Author: Thierry Carrez, General Manager, The Linux Foundation Europe
Bio: Thierry Carrez is the General Manager for OpenInfra Foundation and Linux Foundation Europe. A systems engineer by trade, he was involved in the inception of the OpenStack project, and still contributes to its governance and release management.

With a personal interest in the intersection of sociology and technology, Thierry is a renowned speaker on open innovation and open source. He was recognized as a Python Software Foundation fellow in 2012, and currently acts as vice-chair for the Open Source Initiative.

Open source has a key role to play in that quest for three reasons. First, it is made available to everyone and can be used for any purpose, which means that we can build on top of the existing commons rather than starting from scratch. This ability to reuse shared infrastructure is essential if Europe wants to accelerate innovation without wasting time reinventing the wheel.

Second, its transparency allows us to trust that the software does what it says it does and is compliant with local regulations.

Third, open source enables a collaborative development model in which multiple organizations build and maintain interoperable software together. This open collaboration enables regions like Europe, where we have a vibrant ecosystem of smaller companies rather than tech giants, to catch up and compete with the US or China.

Some in Europe, understanding the need for local services and seeing open source as key to the solution, take a shortcut and call for “open source controlled by Europe” or even “European open source.” But there is really no such thing as “European” open source. There is only “open source”: software released under a license that guarantees everyone can use the software for any purpose, with no discrimination against persons or groups, and no discrimination against fields of endeavor. Open source software is, by its very definition, a global commons. Nobody controls it; it is available to all.

Calls for “European-only” open source often stem from understandable concerns about resilience and strategic autonomy. However, attempting to isolate software development geographically overlooks the reality of how modern software is built. Code is not written in isolation: it integrates many open source libraries and dependencies. Even proprietary codebases today are mostly made of open source code (a share estimated at 60% to 80%, depending on the study). The global commons on which software is built was estimated by a Harvard Business School 2024 study at over $8.8 trillion. Recreating that shared infrastructure from scratch at a regional level would be extremely costly and slow innovation considerably.

So what should we advocate for instead? Let’s take a step back and look at what we really need today to increase our resilience. There are two concerns: one immediate and one longer-term.

Our immediate concern is continuity. We must protect ourselves against unilateral decisions that could cut off access to critical services or infrastructure. Top of mind is the result of actions by governments, but we also need protection against unilateral decisions from companies when a single vendor has full control over the software. The past years have shown that, pressured by uncertain economic conditions, these vendors will easily change licensing terms, sometimes resulting in a 10x price hike for their customers.

Open source software developed by a global open collaboration between multiple organizations removes the lock-in. It ensures that no single company can unilaterally restrict access or dictate terms. The strategic imperative isn’t more single-vendor software. Instead, we should build a robust ecosystem of local companies that leverage the existing global commons. We just need more local actors that productize and support available open source software locally.

The long-term concern is that this global open source commons Europe depends on is not yet matched by the same level of European corporate investment.. It is true, for example, that the top five organizations contributing to Kubernetes (representing more than half of the development activity) are all US-based. What would happen if geopolitical tensions disrupted those contributions?

On the first day of this worst-case scenario, not much would happen; the deployed software would continue to run, and the code would still be available from local Git repositories. But over the long run, maintenance would have to be taken over by local companies. This is why we need to prepare today by getting European organizations more directly involved in central functions in the open source projects they invest in. They need to have a deep enough understanding of the code, the continuous integration pipelines, the release management, and the governance of those projects to be able to continue maintaining them in a worst-case scenario.

Luckily, nothing is preventing us from engaging and preparing today by getting more directly involved in those key functions. Those projects are open to all, what is required is sustained participation and investment. “Collaborate locally, Innovate globally”, the tagline for Linux Foundation Europe, has never been more relevant.

In conclusion, open source developed as a global collaboration is the solution for Europe to grow its digital resilience. Rather than calling for “European open source,” we should enable an ecosystem that productizes the global commons for the local market and increase our direct investment in the projects we depend on the most. These questions will increasingly shape Europe’s digital strategy in the years ahead.