Open Digital Ecosystems consultation

Secretariat of the European Pirates Team Policy
,
1

Hi everyone,

The European Pirates is preparing a response to the Open Digital Ecosystems consultation, and we’d like your input.

Consultation deadline: 3 February
Member input deadline: 27 January

If you have views, concerns, or ideas on the proposals, especially around digital policy, privacy, open standards, or identity management, please share them in replies to this thread.

Your contributions will help shape our official submission.

Thanks!

3 Likes
2

Hello everyone! This is the final text. If you have any input please share.

Main Barriers that hamper Adoption and Maintenance and Sustainable Contributions

Most open source applications or libraries are developed by an individual or small organisations. This leads to several issues hampering adaptation by enterprise, especially when it comes to “mission-critical” software:

  1. There is a high bus-factor and with it a larger chance of the software disappearing or becoming unmaintained.
  2. Open Source software often isn’t written for larger enterprises in mind as a core customer. This coupled with little manpower leads to features needed by enterprise often being neglected.
  3. There is no vendor-responsibility - more colloquially speaking, there is no one “to call or point to” in case of an issue with the software.

Regarding point 3, there often exists no clear way to enter into some sort of contractual relationship with open source vendors. Moreover, individual open source providers can rarely provide the kind of support turnaround time that enterprises would require. Various options for donations or sponsorship contributions do exist, but aren’t as widely used (public goods dilemma).

On the code side of things, companies would more often than not prefer to contribute their changes back since it makes maintenance easier, this is however hampered by a couple of issues:

  1. Due to resource demands on the vendors side, it can take a long time for changes to be merged back. These long timelines however aren’t acceptable to companies, so they need to do the extra work to maintain an internal fork of the software. Once they need to do that, the incentive (“less maintenance work”) to contribute code back goes down or disappears all together.
  2. Code changes are not always made in such a way that they cleanly apply to “broader audiences”. In other words, they are tailored to the companies needs and need some smaller tweaks to be merged into the main codebase.

Concrete Measures and Actions

  • A centralised EU-based platform where vetted developers can list their open source projects and companies can sponsor them.
    • Reduces friction for developers in receiving funds from across the European Union. Ideally, this would include “bureaucracy breaks” for small developers up to a certain amount of monthly contributions.
    • Reduces friction for companies since they have a trusted platform. Sponsorships on the platform could also count as tax write-off.
    • Taking inspiration from the blockchain world and the Gitcoin platform, the EU could provide additional funding (eg quadratic funding) to qualifying projects based on the amount of sponsorships a project has gotten. Sponsorships by the market indicates market demand, thus ensuring that funds aren’t going to waste. (Additional factors like specific domains could apply for EU funding.)
  • EU institutions, member states, municipalities and other public entities making use of open source should lead by example and provide sponsorships to the software they rely on.
  • Provide an easy, non-bureaucratic way for new open source projects of individuals to receive “startup funding”. This should specifically incentivise new open source projects in important domains and focus on providing a low amount of funds for the first 6-12 months of development to incentivise “taking the plunge”.
  • Require all software development work done with the help of public funds (eg universities or grants) to either be fully open-sourced or have at least an open source component to it. Alternatively, make contributions to open source a requirement to individual grants.

Technology Areas to Prioritise

In order for businesses to become “digitally sovereign”, open source software central to all companies should be prioritised, with the main candidates being:

  1. VPN software. Open protocols such as Wireguard or OpenVPN exist, but no open source solution has equal functionality as commercial VPNs such as Tailscale or Forti.
  2. Microsoft Exchange/Google Workspace alternatives. This includes account management, email and applications such as Word and Excel. Nextcloud does exist, but there should also be other alternatives especially for smaller organisations which may just need bits and pieces of what Nextcloud has to offer.

Secondly, in the area of cyber security a lot of the Internet is currently centralised via Cloudflare. Open source WAFs that are easily configured and deployed would be a good investment.

Thirdly, datacenter software (eg virtualisation and orchestration) should be prioritised since it provides the foundation of other software deployments.

1 Like