the government's intent to increase transparency, accessibility, and trust in its digital infrastructure. |
🇨🇦 Canada¶
| OSS Policy Type | 📄 Document | 📄 Overview |
|---|---|---|
| Public Release of State-Owned Software | Government of Canada Enterprise Architecture Framework | The Enterprise Architecture Framework promotes the public release of state-owned software by directing departments to prioritize open source solutions and contribute improvements back to the community. Under “Application Architecture,” it encourages reuse over custom builds, mandates registration of open source tools in the Open Resource Exchange, and calls for customizations, especially for SaaS to be developed as open source modules, supporting interoperability and open collaboration unless restricted by legal or security concerns. |
| Public Release of State-Owned Software | Guide for Publishing Open Source Code | The Guide for Publishing Open Source Code encourages departments to release source code as open source whenever legally possible, whether developed in-house, acquired as OSS, or through contracts with proper licensing. The process includes securing approvals, ensuring rights to the code, assessing security, choosing a license and repository, adding documentation, and considering legacy systems. The overall goal is to promote transparency by working in the open. |
| Prioritize Open Source in Procurement | Acquiring Open Source Software Guidance | The Acquiring Open Source Software guidance establishes a preference for OSS in procurement, as outlined in Appendix C of the Directive on Management of IT. Departments are encouraged to select OSS where feasible, provided business needs justify its use. If OSS is freely available and meets requirements, it may be acquired without a formal tender. However, procurement must remain compliant with existing legal frameworks, and any non-standard contract terms require prior authorization. |
| Reuse and Transfer of Government Software | Government of Canada Enterprise Architecture Framework | The Enterprise Architecture Framework promotes software reuse and transfer across government by requiring departments to prioritize reusable open source solutions over custom development. Under “Application Architecture” and “Business Architecture,” it encourages contributions back to OSS communities, modular system design, and the registration of reusable components in the Open Resource Exchange to facilitate adoption across departments. |
| Open Source Security Measures | Address Security and Privacy Risks Guideline | The Address Security and Privacy Risks guideline provides a comprehensive framework for securing software, including OSS used in government systems. It outlines security measures across the full lifecycle, including threat modeling, automated and penetration testing, privacy impact assessments, encryption, and patch management. While not exclusive to OSS, the guidance supports open-source adoption by emphasizing transparency, modular security features, and continuous monitoring, helping ensure that open systems meet rigorous privacy and cybersecurity standards. |
| Open Source Security Measures | Open First Whitepaper: Open Source Software Use | The Open First Whitepaper emphasizes security as a key advantage of open-source software, citing its transparency, auditability, and wide peer review. In the "Security" section, the document explains that public access to source code allows for early identification and remediation of vulnerabilities, aligning with NIST recommendations against relying on obscurity. OSS is favored by national security agencies due to its inspectability, and its security model based on hardening through open testing, is presented as more robust when projects are actively maintained and reviewed. |
| Open Source Sharing Platforms | Open Resource Exchange | The Open Resource Exchange is the Government of Canada's official platform for sharing and collaborating on open-source software developed by public administrations at all levels: federal, provincial, municipal, and Indigenous. It facilitates the discovery, reuse, and co-development of open-source solutions by offering centralized access to code repositories, standards, and design assets. As part of the Municipal Innovation Pilot Project, the platform aims to enhance transparency, promote interoperability, and support the collective development of digital public goods across Canada. |
| Mandatory Contribution Back to Open-Source Projects | Guide for Contributing to Open Source Software | The Guide for Contributing to Open Source Software outlines the Government of Canada's process for contributing improvements back to third-party OSS projects. It recommends that departments publish all modifications whether accepted upstream or not and ensures contributions comply with open-source licenses and community policies. Contributions can be made directly by staff or through contractors, following legal and managerial approvals. This approach supports transparency, aligns with the Digital Standards, and encourages reuse across government and the broader OSS community. |
| Mandatory Contribution Back to Open-Source Projects | Government of Canada Enterprise Architecture Framework | The Enterprise Architecture Framework requires departments to contribute improvements back to open-source communities when using OSS, as stated under “Application Architecture.” This obligation supports reuse, encourages collaboration, and ensures that enhancements developed by government are shared upstream. It also applies to customized SaaS extensions, which must be published as open source modules when feasible. |
| Open Standards Requirement | Open Standards section - Open Resource Exchange | The Open Standards section of the Open Resource Exchange supports the Government of Canada’s mandate to use open standards where possible, as outlined in the Directive on Service and Digital. It provides a centralized catalog of open standards including formats, protocols, and APIs that ensure interoperability across government systems. Public administrations are encouraged to adopt, search, and contribute to this shared repository to support digital openness, technical compatibility, and long-term sustainability. |
| Licensing Frameworks and Guidelines | Guide for Publishing Open Source Code | The Guide for Publishing Open Source Code outlines licensing best practices for government OSS projects, recommending permissive (MIT, Apache 2.0) or reciprocal (GPL, LGPL, AGPL) licenses based on project needs. It advises selecting licenses aligned with community norms and ensuring compatibility with third-party components to enable compliant and effective open-source release. |
| Licensing Frameworks and Guidelines | Open Source Software Form | The Open Source Software Form provides guidance for Canadian public administrations to register OSS projects along with their licensing information using standardized SPDX identifiers. By requiring submission of license details including short identifiers, URLs, and license levels this process promotes consistency and legal clarity in how open-source software is shared and reused across jurisdictions. The use of SPDX ensures alignment with internationally recognized licensing practices for software, data, and related assets. |
| OSS Training Programs | Guide for Using Open Source Software | The Guide for Using Open Source Software serves as a detailed capacity-building tool to help Canadian government departments evaluate, adopt, and manage OSS. It outlines best practices and key decision points such as assessing licensing terms, community support, and modification impacts, while also promoting responsible use, security, and contribution. The guide functions as an internal learning resource that supports OSS sustainability and aligns with Canada’s broader digital standards, including the principles of working in the open and selecting open solutions by default. |
| OSS Training Programs | Open First Whitepaper: Open Source Software Use | The Open First Whitepaper highlights the importance of training and capacity building for successful OSS adoption in government. It emphasizes the need to allocate resources for user training, especially when transitioning from proprietary desktop software to open-source alternatives. Lessons learned include piloting OSS migrations, offering parallel access to legacy tools, and securing leadership support. The document also outlines support models, internal, interdepartmental, community based, and vendor-supported, that help develop the in-house expertise needed to maintain OSS, thereby promoting long-term sustainability and reducing reliance on proprietary solutions. |
| OSS Training Programs | Policy on Service and Digital | The Policy on Service and Digital outlines the Government of Canada's commitment to building internal capacity for digital transformation, including through the adoption of open-source technologies. While it does not establish a formal OSS training program, it supports empowering staff to deliver better services and encourages the use of open standards and open solutions as part of the Digital Standards. |
🇪🇨 Ecuador¶
| OSS Policy Type | 📄 Document | 📄 Overview |
|---|---|---|
| Public Release of State-Owned Software | Strategy for the Implementation of Free Software in the Central Public Administration | This strategy, based on Presidential Decree No. 1014, mandates the use and public release of state-owned software across Ecuador’s central government. Chapter 3.3.4 and Article 1 require that software developed with public funds be made openly available for reuse, unless restricted by national security or technical limitations. The Subsecretariat of Informatics oversees compliance and promotes reuse through public repositories. |
| Public Release of State-Owned Software | Organic Code of the Social Economy of Knowledge, Creativity, and Innovation | Article 147 of this code mandates that public sector entities must make the source code of software they develop or contract for publicly available through the national Information System for Science, Technology, Innovation, and Ancestral Knowledge. This requirement may be waived, and the source code kept confidential, for reasons of national security, if the software pertains to strategic sectors, or if the relevant e-government regulatory body determines that it contains critical components. |
| Prioritize Open Source in Procurement | Executive Decree No. 1014 | Executive Decree No. 1014 establishes that entities within Ecuador’s Central Public Administration must prioritize free and open-source software in procurement processes. As outlined in Article 1 and Article 5, open-source solutions should be favored over proprietary alternatives, with exceptions only when no suitable OSS exists or when national security is at risk. The decree also sets a preference hierarchy that prioritizes national and regional OSS solutions to ensure technological sovereignty. |
| Prioritize Open Source in Procurement | Organic Code of the Social Economy of Knowledge, Creativity, and Innovation | According to Article 148, public entities must follow a strict order of preference when procuring software. This hierarchy prioritizes open-source software, particularly solutions that include significant locally-added value through development or implementation services. If a public body cannot acquire software that meets this top criterion, it is required to formally justify the acquisition of any other type of technology before the national e-government regulatory authority, which will evaluate the decision based on factors such as sustainability, security, and cost. |
| Open Source Security Measures | Executive Decree No. 1014 | Executive Decree No. 1014 requires Ecuador’s central government entities to ensure technical capacity before deploying open-source software, as stated in Article 3. This provision aims to safeguard the secure and effective implementation of OSS by mandating adequate support infrastructure, indirectly addressing OSS security through operational readiness and oversight by the Subsecretariat of Informatics. |
| Open Standards Requirement | Executive Decree No. 1014 | Executive Decree No. 1014 promotes the use of open standards in Ecuador’s Central Public Administration as part of its broader mandate to adopt free and open-source software. The decree references the Ibero-American Charter on Electronic Government, which encourages open standards to ensure interoperability. This framing supports a policy environment where government systems are expected to prioritize openness and compatibility. |
| OSS Training Programs | Executive Decree No. 1014 | Article 3 of the Decree No. 1014 requires that public entities ensure the existence of sufficient technical capacity before implementing open-source software. This implies a governmental responsibility to support OSS adoption through adequate training, staffing, or service arrangements to maintain system sustainability and performance. |
| OSS in strategic planning documents | Executive Decree No. 1425 – Regulation for Software Procurement by Public Sector Entities | Executive Decree No. 1425 incorporates open-source software into Ecuador’s strategic digital planning by establishing a structured procurement framework that prioritizes open-source solutions. Article 10 mandates that public institutions prepare and submit migration feasibility plans to free digital technologies when acquiring proprietary software, positioning OSS adoption as a long-term strategic objective. This requirement embeds OSS considerations into institutional planning and aligns public procurement with national digital sovereignty goals. |
🇪🇪 Estonia¶
| OSS Policy Type | 📄 Document | 📄 Overview |
|---|---|---|
| Public Release of State-Owned Software | Estonia’s Digital Agenda 2030 | Within the "Estonia’s Digital Agenda 2030," the policy for releasing state-owned software is articulated as a key result under Sub-objective I, "Digital government," specifically in the section on "Open innovation and development of govtech community." The agenda mandates that software developed for the government with public funds and containing public sector intellectual property must be published with an open source license. This rule is exempted only when the software is significant for national security. To support this initiative and encourage a robust "govtech" community, the plan also includes activities to adopt and develop tools for reuse and collaboration, such as a code repository and artifactory. |
| Public Release of State-Owned Software | State Property Amendment Act | The State Property Amendment Act establishes that state-owned software in Estonia can be released publicly, free of charge and indefinitely, unless it poses risks to cybersecurity, public order, or national security. As outlined in Chapter III, Division 2 (281–284), asset managers must publish the source code with usage terms online, and unreleased software must still be shared freely among government entities upon request. |
| Prioritize Open Source in Procurement | Interoperability Framework of the State Information System | In the "Interoperability Framework of the State Information System," the policy to prioritize open source software in public procurement is detailed across several sections, including "Openness" (2.9), "Technology neutrality" (2.11), and most explicitly in Chapter 6, "Software and open specifications." The framework mandates that public sector institutions must consider open source software alternatives when procuring or developing any new system. More specifically, Requirement 6.1 states a clear preference for software with an accessible source code when other conditions of the procurement are equal. This policy is part of a broader strategy to ensure openness and avoid vendor lock-in, implying that any decision to select a proprietary solution should be well-justified against suitable open source options. |
| Prioritize Open Source in Procurement | The Estonian IT Interoperability Framework | The Estonian IT Interoperability Framework mandates that public institutions evaluate open-source software alongside proprietary alternatives in procurement and development. When functional requirements are equal, open-source solutions are to be prioritized, especially because they allow broader reuse across government agencies. The framework also encourages collaborative procurement and requires that IT acquisitions include access to source code or modifications, promoting transparency, long-term sustainability, and avoidance of vendor lock-in. |
| Reuse and Transfer of Government Software | Interoperability Framework of the State Information System | The "Interoperability Framework of the State Information System" encourages public sector institutions to build upon solutions and experiences from other agencies. To facilitate this, it recommends that when software is commissioned, the resulting code should be procured and registered in a repository, such as the EU's, under a free software license like the European Union Public Licence (EUPL). Furthermore, Requirement 6.5 specifies that software ordered by public institutions should be usable without restriction by other administrations, and it also suggests joint procurement for common needs. The framework even extends the principle of transfer beyond the public sector, allowing contractors to use these solutions in business activities and foreign projects, provided it does not conflict with the interests of the commissioning body. |
| Open Source Sharing Platforms | Koodivaramu Open Source Platform | Estonia’s Koodivaramu platform serves as a centralized repository for sharing government-developed open-source software. Managed by the Information System Authority (RIA), it facilitates collaboration among public sector institutions by hosting and documenting reusable software components, primarily through GitLab. The platform promotes transparency, reuse, and co-development across agencies, aligning with Estonia’s broader digital governance and interoperability goals. |
| Open Standards Requirement | Estonia’s Digital Agenda 2030 | Estonia’s Digital Agenda 2030 establishes its open standards policy as a core tenet for all digital development. In the "Principles" section, the agenda outlines a technology-neutral approach that, whenever possible, gives preference to open standards and solutions built upon them. This guiding principle aims to ensure interoperability and openness in government systems. The commitment is reinforced by planned activities elsewhere in the document, such as ensuring the compatibility of the digital government with the European interoperability framework, a goal mentioned in the section on "Future-proof digital government platforms," and promoting cross-border interoperability through international cooperation. |
| Open Standards Requirement | Interoperability Framework of the State Information System | The "Interoperability Framework of the State Information System" establishes a mandate for using open standards to ensure technical interoperability and openness across the public sector. This policy is detailed in Chapter 5 ("Open standards") and supported by principles in sections 2.9 ("Openness") and 2.11 ("Technology neutrality"). The framework requires that public sector system interfaces must be created in a technology-neutral manner using prescribed open standards like XML, WSDL, and SOAP. A core component of this policy, outlined in Chapter 5, is the compulsory adherence to an agreed minimum set of open standards for public administration. Furthermore, Requirement 2.33 mandates that any decision to use closed standards or specifications must be explicitly justified, reinforcing the preference for open solutions. |
| Licensing Frameworks and Guidelines | Interoperability Framework of the State Information System | The "Interoperability Framework of the State Information System" provides specific guidelines on licensing practices for software developed or procured by the Estonian public sector. The central policy, found in Requirement 2.37 under the principle of "Reusability," directs public institutions to use the European Union Public Licence (EUPL) when creating and releasing free software. This guidance is reinforced in Chapter 6, which recommends that custom software code procured by the government also be registered in a repository under a free software license, again citing the EUPL as the example. The framework further advises that procurement contracts should ensure the resulting software is usable without restriction across other public administration institutions, thereby establishing a clear preference for licenses that permit broad inter-agency sharing and reuse. |
| OSS in strategic planning documents | Estonia’s Digital Agenda 2030 | The "Estonia’s Digital Agenda 2030" strategically incorporates open-source software as a pillar of its digital transformation and vision for open innovation. This is most explicitly detailed under Sub-objective I, "Digital government," where a key result is the public release of state-owned software. The agenda specifies that software developed for the digital government using taxpayer funds and public sector intellectual property will be published under an open source license, provided it does not compromise national security. This core policy, located in the section on "Open innovation and development of govtech community," is supported by planned activities such as establishing a central code repository to promote the reuse of digital solutions. |
🇫🇷 France¶
| OSS Policy Type | 📄 Document | 📄 Overview |
|---|---|---|
| Public Release of State-Owned Software | Public Policy on Data, Algorithms and Source Code | The April 2021 circulaire n°6264/SG requires French ministries to publish state-owned software under open licenses, unless exceptions apply. Coordinated by DINUM, this policy mandates publication on code.gouv.fr and is backed by ministry roadmaps and actions to promote open source use and contribution. |
| Public Release of State-Owned Software | Law for a Digital Republic | France's 2016 Law for a Digital Republic mandates the public release of state-owned software by classifying source code as an administrative document. Article 2 of the law establishes that government-developed code is therefore subject to public disclosure upon request. However, this same article provides exceptions, allowing for non-disclosure if the release would compromise the security of information systems or other protected interests. |
| Prioritize Open Source in Procurement | Law for a Digital Republic | France's 2016 Law for a Digital Republic establishes a preference for open source software in the public sector. Article 16 encourages government administrations to use free/libre software and open formats when developing, purchasing, or operating their information systems. This policy aims to help preserve the control, long-term viability, and independence of public information systems. |
| Prioritize Open Source in Procurement | Free Software: A Strategic Lever for a Sovereign and Sustainable Digital Administration | The 2024 renewal of the interministerial support contract for free software, led by the DGFiP and coordinated by the State Procurement Directorate, prioritizes open-source solutions in public procurement by pooling resources across 13 ministries and several national agencies. While not a legal mandate, it strategically favors OSS by ensuring centralized support, security, and long-term viability. |
| Reuse and Transfer of Government Software | Code.gouv.fr Platform | Code.gouv.fr, maintained by DINUM, serves as a centralized platform to catalogue and share source code developed by French public administrations. Through its searchable inventory and API-accessible datasets, it facilitates the reuse and transfer of government-developed open-source software across agencies, promoting interoperability and collaborative development. |
| Reuse and Transfer of Government Software | Interministerial Free Software Base (SILL) | The SILL, maintained by DINUM and published on code.gouv.fr, is an official catalog of open-source software recommended for reuse across French public administrations. It promotes software transfer and standardization by guiding agencies toward vetted OSS solutions instead of developing redundant tools. |
| Reuse and Transfer of Government Software | Interministerial Support and Expertise Contracts for Free Software | The interministerial OSS support and expertise contracts, coordinated by DGFiP, promote reuse and transfer of government software by requiring that all fixes and enhancements be contributed back to the original open-source projects. This ensures that improvements made within one public agency can be shared across others, supporting collaborative maintenance and lifecycle management across the administration. |
| Open Source Security Measures | Selecting Open Source Software – ANSSI Guide | ANSSI’s guide “Sélection d’un logiciel libre” outlines cybersecurity criteria for evaluating and selecting open-source software used in public systems. While not binding, it promotes secure OSS adoption by recommending assessment of code transparency, maintenance practices, and community responsiveness, reinforcing France’s broader open-source security posture. |
| Open Source Security Measures | Reporting Significant Vulnerabilities | Article L. 2321‑4‑1 of the Code de la Défense (Loi de Programmation Militaire 2023): Obligates any software publisher (including OSS projects) to report significant vulnerabilities or security incidents in their products to ANSSI. This broad cybersecurity mandate applies equally to open-source and proprietary software, promoting prompt disclosure and patching. |
| Open Source Security Measures | Interministerial Support and Expertise Contracts for Free Software | The interministerial support contracts for open-source software include mandatory upstream contributions of all fixes, including security patches, developed during maintenance. This policy ensures that vulnerabilities addressed within public systems are resolved at the source, enhancing security for both government and broader OSS users. |
| Open Source Sharing Platforms | Code.gouv.fr | Code.gouv.fr serves as France’s central platform for sharing government-developed open-source software. Managed by the Interministerial Digital Directorate (DINUM), it aggregates public code repositories, promotes interagency collaboration, and links to national initiatives like the SILL and BlueHats, supporting a unified ecosystem for open-source reuse and contribution. |
| Open Source Sharing Platforms | Interministerial Free Software Base (SILL) | Hosted on data.gouv.fr, the SILL dataset serves as an open-source sharing platform by making a curated list of government-recommended OSS publicly accessible in multiple formats and via API. Maintained by DINUM, it enables collaboration, reuse, and transparency across the public sector. |
| Mandatory Contribution Back to Open-Source Projects | Interministerial Support and Expertise Contracts for Free Software | The interministerial OSS support contracts coordinated by DGFiP mandate that all fixes and improvements whether for bugs, security, or compatibility be contributed back to the original open-source projects. This ensures government-funded enhancements strengthen the upstream codebase and reinforces the commons-based model of OSS development. |
| Mandatory Contribution Back to Open-Source Projects | Call for Comments on the State’s Open Source Contribution Policy | Initiated by Etalab in 2017–2018, this public consultation aimed to formalize a national policy encouraging civil servants and contractors to contribute upstream to open-source projects. Building on France’s digital republic law and later reinforced by the 2021 circulaire, the policy promotes institutional alignment with open-source norms by making contribution a standard practice for government-developed software. |
| Open Standards Requirement | Law for a Digital Republic | The 2016 Law for a Digital Republic institutes a strong policy for open standards within the French public sector. Article 3 mandates that any administrative document or data published electronically must be in an open, easily reusable, and machine-readable standard. Reinforcing this principle, Article 16 further encourages administrations to use open formats across the entire lifecycle of their information systems, including development, procurement, and daily operation, to foster interoperability. |
| Open Standards Requirement | General Interoperability Framework (RGI) | The RGI, France’s General Interoperability Framework, mandates the use of open and widely recognized technical standards such as ISO, W3C, and OGC for public sector IT systems. Approved by decree, it ensures interoperability, promotes vendor neutrality, and supports the integration of open-source solutions in government services. |
| Licensing Frameworks and Guidelines | Legal Guide for Open Source Software – Etalab | Etalab’s legal guide supports public agents in navigating open-source licensing by clarifying which licenses are recommended, how to manage compatibility and patent clauses, and how to draft OSS-friendly contractual clauses. It also offers guidance for including OSS in public procurement and for releasing code under approved licenses from the first commit. |
| Licensing Frameworks and Guidelines | Decree No. 2017-638 of April 27, 2017 | This decree establishes the list of approved open-source licenses that French public administrations may use for releasing software. It officially authorizes several permissive and reciprocal licenses including Apache 2.0, BSD, MIT, MPL 2.0, GPLv3, and CeCILL and sets a process for requesting approval of alternative licenses through the Interministerial Directorate for State IT Systems. |
| OSS Training Programs | Open Source Training Offer – Code.gouv.fr | Code.gouv.fr maintains a curated list of certified training providers offering courses on open-source technologies. This government supported catalog helps public servants and organizations access capacity building programs in areas such as Linux administration, open-source development tools, and ethical digital practices, promoting OSS adoption across the public sector. |
| OSS Training Programs | BlueHats – Code.gouv.fr | The BlueHats initiative fosters OSS capacity-building across the public sector by organizing online workshops and local events where civil servants share expertise on open-source development, governance, and use. Supported by DINUM, it promotes collaborative learning and peer-driven training on Free Software within government institutions. |
| OSS Training Programs | OPEN Program – CNRS | aunched in 2023, the CNRS OPEN program provides funding and tailored support to researchers aiming to develop and valorize open-source research software. Through calls for expressions of interest, it builds OSS capacity by helping academic teams explore sustainable models—such as service-based use, user consortiums, or hybrid licensing while offering developer support and mentoring to maximize social and scientific impact. |
| OSS Training Programs | Free Software: A Strategic Lever for a Sovereign and Sustainable Digital Administration | The 2024 interministerial OSS support contract, led by DGFiP, provides pooled funding and technical assistance across 13 ministries and public bodies to ensure the sustainability of open-source tools. While not a direct training program, it builds institutional capacity for OSS adoption by offering coordinated guidance and expert support. |
| OSS in strategic planning documents | Circular No. 6264/SG | This high-level strategic directive, issued by the Prime Minister of France, establishes open source as a key enabler of state modernization. It outlines a national vision for the management and reuse of public data, algorithms, and source code, encouraging their openness to benefit users, researchers, and innovators. Open source is framed as a foundational element of digital transformation across public administration. |
🇩🇪 Germany¶
| OSS Policy Type | 📄 Document | 📄 Overview |
|---|---|---|
| Public Release of State-Owned Software | Act to Amend the Online Access Act | This law amends Germany's Online Access Act (OZG) and E-Government Act (EGovG) to require the public release of state-owned software. The justifications provided for the amendments, specifically concerning § 4 of the OZG and the new § 16a of the EGovG, mandate that when government software is further developed, its source code must be published under a suitable open-source license. Exceptions are permitted for compelling security reasons or if existing licensing terms prohibit the release. |
| Public Release of State-Owned Software | Coalition Agreement 2021–2025 | In the section "Digitaler Staat und digitale Verwaltung" (Digital State and Digital Administration) within Chapter II, the Agreement establishes a foundational principle for publicly funded software. It stipulates that development contracts for public IT projects will generally be awarded as open source commissions. Following this principle, the resulting software is to be made publicly available. This commitment effectively aligns future federal software development with the "Public Money, Public Code" concept. |
| Prioritize Open Source in Procurement | BMI Open Source 2024 | The OZG Amendment Act (OZG-ÄndG) introduces §16a of the E-Government Act, requiring federal authorities to prioritize open-source software in procurement over proprietary options. It also mandates the use of open standards and open-source components in federal IT systems, reinforcing digital sovereignty and interoperability. |
| Prioritize Open Source in Procurement | Digital Strategy | In Section 4.3, "Lernender, digitaler Staat" (Learning, Digital State), Germany's Digital Strategy establishes the prioritized use of open-source software within the government. This approach is presented as a core measure to enhance the digital sovereignty of the public administration and reduce dependencies on specific technology vendors. |
| Prioritize Open Source in Procurement | Digital Strategy | In Section 4.3, "Lernender, digitaler Staat" (Learning, Digital State), Germany's Digital Strategy establishes the prioritized use of open-source software within the government. This approach is presented as a core measure to enhance the digital sovereignty of the public administration and reduce dependencies on specific technology vendors. |
| Reuse and Transfer of Government Software | Act to Amend the Online Access Act | This law promotes the reuse and transfer of government software by mandating that modifications be made public. As detailed in the justifications for the amendments to both the Online Access Act (§ 4) and the E-Government Act (§ 16a), if a public authority further develops software already in use, it is required to publish the improved source code under an open-source license. This policy ensures that enhancements to publicly funded software are shared for broader reuse and collaborative development, provided no overriding security or licensing constraints exist. |
| Open Source Sharing Platforms | Strategy for Strengthening Digital Sovereignty in Public Sector IT (2021) | The strategy promotes open-source sharing through a central code repository for public administration, supporting code reuse and collaboration. It highlights the openCoDE platform as a tool to develop sovereign digital solutions across government levels in cooperation with OSS communities. |
| Open Standards Requirement | Digital Strategy | Germany's Digital Strategy mandates the use of open standards for government systems, as outlined in Section 4.3, "Lernender, digitaler Staat" (Learning, Digital State). This policy is positioned as a fundamental requirement for enhancing the digital sovereignty of the public administration. The strategy links the mandatory adoption of open standards and interfaces to ensuring interoperability and minimizing dependencies on specific technology providers. |
| Licensing Frameworks and Guidelines | openCode Licensing Rules | The openCode platform requires all published software to use OSI-approved open-source licenses. Automated checks verify license compliance, ensuring legal clarity and promoting consistent licensing practices across government OSS projects. |
| OSS Training Programs | Digital Strategy | Germany's Digital Strategy details two key initiatives to fund and build capacity for open-source software. As outlined in Section 4.2, a Sovereign Tech Fund (STF) will promote the open-source ecosystem and its foundational technologies. Furthermore, Section 4.3 establishes the Center for Digital Sovereignty of Public Administration (ZenDiS), an organizational body created to ensure the availability of powerful OSS solutions, support their development, and establish their use within government. |
| OSS in strategic planning documents | Digital Strategy | Germany's Digital Strategy repeatedly identifies open source as a cornerstone of its plan for digital transformation. In the introductory overview (Section 1) and the section on public administration (Section 4.3), the consistent promotion and use of open-source approaches are presented as fundamental to achieving national digital sovereignty. The strategy also grounds major initiatives in open source, such as the Gaia-X data ecosystem described in Section 4.2, which is explicitly based on open-source applications and interoperable standards to foster an open and innovative digital market. |
🇮🇹 Italy¶
| OSS Policy Type | 📄 Document | 📄 Overview |
|---|---|---|
| Public Release of State-Owned Software | Guidelines on the acquisition and reuse of software for public administrations | Under Article 69, Italian public administrations must release their owned software as open source. This policy requires them to publish the full source code and documentation in a public repository under an open license. The mandate covers all new, existing, and modified software, with exceptions for national security and public order. |
| Prioritize Open Source in Procurement | Guidelines on the acquisition and reuse of software for public administrations | Based on Article 68 and detailed in Chapter 2, these guidelines establish a mandatory procurement hierarchy. Public administrations must first evaluate reusable public software and other open source solutions to meet their needs. They are only permitted to consider proprietary or custom-built software after formally documenting and justifying that no suitable open source option exists. |
| Prioritize Open Source in Procurement | DPCM 24 December 2019, n.177 | The DPCM 24 December 2019, n.177 reinforces the requirement for public administrations to prioritize open-source software in procurement decisions. As stated in Article 22, it mandates that all software acquisitions undergo a comparative technical and economic evaluation, giving precedence to solutions developed for or reused by the public sector, including open-source software. Proprietary software may only be procured when no suitable open-source or existing internal solution is available at a lower cost. This provision aligns with Article 68 of the Digital Administration Code and ensures that open-source options are considered before acquiring new licensed products. |
| Reuse and Transfer of Government Software | Guidelines on the acquisition and reuse of software for public administrations | As mandated by Article 69 and elaborated in Chapter 3, this policy establishes a comprehensive model for the reuse and transfer of government software. Public administrations are obligated to make software they own available to other public bodies and legal entities by publishing the full source code and documentation under an open license. This process is facilitated by the Developers Italia platform, which serves as a central search engine for reusable solutions, thereby promoting inter-agency collaboration and preventing redundant software development efforts across the public sector. |
| Reuse and Transfer of Government Software | Digital Administration Code | This policy establishes a national framework for the mandatory reuse of government software, governed primarily by Articles 69 and 70 of the Digital Administration Code. Article 69 obligates public administrations to make their custom-developed software available for free to other agencies upon request, including the source code and documentation. To facilitate this, Article 70 institutes a national database, managed by the Agency for Digital Italy (AgID), which catalogs these reusable solutions. Central public administrations are required to consult this catalog and prioritize the adoption of existing software, providing a formal justification if they opt to procure a new solution instead. |
| Open Source Sharing Platforms | Guidelines on the acquisition and reuse of software for public administrations | This document establishes a two-tiered system for sharing government-developed open source software. As detailed in Section 3.4.1, public administrations must first publish their source code on a public "code hosting tool" that meets specific criteria for collaboration and version control. Subsequently, Section 3.4.2 mandates that all released software must be registered on the Developers Italia platform. This central platform, managed by the Agency for Digital Italy (AgID), functions as the official search engine and catalog, ensuring that all public software is discoverable and accessible for reuse by other administrations. |
| Mandatory Contribution Back to Open-Source Projects | Guidelines on the acquisition and reuse of software for public administrations | Italy’s open-source reuse guidelines emphasize responsible collaboration with original project maintainers when public administrations adopt or modify external open-source software. The Responsible party must propose bug fixes and new features through standard open contribution channels (e.g. pull requests, issue trackers) and aim to consolidate changes into the main codebase for broader reuse. Even when contributions are accepted upstream, the public administration must still publish its version clearly referencing the original source in its own code repository, in line with Article 69 of the Digital Administration Code (CAD). This ensures transparency, traceability, and reusability across the public sector. |
| Open Standards Requirement | Guidelines on the acquisition and reuse of software for public administrations | This policy promotes the contribution of improvements back to the original open-source projects. As detailed in Section 3.9.2 and the associated Annex D, when a public administration modifies reusable or third-party open source software, it is strongly encouraged to propose these changes, such as bug fixes or new features, to the upstream project. This collaborative approach, also supported by the coordination principles in Section 3.8.3, aims to consolidate value into the main codebase. Regardless of whether the upstream contribution is accepted, the administration remains obligated under Article 69 to release its modified version publicly. |
| Licensing Frameworks and Guidelines | Guidelines on the acquisition and reuse of software for public administrations | This policy mandates the use of open standards to ensure interoperability across all software acquired by public administrations. As specified in the assessment criteria outlined in Section 2.3.2, all potential software solutions—whether open source or proprietary—must be evaluated on their use of open data formats, open interfaces (including APIs), and established interoperability standards. This requirement is reinforced in Section 2.6.1, which stipulates that even proprietary software is only eligible for consideration if it allows for complete data export in a standard, open, and documented format to prevent vendor lock-in. |
| OSS Training Programs | Digital Training: AgID Academy | Launched in 2025, AgID Academy is a government-led training program by the Agency for Digital Italy to enhance digital skills in the public sector. While covering broad topics such as cybersecurity, AI, and digital services, it also includes content on open-source technologies, supporting public administration capacity for OSS adoption and use. |
| OSS Training Programs | Three-Year Plan for Information Technology in Public Administration 2024-2026 | The plan integrates open-source software training into its broader national strategy for digital skills, detailed in Chapter 1. It fosters OSS capacity by promoting the development of "comunità di competenze" (communities of practice) and by setting concrete targets in Chapter 3 (RA3.2.1) for public administrations to release and adopt open-source solutions through the Developers Italia platform. This approach builds practical skills through active participation in the reuse, development, and maintenance of shared software, directly supporting the plan's guiding principle of "apertura come prima opzione" (openness by default). |
| OSS in strategic planning documents | Three-Year Plan for Information Technology in Public Administration 2024-2026 | This strategic plan enshrines open source as a cornerstone of Italy's public sector digital transformation through its guiding principle of "apertura come prima opzione" (openness as the first option). This principle mandates that public administrations prioritize the use of open-source software to prevent vendor lock-in and promote the sharing of technological best practices. The plan operationalizes this strategy in Chapter 3 (RA3.2.1) by setting specific, measurable targets for the release and reuse of OSS, aiming for at least 150 administrations to publish their software and 3,000 entities to reuse solutions from the Developers Italia catalog by 2026. |
🇰🇷 South Korea¶
| OSS Policy Type | 📄 Document | 📄 Overview |
|---|---|---|
| Public Release of State-Owned Software | Software Industry Promotion Act | The Software Industry Promotion Act mandates the public release of state-funded software developed through national R&D projects. As specified in Article 25(2), the government must promote development practices that involve open access to source code and require that outcomes of national R&D initiatives be distributed as open-source software. These provisions reinforce transparency and reuse, unless exceptions apply for security or legal reasons. |
| Prioritize Open Source in Procurement | Public Procurement MAS for Open Source (2021) | Korea’s Public Procurement Service introduced a Multiple Award Schedule (MAS) specifically to support open-source software procurement. Under this initiative, GS-certified open-source solutions particularly operating systems and databases—receive prioritized support within public procurement frameworks. The policy, announced in 2021 as part of broader digital innovation efforts, integrates OSS into the national IT services platform, ensuring open-source options are proactively considered in government acquisitions. |
| Reuse and Transfer of Government Software | eGovFrame (Electronic Government Standard Framework) | eGovFrame is a government-developed, open-source software framework designed to standardize and support the reuse of software across Korean public sector IT projects. Managed by the National Information Society Agency, it provides a common infrastructure and set of reusable components that enhance interoperability, reduce redundant development, and eliminate vendor lock-in. By openly distributing source code and promoting its global use, eGovFrame operationalizes a national policy of software reuse and transfer within the public administration. |
| Open Source Security Measures | Software Supply Chain Security Guidelines 1.0 (2023) | Issued by the Ministry of Science and ICT along with national security and digital agencies, the Software Supply Chain Security Guidelines 1.0 establish a detailed framework for securing open-source software used in government systems. Central to the policy is the use of Software Bills of Materials (SBOM) to identify, validate, and manage vulnerabilities in open-source components throughout the software lifecycle. The document outlines technical procedures, validation methods, and support structures—including testing labs and automated SBOM tools to build secure supply chains, especially for public institutions and SMEs adopting open-source software. |
| Open Source Sharing Platforms | OpenUP (Open Source Software Support Center) | OpenUP is a national open-source support platform established by the Ministry of Science and ICT and NIPA to promote sharing and collaboration around government and community developed OSS. It serves as both a physical and digital hub offering co-working spaces, technical consulting, training through initiatives like the “Contribution Academy,” and structured support for startups, developers, and public institutions. By centralizing OSS-related resources, OpenUP strengthens the ecosystem and fosters reuse and adoption of open-source software across sectors. |
| Open Source Sharing Platforms | National OSS Portal (oss.kr) | The National OSS Portal (oss.kr), operated by NIPA under the Ministry of Science and ICT, is Korea’s official platform for promoting open-source software adoption and collaboration. It serves as a central hub for sharing government and community OSS projects, providing access to domestic success stories, licensing and security guidance, training materials, and event listings. By aggregating critical information and resources, the portal enables developers, public institutions, and companies to engage more effectively with open-source initiatives. |
| Mandatory Contribution Back to Open-Source Projects | Software Promotion Act | The Software Promotion Act integrates open source into national strategy by requiring the Master Plan (Article 5) and annual Implementation Plans (Article 6) to support OSS adoption and public release. Article 25 mandates that software developed with national R&D funding be made publicly available, and Article 36 promotes a culture of openness and collaboration. These provisions embed OSS into South Korea’s long-term digital policy. |
| Open Standards Requirement | eGovFrame (Electronic Government Standard Framework) | eGovFrame is an open-source framework developed by the Korean government to standardize and facilitate software reuse across public sector IT systems. Maintained by the National Information Society Agency, it provides shared infrastructure and components to improve interoperability, avoid redundant development, and reduce vendor lock-in. Its open distribution supports both domestic and global reuse, advancing a national policy of interagency software transfer and reuse. |
| Licensing Frameworks and Guidelines | Open Source Software License Guide (2024 Edition) | The 2024 edition of the Open Source Software License Guide, issued by NIPA, provides comprehensive guidance on licensing compliance for organizations using open-source software. It outlines key legal obligations, compatibility and dual licensing, and includes distribution-specific checklists and case studies. This guide, along with its companion documents on corporate and public sector OSS governance, helps institutions understand and apply licensing frameworks in varied environments, ensuring legal clarity and responsible reuse. |
| OSS Training Programs | Open Source Contribution Academy | The Open Source Contribution Academy is a government-led training initiative managed by NIPA and OpenUP that supports OSS adoption and developer capacity building through a tiered program. It includes beginner lectures, hands-on training with collaboration tools like Git, and project-based mentoring where participants contribute directly to active OSS projects. By targeting university students and early-career developers, the Academy strengthens the OSS ecosystem and fosters sustainable engagement in both public and private sectors. |
| OSS Training Programs | OSS Activation Support Program | The OSS Activation Support Program, led by NIPA under the Ministry of Science and ICT, funds and coordinates national initiatives to strengthen OSS training and developer capacity. It includes structured education for emerging developers, public competitions like the OSS Developer Contest, and events such as the OSS Festival. The program also supports mentoring and skills development through targeted initiatives like the Contribution Academy, contributing to long-term sustainability and innovation in the OSS ecosystem. |
| OSS Training Programs | 2025 Open Source Developer Contest | The 2025 Open Source Developer Contest, part of NIPA’s OSS Activation Support Program, is a national training initiative designed to build OSS capacity through hands-on education, mentorship, and project-based development. The program targets students and the general public, offering online training, mentorship, and competitive challenges in fields like AI, cybersecurity, and cloud computing. By incorporating licensing compliance checks and business-oriented project categories, it fosters both technical and practical skills for sustained OSS adoption. |
| OSS in strategic planning documents | Software Promotion Act | The Software Promotion Act integrates open-source software (OSS) into national strategic planning through its master and implementation plans mandated under Article 5. These plans must promote OSS adoption in R&D projects, ensure the public release of software developed with government support (Article 25), and encourage a culture of openness, sharing, and collaboration (Article 36). This positioning of OSS within high-level policy instruments demonstrates South Korea’s strategic commitment to using open source as a driver of digital innovation and industrial competitiveness. |
| OSS in strategic planning documents | Software Promotion Strategy (2023) | Korea’s 2023 Software Promotion Strategy, adopted as a national basic plan under the Software Promotion Act, includes the expansion of the open-source ecosystem as a core component of digital transformation. Section 3 outlines concrete measures to foster OSS innovation, including platform improvements for collaboration, increased funding for license compliance, and expert training programs. By embedding OSS within goals for open innovation, industry competitiveness, and public infrastructure, the strategy confirms OSS as a foundational element in Korea’s long-term digital planning. |
🇪🇸 Spain¶
| OSS Policy Type | 📄 Document | 📄 Overview |
|---|---|---|
| Public Release of State-Owned Software | Reuse of assets. Guide for the publication and licensing of assets | Spanish policy enables public administrations to declare their proprietary software as open source to enhance transparency, as established in Article 157 of Law 40/2015. The specific conditions are outlined in Royal Decree 4/2010, which mandates the use of licenses that guarantee the freedoms to run, study, modify, and redistribute the software, with a recommendation for the European Union Public Licence (Article 16). To ensure availability, Article 17 of the same decree requires the publication of the application's source code and documentation in public directories. |
| Public Release of State-Owned Software | Royal Decree 4/2010 on the National Interoperability Framework | Royal Decree 4/2010 establishes a clear mandate for the public release of state-owned software developed by or for Spain’s public administrations. Article 16 outlines default licensing conditions that promote the reuse of software, documentation, and other digital assets, favoring open-source licenses that guarantee rights to use, access source code, modify, and redistribute. It further ensures that public contracts secure full intellectual property rights and enable future outputs, especially those based on open-source components, to be released under the same conditions. The reuse-oriented provisions are reinforced in Article 17, which mandates publication in public repositories for open access and further reuse. |
| Prioritize Open Source in Procurement | Royal Decree 4/2010 on the National Interoperability Framework | Royal Decree 4/2010 mandates that software and digital assets developed by or for Spain’s public administrations be released for public reuse by default. Article 16 sets licensing terms that prioritize open-source distribution, requiring that licenses allow execution, access to source code, modification, and redistribution. It also ensures public bodies retain full intellectual property rights in software development contracts. Article 17 reinforces this by requiring the publication of reusable applications and their documentation in public repositories, facilitating access and reuse by other administrations and the general public. |
| Reuse and Transfer of Government Software | Royal Decree 4/2010 on the National Interoperability Framework | Royal Decree 4/2010 defines reuse and transfer of software as a key element of digital interoperability in Spain. Articles 16 and 17 establish that software developed by or for public administrations should be licensed under terms that facilitate reuse, including granting rights to access, modify, and redistribute source code. It also mandates that reusable applications and documentation be published in publicly accessible repositories, and that intellectual property rights in contracts ensure future transfer and adaptation of the software across agencies. These provisions aim to reduce duplication, enhance efficiency, and foster interoperability across the public sector. |
| Open Source Sharing Platforms | Royal Decree 4/2010 on the National Interoperability Framework | Royal Decree 4/2010 positions software reuse and transfer as essential to digital interoperability in Spain. Articles 16 and 17 require that software developed for public administrations be licensed under terms that allow access, modification, and redistribution. The decree also mandates publication in public repositories and ensures public bodies retain intellectual property rights to facilitate future reuse and cross-agency transfer. These measures aim to reduce duplication, promote efficiency, and enable widespread adoption of shared digital solutions. |
| Open Source Sharing Platforms | Technology Transfer Centre (CTT) | Spain’s Technology Transfer Centre (CTT) serves as a centralized platform for sharing open-source software and digital assets developed by public administrations. Mandated by Article 17 of Royal Decree 4/2010 and reinforced in Article 158 of Law 40/2015, the CTT hosts a public directory of reusable solutions, including source code, documentation, and licensing details. It enables administrations to publish, download, and collaborate on digital tools via the CTT portal and its associated GitHub organization (Forja-CTT). The platform fosters code reuse and community-driven development across government entities, promoting transparency, efficiency, and interoperability in public sector digital services. |
| Open Standards Requirement | Royal Decree 4/2010 on the National Interoperability Framework | Royal Decree 4/2010 includes clear provisions for the adoption of open standards within Spain’s public sector. Article 11 establishes the obligation to use standards that ensure interoperability, preferably those that are open and widely adopted. Annexes I and II detail the criteria for considering a standard as open and define the Common Interoperability Framework, which prioritizes the use of open formats, protocols, and interfaces in public sector ICT systems. These requirements are designed to guarantee long-term accessibility, technological neutrality, and vendor independence across public administrations. |
| Licensing Frameworks and Guidelines | Royal Decree 4/2010 on the National Interoperability Framework | Royal Decree 4/2010 establishes mandatory use of interoperability standards in Spain’s public sector, with a strong preference for open standards. Article 11 outlines this obligation, while Annexes I and II define the criteria for what qualifies as an open standard and describe the Common Interoperability Framework. The decree promotes open formats, protocols, and interfaces to ensure long-term accessibility, technological neutrality, and vendor independence in public ICT systems. |
| OSS Training Programs | Reuse of assets. Guide for the publication and licensing of assets | This guide serves as a primary capacity-building and training resource for Spanish public officials on open-source software policy. While not a formal curriculum, its stated objective is to be a support tool for implementing national reuse and interoperability laws. It provides civil servants with practical, step-by-step instructions on the entire OSS release lifecycle, covering preliminary analysis (Chapter 3), license selection (Chapter 4), and preparation for distribution (Chapter 5). The document's role as a training tool is reinforced by its annexes, which contain model procurement clauses (Annex I) and a comprehensive release checklist (Annex III). Furthermore, Chapter 7 explicitly recommends that public bodies train developers and managers on the legal aspects of OSS, positioning this guide as a foundational text for such internal training efforts. |
🇨🇭 Switzerland¶
| OSS Policy Type | 📄 Document | 📄 Overview |
|---|---|---|
| Public Release of State-Owned Software | Federal Act on the Use of Electronic Means for the Fulfilment of Official Duties (EMBAG) | As mandated by Article 9, federal authorities must publish the source code of software they develop or commission. This release is required unless prevented by third-party rights or significant security reasons. The policy ensures that publicly funded software is open by default, promoting transparency and reuse by allowing anyone to use, modify, and share it without license fees. |
| Public Release of State-Owned Software | Strategic Guidelines for Open Source Software in the Federal Administration | The guidelines are based on Article 9 of the EMOTA legislation, which legally mandates that federal authorities must publish the source code of software developed or commissioned by them. As detailed in the "Objective and purpose" section, this policy aims to eliminate legal uncertainty and make open publication the default, with exceptions only for third-party rights or security reasons. |
| Public Release of State-Owned Software | Instructions for Publishing Open Source Software | These instructions operationalize the legal mandate from Article 9 of the EMOTA legislation, which requires the disclosure of source code for software the federal government develops or commissions. As detailed in Section 3, the guidelines establish a formal process, including checklists, to ensure that publicly funded software is published by default, with clearly defined exceptions. |
| Reuse and Transfer of Government Software | Federal Act on the Use of Electronic Means for the Fulfilment of Official Duties (EMBAG) | Article 11 authorizes federal authorities to provide their information and communication technology (ICT) resources to cantons, municipalities, and other public or private organizations fulfilling federal duties. This facilitates the inter-agency sharing and reuse of software and other digital tools to improve efficiency and support the execution of both federal and cantonal law. |
| Reuse and Transfer of Government Software | Strategic Guidelines for Open Source Software in the Federal Administration | The "Reference to other strategies" section aligns the guidelines with the Digital Public Services Switzerland Strategy, which promotes the principle of "implemented once and used jointly." The document states that choosing open source software is a key method for facilitating the reuse of IT solutions across different government entities, thereby improving efficiency and collaboration. |
| Reuse and Transfer of Government Software | OSS Community Guidelines for the Federal Administration | The guidelines actively promote inter-agency software reuse through community building. Section 3.3 describes a "Joint organisation" model where the federal government and other public bodies, such as cantons, can co-develop a single version of an application. This structure is designed to lower total costs and formalize the sharing and joint maintenance of software solutions. |
| Open Source Security Measures | Report on the Implementation of the National Cyber Strategy (NCS) 2024 | Section 4.2.1 highlights the increasing importance of securing open-source software (OSS). It outlines a pilot project started in 2024 by the Federal Office for Cybersecurity (BACS) to test frequently used OSS products. This initiative aims to increase the transparency and security of OSS, reduce attack surfaces, and enhance Switzerland's overall cyber resilience. |
| Open Source Security Measures | Instructions for Publishing Open Source Software | Section 4.1, "Source code analysis," defines specific security protocols to be followed before any software is published. These mandatory checks include scanning source code to ensure it contains no secrets or credentials, conducting targeted security tests, and creating lists of all third-party libraries used. It also recommends establishing a public bug bounty program after release. |
| Open Source Security Measures | OSS Community Guidelines for the Federal Administration | A specific security protocol for community-managed projects is mandated in Section 5.8. This policy requires the establishment of a confidential channel for reporting security-relevant errors. This ensures that potential vulnerabilities can be disclosed responsibly to the project maintainers without being made public immediately, similar to the process used in formal bug bounty programs. |
| Open Source Sharing Platforms | Strategic Guidelines for Open Source Software in the Federal Administration | As stated in Measure 9, the administration will examine the possibility of establishing its own publication platform. The document notes in the "Governance and tools" section that while no common platform currently exists, authorities are guided on how to select a repository. This signals a strategic move towards a centralized platform to enhance sovereignty and collaboration. |
| Open Source Sharing Platforms | Practical Guidelines for Open Source Software in the Federal Administration | The guidelines actively direct government bodies to use established public platforms. The "Open source repositories" section identifies GitHub as the world's most popular development platform and notes that numerous Swiss authorities already publish their software there. It also lists other repositories like GitLab and Bitbucket as viable options for publication. |
| Mandatory Contribution Back to Open-Source Projects | OSS Licensing Guidelines for the Federal Administration | The guidelines encourage a "share-alike" model by recommending specific licenses. Section 6 advises using strong copyleft licenses like AGPL v.3 or GPL v.3 when the strategic goal is to ensure that modifications and improvements made by third parties "flow back" to the federal authorities. This policy ensures that the public continues to benefit from derivative works. |
| Mandatory Contribution Back to Open-Source Projects | OSS Community Guidelines for the Federal Administration | The guidelines encourage active participation in OSS ecosystems. Section 1 explicitly states the document is for those who "contribute to such an application." By providing a formal structure for managing contributions, including review processes and committer rights as outlined in Section 2, the policy aims to professionalize and encourage the practice of contributing back to open source projects. |
| Open Standards Requirement | Federal Act on the Use of Electronic Means for the Fulfilment of Official Duties (EMBAG) | According to Article 12, the Federal Chancellery can declare technical, organizational, and procedural standards as binding for federal authorities to support system interoperability. The policy explicitly states a preference for internationally established open standards, which must also be considered during procurement processes to ensure compatibility across government systems. |
| Licensing Frameworks and Guidelines | Federal Act on the Use of Electronic Means for the Fulfilment of Official Duties (EMBAG) | Article 9 provides clear directives on software licensing. It specifies that rights should be granted via private law licenses and, whenever practical, internationally recognized license texts should be utilized. It also mandates the exclusion of liability claims from licensees to the fullest extent legally possible, establishing a clear and risk-managed framework for government OSS releases. |
| Licensing Frameworks and Guidelines | OSS Licensing Guidelines for the Federal Administration | This document provides a comprehensive licensing framework. Section 3 categorizes licenses (permissive, weak, and strong copyleft), while Section 4 lists specific licenses deemed "unproblematic" for government use. Section 5 offers prioritized recommendations for new government projects, advising specific licenses like AGPL v3 and Apache 2.0 based on strategic goals. |
| OSS Training Programs | Strategic Guidelines for Open Source Software in the Federal Administration | Measure 4 explicitly calls for the promotion of knowledge and experience exchange regarding open source software. Furthermore, Objective F and Measure 3 emphasize the need for specialists with OSS experience, encouraging efforts to build up internal know-how among employees and procurement authorities to support the use and release of open source solutions effectively. |
| OSS Training Programs | Practical Guidelines for Open Source Software in the Federal Administration | The guidelines recognize the need for specialized skills. The "Challenges" section identifies a potential lack of in-house expertise and recommends that it be built up through further training and self-study. The support models described in the document also encourage developing internal know-how as a way to professionally manage OSS within the administration. |
| OSS in strategic planning documents | Federal Act on the Use of Electronic Means for the Fulfilment of Official Duties (EMBAG) | This federal act embeds open source principles directly into Switzerland's national digital governance strategy. By dedicating Article 9 entirely to "Open Source Software," the law elevates OSS from a purely technical consideration to a fundamental component of the federal government's approach to digital transformation, ensuring its role in fulfilling official duties. |
| OSS in strategic planning documents | Strategic Guidelines for Open Source Software in the Federal Administration | This document itself is a core strategic guideline that embeds OSS within the Federal Administration's digital policy. The "Reference to other strategies" section explicitly links the use of open source to high-level national goals, including the Digital Federal Administration Strategy, the Digital Switzerland Strategy, and the promotion of digital sovereignty. |
🇬🇧 United kingdom¶
| OSS Policy Type | 📄 Document | 📄 Overview |
|---|---|---|
| Public Release of State-Owned Software | Open Source, Open Standards and Re‑Use: Government Action Plan | The UK Government’s 2010 action plan commits to releasing general-purpose software developed by or for the government under open source licenses when appropriate. As outlined in Action 9, it ensures that publicly funded code is reusable across the public sector and may be published, integrating this into procurement practices and standard contracts unless legal or security constraints apply. |
| Public Release of State-Owned Software | The Digital, Data and Technology Playbook | The playbook establishes a key policy that software and code developed by the government should be open source by default. This approach is intended to increase transparency, allow for the reuse of software components, and reduce the overall cost of digital services. As detailed in the "Open and interoperable data and software" policy within Chapter 8, new government software is expected to be developed openly and published under a license approved by the Open Source Initiative. |
| Prioritize Open Source in Procurement | Open Source, Open Standards and Re‑Use: Government Action Plan | The UK Government mandates that procurement processes actively consider open-source solutions on equal footing with proprietary alternatives. As detailed in the policy section and reinforced in Action 5, vendors must demonstrate that open-source options were fairly evaluated; failure to do so renders bids non-compliant. Where costs are similar, open-source is preferred for its added flexibility. |
| Reuse and Transfer of Government Software | Open Source, Open Standards and Re‑Use: Government Action Plan | The Action Plan mandates that software developed or procured by the UK Government be reusable across the public sector, including cloud environments. As outlined in the policy section and reinforced in Action 9, government purchasers must secure full rights to custom-developed code and customisations, with the option to release them as open source when appropriate. This ensures maximum reuse and transferability of publicly funded software assets. |
| Reuse and Transfer of Government Software | The Digital, Data and Technology Playbook | The playbook promotes the reuse and transfer of software among public institutions by mandating open standards and interoperable systems. The policies on "Open and interoperable data and software" and "API technical and data standards" outlined in Chapter 8 are designed to ensure that data and software components can be easily exchanged and shared across different government platforms. This strategy aims to improve efficiency, avoid redundant development efforts, and prevent vendor lock-in, thereby facilitating seamless software transfer between agencies. |
| Open Source Security Measures | Open Source, Open Standards and Re‑Use: Government Action Plan | The Action Plan addresses open source security through Action 4, which establishes regular assessments by the CIO Council to ensure that open-source products used in government meet defined standards of maturity, codebase security, and project sustainability. This measure aims to mitigate risks associated with deploying open-source solutions in critical public services by verifying the reliability and stability of the tools before widespread adoption. |
| Open Source Security Measures | The Digital, Data and Technology Playbook | The playbook defines security protocols for all procured technology, which inherently covers open source software. The "Cyber security assessment" key policy requires that all projects apply a robust level of security assessment to safeguard public data. As expanded upon in Chapters 8 and 9, this includes mandating standards such as the Cyber Essentials Scheme for contracts handling personal information or providing certain ICT services, ensuring that any OSS utilized in public systems is subject to the same rigorous security risk evaluation and management. |
| Open Source Sharing Platforms | Service Manual: Making Source Code Open and Reusable | This guidance from the UK Government Digital Service mandates the use of public repositories, such as GitHub, to share government-developed source code. It encourages departments to publish code from the start of a project and maintain it openly, outlining practices for licensing, version control, and secure publishing. The document serves as a foundational framework for enabling reuse and collaboration through open source sharing platforms across government services. |
| Open Standards Requirement | Open Source, Open Standards and Re‑Use: Government Action Plan | The Action Plan mandates the use of open standards in government procurement and system development to ensure interoperability and long-term accessibility. As detailed in Action 8 and Policy Section (7), the government commits to specifying open standards in requirements and promoting formats like HTML, Open Document Format, and open versions of previously proprietary standards. Compliance with these standards is required, particularly for websites and public information systems. |
| Open Standards Requirement | The Digital, Data and Technology Playbook | A central requirement of the playbook is the adoption of open standards to ensure system interoperability and vendor neutrality. The key policy on "Open and interoperable data and software," detailed in Chapter 8, mandates that software be designed for platform-agnostic access and that data be shared using consistent methods, primarily through APIs that conform to Central Digital and Data Office (CDDO) standards. This commitment is further supported by the Technology Code of Practice (TCoP), referenced in Chapter 3, which guides the creation of interoperable, standards-based services to avoid lock-in. |
| Licensing Frameworks and Guidelines | Service Manual: Making Source Code Open and Reusable | The Service Manual provides clear licensing guidance, advising UK government teams to release code under an Open Source Initiative (OSI)-approved license, such as MIT. The "Licensing your code" section emphasizes legal clarity around reuse, default Crown Copyright, and the need for open licensing when publishing government-developed software, ensuring compliance and encouraging responsible sharing of public code. |
| Licensing Frameworks and Guidelines | The Digital, Data and Technology Playbook | The playbook provides clear guidance on software licensing by establishing a framework for intellectual property (IP) and the use of open source licenses. The section on "Open software" in Chapter 8 specifies that government-developed code should be published using an Open Source Initiative (OSI) approved license. Furthermore, the chapter's detailed discussion on IP ownership presents various models for consideration, guiding agencies on how to manage IP rights to maximize long-term value and enable the publication of government-funded work as open source material. |
| OSS Training Programs | Open Source, Open Standards and Re‑Use: Government Action Plan | As outlined in Action 2, the UK government committed to strengthening internal capacity for OSS adoption by launching a training and education program for IT and procurement professionals. Coordinated by the CIO Council and OGC, this initiative aimed to improve understanding of open source licensing, support models, and cost structures, thereby enabling more informed decisions and encouraging the sustainable use of OSS in public services. |
| OSS in strategic planning documents | The Digital, Data and Technology Playbook | The Digital, Data and Technology Playbook embeds open-source software into the UK government’s strategic digital planning by recommending the use of open and interoperable code across DDaT (Digital, Data and Technology) projects. Chapter 8 explicitly encourages software to be open source and platform-agnostic to enhance interoperability, innovation, and sustainability. As a guiding framework for all central government departments, the Playbook positions OSS as a foundational element in delivering modern, secure, and user-centered public services. |
🇺🇸 United States¶
| OSS Policy Type | 📄 Document | 📄 Overview |
|---|---|---|
| Public Release of State-Owned Software | Federal Source Code Policy (M-16-21) | The policy establishes a three-year pilot program requiring federal agencies to release at least 20% of their new, custom-developed code as Open Source Software. As outlined in Section 5.1, this initiative aims to promote transparency, collaboration, and public access to government-funded software projects, with agencies encouraged to release even more than the minimum requirement. |
| Public Release of State-Owned Software | GSA Open Source Software Implementation Guide | This guide details the General Services Administration's goal to become "100% open." The policy directs the conversion of closed source projects to open source, applying to all new and existing custom code developed by both GSA employees and contracted partners. This makes the public release of government-funded software the default operational standard for the agency. |
| Public Release of State-Owned Software | Securing Open Source Software Act of 2023 | This Act mandates the public release of specific, government-developed software. As detailed in Section 2220F(c)(2)(G), the Cybersecurity and Infrastructure Security Agency (CISA) is required to publish and maintain any software tools it develops for its open source risk assessments as open source software, making these government-funded tools available to the public. |
| Prioritize Open Source in Procurement | U.S. Digital Services Playbook | The playbook guides agencies to consider OSS solutions across the technology stack. Play 8 advises this to avoid vendor lock-in and align with modern practices. This is integrated into procurement via Play 5, which states that contracts must be structured to ensure open source alternatives are evaluated during technology selection, promoting cost-effectiveness and flexibility in government IT. |
| Prioritize Open Source in Procurement | CISA Open Source Software Policy | The policy sets a clear preference for using Free and Open Source Software (FOSS) in all new CISA projects. It states that using FOSS is the agency's default position when starting development. The "Exceptions" section clarifies that alternative, non-open-source options are only to be considered if a suitable open source solution cannot be found. |
| Reuse and Transfer of Government Software | Federal Source Code Policy (M-16-21) | Section 4 mandates that agencies secure sufficient rights to all custom-developed code to enable its reuse across the entire federal government. To facilitate this, agencies must maintain an enterprise code inventory and make their software discoverable to other agencies through the Code.gov portal. This is designed to reduce duplicative spending and improve efficiency. |
| Reuse and Transfer of Government Software | GSA Open Source Software Implementation Guide | The policy facilitates inter-agency software reuse through a mandatory code inventory. All repositories must be cataloged in a code.json file which includes metadata specifying if a project is intended for governmentWideReuseProject. This creates a discoverable catalog that helps other federal agencies find and adapt existing GSA solutions, reducing duplicative work. |
| Open Source Security Measures | GSA Open Source Software Implementation Guide | The policy defines security protocols for releasing code publicly. Project teams are required to work with the IT security office to conduct regular code scans for vulnerabilities. Additionally, the guide notes that the CTO's office provides specialized scripts designed to help teams scrub source code for sensitive content before it is published as open source. |
| Open Source Security Measures | Securing Open Source Software Act of 2023 | The Act establishes extensive security duties for CISA under Section 2220F. It mandates the creation of a public framework for assessing the risk of open source components, considering factors like memory safety and maintainer practices. CISA must use this framework to assess OSS on high-value federal assets, leveraging information from Software Bill of Materials (SBOMs). |
| Open Source Security Measures | CISA Open Source Software Security Roadmap | This roadmap is a comprehensive security policy for OSS. Goal 2 outlines plans to create a public framework for OSS risk prioritization based on usage, maintenance, and code properties. Goal 4 focuses on hardening the ecosystem by advancing the use of Software Bill of Materials (SBOM) in OSS supply chains (Objective 4.1) and fostering better vulnerability disclosure processes (Objective 4.4). |
| Open Source Sharing Platforms | Federal Source Code Policy (M-16-21) | The policy establishes Code.gov as the central discovery portal for all federal custom-developed code, whether for internal reuse or public release as OSS (Section 7.3). It clarifies that Code.gov is for discovery, not hosting, and directs agencies in Section 7.4 to use existing third-party repository platforms to store and manage the actual source code. |
| Open Source Sharing Platforms | GSA Open Source Software Implementation Guide | The guide establishes the GSA organization on GitHub as the primary, centralized platform for agency open source projects. It provides instructions for creating new public repositories under this organization. While other version control systems are acknowledged, the process strongly encourages the use of the GSA GitHub for hosting and managing publicly released code. |
| Mandatory Contribution Back to Open-Source Projects | Federal Source Code Policy (M-16-21) | While not a strict mandate, Section 5.2 strongly encourages federal agencies and their contractors to participate in the broader OSS community. This includes contributing improvements made to existing open source projects back to the upstream community. The policy frames this as a key practice for fostering collaboration and leveraging the benefits of open development. |
| Mandatory Contribution Back to Open-Source Projects | CISA Open Source Software Policy | The policy commits the agency to actively participating in the open source ecosystem. It establishes a default position to contribute improvements back to the FOSS projects it uses. The document states CISA will be an active contributor to the software it or its clients utilize, ensuring a two-way relationship with the open source community. |
| Open Standards Requirement | Federal Source Code Policy (M-16-21) | Section 3.D requires that all government software procurements and development projects consider using open standards wherever practical. This policy is intended to increase the interoperability of government systems, reduce vendor lock-in, and spur innovation, regardless of whether the final software solution is proprietary, mixed source, or open source in nature. |
| Licensing Frameworks and Guidelines | How to Open Source Code | The guide provides a clear licensing framework in Step 2. It recommends using permissive open source licenses, specifically suggesting MIT, ISC, or BSD-3. For projects with potential patent involvement, it advises using Apache 2.0. The policy also explicitly counsels against using copyleft licenses for most federal government projects unless an expert is involved. |
| Licensing Frameworks and Guidelines | CISA Open Source Software Policy | The policy provides a clear framework for licensing. It specifies that code created solely by CISA is dedicated to the U.S. public domain and uses a Creative Commons Zero (CC0) waiver for international copyright. It also defines how to handle licensing for "joint works" that incorporate code from other open source projects with different licenses. |
| OSS Training Programs | CISA Open Source Software Security Roadmap | The policy supports security education for the OSS ecosystem. Under Objective 4.2, CISA commits to fostering training for developers and publishing security toolkits with best practices for OSS maintainers. Objective 4.3 adds to this by planning the publication of guidance for federal agencies and critical infrastructure on the secure consumption of open source software. |
| OSS in Strategic Planning Documents | U.S. Digital Services Playbook | This playbook is a high-level strategic document that embeds open source principles into the U.S. government's approach to building digital services. Plays like "Choose a modern technology stack" (Play 8) and "Default to open" (Play 13) make the consideration and publication of OSS a core part of the official strategy for effective and modern government IT development. |
| OSS in Strategic Planning Documents | Federal Source Code Policy (M-16-21) | This memorandum is a foundational strategic document that fulfills a U.S. Open Government National Action Plan commitment. It establishes a government-wide framework for software development that institutionalizes the principles of code reuse and open source. By setting clear objectives and requirements, it embeds OSS as a key component of federal IT strategy and management. |
| OSS in Strategic Planning Documents | Securing Open Source Software Act of 2023 | This Act embeds open source security directly into the Homeland Security Act of 2002, a foundational national security law. By assigning permanent duties to the Director of CISA in Section 2220F, it elevates the security of the OSS ecosystem from a best practice to a core, strategic responsibility of the U.S. government's cybersecurity mission. |
🇺🇾 Uruguay¶
| OSS Policy Type | 📄 Document | 📄 Overview |
|---|---|---|
| Public Release of State-Owned Software | Law No. 19179: Regulation on Digital Information Formats and Software | As mandated by Article 2, any software that the state develops or commissions must be distributed under a free software license. The law, in Article 5, defines free software by its adherence to the four fundamental freedoms, which include the ability for anyone to study, modify, and redistribute the code. |
| Public Release of State-Owned Software | AI Strategy for the Digital Government | As part of the Digital 9 (D9) objectives adopted in this strategy (page 4), Uruguay commits to being as open as possible by sharing source code, algorithms, and training data. This is reinforced by the general principle of Transparency, ensuring public access to the components of AI solutions. |
| Public Release of State-Owned Software | Decree No. 44/015: Regulation of Law 19.179 on Digital Information and Software | This decree operationalizes the public release policy through the "Uruguayan Public Software Portal." As outlined in Article 7, any free software developed or modified by the state must meet the necessary requirements to be integrated into this central portal, making it available to the public. |
| Prioritize Open Source in Procurement | Law No. 19179: Regulation on Digital Information Formats and Software | Article 2 establishes a clear preference for free software in all government software license acquisitions. The policy mandates that if a public body chooses a proprietary software solution, it must provide a formal justification for the decision, ensuring that open source is the default consideration. |
| Prioritize Open Source in Procurement | Decree No. 44/015: Regulation of Law 19.179 on Digital Information and Software | Article 8 strengthens the procurement preference for OSS by detailing the justification process. It requires that for key acquisitions like office software and operating systems, agencies must submit their justification for choosing a proprietary option to the digital government agency (AGESIC) for review. |
| Reuse and Transfer of Government Software | Decree No. 44/015: Regulation of Law 19.179 on Digital Information and Software | To maximize efficiency and prevent redundant spending, Article 7 mandates a "check before you buy" policy. Before acquiring any new software, all government agencies are required to search the Uruguayan Public Software Portal to verify that a suitable solution does not already exist within the government. |
| Open Source Sharing Platforms | Decree No. 44/015: Regulation of Law 19.179 on Digital Information and Software | Article 7 officially establishes the "Portal de Software Público Uruguayo" (Uruguayan Public Software Portal). This centralized platform serves as the official repository for sharing and discovering software solutions across the public sector, acting as the key infrastructure for software reuse and public release. |
| Mandatory Contribution Back to Open-Source Projects | Law No. 19179: Regulation on Digital Information Formats and Software | The law strongly implies a contribution-back requirement. Article 5 defines one of the core conditions of the free software that the government must use and produce as the ability for improvements to be made and then released back to the public, ensuring a cycle of community contribution. |
| Open Standards Requirement | Law No. 19179: Regulation on Digital Information Formats and Software | Article 1 mandates that all state bodies, including all branches of government and state-owned enterprises, must distribute information in at least one open, standard, and free format. It also requires them to accept information from the public in at least one open and standard format, promoting interoperability. |
| Open Standards Requirement | AI Strategy for the Digital Government | The AI Governance pillar (page 10) requires the creation of a reference framework for implementing AI in public administration. This framework must include a quality data model built upon an open data standard, establishing the necessary foundation for interoperable and transparent AI systems across government. |
| Open Standards Requirement | Decree No. 44/015: Regulation of Law 19.179 on Digital Information and Software | The decree empowers the national digital government agency, AGESIC, to define and enforce technical standards. Article 4 gives AGESIC the competency to establish the specific open formats and programs that government bodies must use for all digital information exchange, ensuring interoperability. |
| Licensing Frameworks and Guidelines | Law No. 19179: Regulation on Digital Information Formats and Software | Article 5 establishes a clear legal framework by defining "free software" based on four essential conditions: freedom to use, study, copy/distribute, and improve/release improvements. This definition serves as the primary guideline for determining which software licenses are compliant with the law's requirements. |
| Licensing Frameworks and Guidelines | Decree No. 44/015: Regulation of Law 19.179 on Digital Information and Software | This regulation provides a governance layer for the law's licensing principles. By granting AGESIC the authority to set technical standards (Article 4) and oversee the software procurement justification process (Article 8), it establishes a clear administrative framework for applying the national free software policy. |
| OSS Training Programs | AI Strategy for the Digital Government | The "Capacity Development" pillar outlined on page 11 establishes a plan for extensive training in AI. Objective III mandates a program to build skills for responsible AI development and use across the public sector, preparing staff to implement the strategy's transparency and open source principles. |
| OSS in strategic planning documents | Law No. 19179: Regulation on Digital Information Formats and Software | As a national law, this document represents a high-level strategic commitment to open source. Article 4 further embeds this by directing the Executive Branch to regulate a national transition to these standards and to orient all future IT procurements and contracts toward compliance with the law's principles. |
| OSS in strategic planning documents | AI Strategy for the Digital Government | This document is itself a key national strategic plan. It embeds open source commitments by formally adopting the D9 objectives (page 4), which explicitly include sharing source code. This integrates an OSS ethos directly into Uruguay's high-level roadmap for artificial intelligence in government. |
| OSS in strategic planning documents | Decree No. 44/015: Regulation of Law 19.179 on Digital Information and Software | Article 6 directly embeds open source principles into recurring government planning. It obligates all public entities to create annual Information Technology plans that explicitly detail their software acquisition and development strategies, ensuring these plans align with the legal preference for free software. |
🇪🇺 European Commission¶
| OSS Policy Type | 📄 Document | 📄 Overview |
|---|---|---|
| Public Release of State-Owned Software | Open Source Software Strategy 2020-2023: Think Open | The strategy, under its "Share" principle in Section 5.3, commits the Commission to publishing the source code of its future IT projects where it is sensible to do so. It also simplifies internal rules for software distribution and designates the European Union Public Licence (EUPL) as the preferred license for these releases, aiming to lower costs for society and increase knowledge sharing. |
| Prioritize Open Source in Procurement | European Commission digital strategy: Next generation digital Commission | The strategy establishes a clear preference for open source software as a means of achieving digital sovereignty and autonomy. Page 5 explicitly states that the Commission has expressed its preference for using open source solutions as a technical alternative that allows it to operate in a cost-effective, independent, and secure way, framing OSS as a strategic choice. |
| Prioritize Open Source in Procurement | Open Source Software Strategy 2020-2023: Think Open | The "Think Open" principle, detailed in Section 5.1, explicitly states that open source solutions will be given preference when they are equivalent to proprietary alternatives in terms of functionality, total cost, and cybersecurity. This establishes a clear procurement preference that encourages the adoption of OSS across the Commission's IT landscape. |
| Reuse and Transfer of Government Software | European Commission digital strategy: Next generation digital Commission | The strategy strongly promotes the reuse of digital solutions to eliminate duplication and create synergies. As stated on page 14, increasing the use of open source software is key to simplifying the reuse of solutions, co-creation, and sharing of results across Commission departments and with other European public administrations, aligning with the "reuse, buy, build" approach. |
| Reuse and Transfer of Government Software | EU eGovernment Action Plan 2016-2020 | This action plan promotes the reuse of solutions across public administrations to increase efficiency. Section 3.1 states that digital public services should be built on shared and reusable solutions and services. This approach aims to reduce development costs and deployment times while increasing interoperability across the EU, supporting the modernization of the public sector. |
| Reuse and Transfer of Government Software | Open Source Software Strategy 2020-2023: Think Open | A central goal is to facilitate the sharing and reuse of software solutions to build better European services. The "Transform" principle in Section 5.2 promotes an "Inner Source" approach, encouraging teams within the Commission to adopt open source working methods to share code and collaborate internally before opening projects to the public, thereby improving efficiency and pooling efforts. |
| Open Source Security Measures | Regulation (EU) 2024/2847 (Cyber Resilience Act) | The act imposes several OSS security measures. Article 13(5) mandates due diligence when integrating any third-party components, including OSS. Annex I, Part II requires manufacturers to produce a Software Bill of Materials (SBOM) for their products. Furthermore, Article 24 creates specific obligations for "open-source software stewards" to establish cybersecurity policies for the projects they support. |
| Open Source Security Measures | European Commission digital strategy: Next generation digital Commission | The strategy enhances security across the digital landscape, which includes open source software. Page 14 outlines plans for systematic vulnerability scanning for all digital solutions and security checks for purchased software. The document also acknowledges that OSS can increase IT security through multiple independent quality controls, integrating it into a secure-by-design approach. |
| Open Source Security Measures | Open Source Software Strategy 2020-2023: Think Open | Security is a core governing principle, as outlined in Section 5.5, titled "Secure." The policy mandates continuous, automated security testing for both the open source components the Commission uses in its applications and the code it intends to share publicly. This ensures that software is free from vulnerabilities, leveraging experience from the EU-FOSSA projects. |
| Open Source Sharing Platforms | Open Source Software Strategy 2020-2023: Think Open | The strategy outlines plans to enable co-creation and collaboration through a centralized platform. As part of its main actions in Section 6.4, it calls for enhancing the Commission's software repository. This aligns with the "Share" principle in Section 5.3, which focuses efforts on creating an EU-centric digital government code repository for its IT projects. |
| Mandatory Contribution Back to Open Source | Regulation (EU) 2024/2847 (Cyber Resilience Act) | The regulation mandates that manufacturers, upon discovering a vulnerability in an integrated component, including open-source software, must report it to the component's maintainer. Under Article 13(6), they are also obligated to share the software or hardware modification developed to address the vulnerability, effectively contributing security patches back to the original project. |
| Mandatory Contribution Back to Open Source | Open Source Software Strategy 2020-2023: Think Open | The strategy encourages active participation in the open source ecosystem. The "Contribute" principle in Section 5.4 commits the Commission to becoming an active contributing member of key communities. It builds on the European Interoperability Framework's call for public administrations to contribute to developer communities whenever possible, as cited in Section 3.2. |
| Open Standards Requirement | European Commission digital strategy: Next generation digital Commission | The strategy emphasizes interoperability through the use of open standards. On page 5, it explicitly states a preference for using open standards for exchanging information as a principle for achieving digital sovereignty. This is reinforced on page 11 with a commitment to focus on common standards to enable data access and exchange between the Commission and Member States. |
| Open Standards Requirement | EU eGovernment Action Plan 2016-2020 | The plan establishes "Interoperability by default" as a core principle for all public services (Section 2). To achieve this, it outlines key actions in Section 3.1, including revising the European Interoperability Framework (EIF) and developing a European Catalogue of ICT standards for public procurement to ensure digital solutions can work seamlessly across the Single Market. |
| Open Standards Requirement | Open Source Software Strategy 2020-2023: Think Open | To ensure digital sovereignty and interoperability, the "Stay in control" principle in Section 5.6 establishes a policy of promoting open standards and specifications for all future IT developments. The strategy emphasizes that these standards should be implemented and distributed through open source software, embedding this approach into the corporate governance framework. |
| Licensing Frameworks and Guidelines | Open Source Software Strategy 2020-2023: Think Open | The strategy provides clear guidance on licensing for software published by the Commission. Under the "Share" principle in Section 5.3, it states that the European Union Public Licence (EUPL) will be the preferred license for the publication of its IT projects. This aims to facilitate the sharing and reuse of software developed by public administrations. |
| OSS Training Programs | Regulation (EU) 2024/2847 (Cyber Resilience Act) | While not exclusively for OSS, Article 10 requires Member States to promote measures to enhance cybersecurity skills needed to implement the regulation. This includes supporting the re-skilling and up-skilling of manufacturers' employees. Recital (23) explicitly links these training initiatives to the skills gap in both the public and private sectors, which is critical for managing software component security. |
| OSS Training Programs | Open Source Software Strategy 2020-2023: Think Open | The strategy includes actions to foster an open source culture through skill development. A key action outlined in Section 6.4 is to "Develop skills and recruit expertise." This involves focusing on recruiting staff with proven open source expertise and providing internal support to help interested colleagues learn about and experiment with innovative open source solutions. |
| OSS in Strategic Planning Documents | Regulation (EU) 2024/2847 (Cyber Resilience Act) | The Cyber Resilience Act strategically embeds OSS into the EU's security framework. Recital (17) highlights the goal of fostering OSS development. It establishes a distinct, light-touch regulatory regime for "open-source software stewards" (Recital 19) and provides for voluntary security attestation programs (Article 25), recognizing the unique nature of the open-source ecosystem. |
| OSS in Strategic Planning Documents | European Commission digital strategy: Next generation digital Commission | This digital strategy document firmly embeds open source software as a core component of the Commission's digital transformation. OSS is cited as a preferred solution for digital sovereignty (page 5), a key method for creating a seamless digital landscape (page 14), and its further development is a listed key action for the future (page 21), demonstrating a deep strategic commitment. |
| OSS in Strategic Planning Documents | Open Source Software Strategy 2020-2023: Think Open | This document is a dedicated strategic plan for OSS, linking its goals to the highest levels of EU policy. Chapter 3 explicitly aligns the strategy with the President's political guidelines for achieving technological sovereignty, the European Interoperability Framework, the Commission's Digital Strategy, the Digital Europe programme, and the European strategy for data. |
🤝 How to contribute¶
Want to add a policy?
See something missing? Open a policy suggestion