The EU Open Source Policy Summit on 03 February 2023, where critical policy issues around open source software (OSS) were discussed.
One important concern addressed at the summit was how to avoid unintended consequences to OSS in lawmaking. Special concern was expressed regarding the Cybersecurity Resilience Act, which has attempted to incorporate rules with respect to open source and requirements on cybersecurity. In order to avoid unintended consequences, it was highly recommended that policymakers consult with open source experts to understand who the correct stakeholders are and their needs. It is important to create case studies that show the effects of the proposed legislation so that we can see what really happens to companies when the legislation takes effect.
The summit also addressed the role of AI in open source. It is estimated that OSS will contribute 15 trillion euros to the global economy by 2030. This is all the more reason why the AI Act is crucial. It must be fair and balanced with respect to the OSS community. It can solidify European leadership in values-based software, and its contributors are the grass-roots of the community.
How to address policy issues around OSS, then? There has been a significant growth of European OSPOs (Open Source Policy Offices) both in the public sector and in industry. The development of OSPOs throughout Europe has been key because it grants a form of “permission” to companies in the sense that they see the government itself promoting OSS. Likewise, the role of foundations was emphasized: as neutral actors, they can help to disseminate experience in cybersecurity, awareness, and education.
The words trust, permissionless, and speed were mentioned many times over the course of the summit. The permissionless, trusted environment, without having to wait, is key to making large infrastructure projects work fast. Likewise, open, free, permissionless software is the key to digital sovereignty for Europe. Of course, since governments won’t always have 100% open software, it will be important also to ensure interoperability.
Many interesting proposals were put forward concerning the sustainability of OSS in Europe – for example, a European-level “Sovereign Tech Fund” to protect European digital infrastructure. The summit participants also debated the elements of an effective national OSS strategy: preserve availability of open alternatives; adopt existing standards when possible; don’t only listen to companies (who may have an agenda) – talk also to developers, and to users. Make all publicly financed procurement open source. Require open source skills training earlier in the education system. After all, OSS is one of the most important investments we can make today in our societies.