Open-source is fundamental to our economies and societies, yet its maintenance is chronically underfunded. This disparity raises a critical question: how can the public sector provide better support for the ongoing upkeep of open-source software?
96% of all code bases contain open-source software (OSS), with open components making up 77% of any given code base. Its economic impact is immense, with the demand-side value to the global economy estimated at $8.8 trillion.
In the European Union alone, the Commission’s own research indicates that OSS contributes at least €65-95 billion to the EU’s annual GDP. Essential open-source technologies – from libraries and programming languages to software development tools – are integral to every sector of the economy, society, and public administration.
Despite its foundational role, a mismatch exists between the importance of open-source maintenance and the public attention it garners. The reality is that while everyone benefits from this shared digital infrastructure, very few feel a responsibility to contribute to its upkeep.
The consequences of this neglect are serious. From a survey of over 500 OSS maintainers by the Sovereign Tech Agency, it was found a third receive no payment for their work, although naturally they would like to. Another third earn some income from their maintenance activities; but cannot make a living from it.
Perhaps most concerning is the fragility of the support structure. The survey found that a third of respondents are the sole maintainer of their project, and almost three-quarters of the surveyed projects are maintained by just three people or fewer.
This reliance on small, overworked, and underappreciated teams creates serious risks – not only for the health of the open-source community – but for the security of our entire global software ecosystem. High-profile security incidents like the xz backdoor and the Log4Shell vulnerability have thrown this danger into sharp relief.
In an effort to address this sustainability challenge, GitHub commissioned a study from Open Forum Europe, Fraunhofer ISI, and the European University Institute. The study explores how a successful government programme, the German Sovereign Tech Agency, could be scaled up to the European Union level. The German agency has already invested over €23 million in 60 OSS projects between 2022 and 2024, demonstrating a viable model for public support.
The published study proposes the creation of an EU Sovereign Tech Fund (EU-STF) as a powerful solution. To be truly impactful, the report suggests the fund should concentrate its activities in five key areas: identifying the EU’s most critical open-source dependencies; making investments in maintenance, security, and improvement; and strengthening the wider open-source ecosystem.
To get such a fund off the ground, the study outlines two potential institutional frameworks. The first, a “moonshot model”, involves the creation of a new, centralised EU institution. The second, a more “pragmatic model”, proposes a consortium of EU member states providing initial funding and then applying for additional resources from the EU budget.
Regardless of the chosen path, the report stresses that a minimum contribution of €350 million from the next EU multiannual budget is essential for the fund to succeed. While this amount would not cover the entire open-source maintenance need, it would create a strong foundation for co-financing from industry and national governments to make a lasting impact.
Drawing lessons from the German Sovereign Tech Agency and other government initiatives like the US Open Technology Fund and the EU’s Next Generation Internet, the study identifies seven required design criteria for the EU-STF.
First, is pooled financing. To effectively tackle the funding gap, industry, national governments, and the EU must be able to contribute to the same pot. It is inefficient and burdensome for overworked maintainers to navigate dozens of separate funds with varying criteria. The EU-STF should emulate the logic of initiatives like GitHub’s Secure Open Source Fund, which pools resources from multiple industry partners into a single programme.
Second, is low bureaucracy. Many EU funding programmes are unfortunately known for complex application processes. For an unpaid solo maintainer, dedicating days to an application with an uncertain outcome is simply not feasible. The EU-STF should therefore feature a lightweight application process and proactively identify and contact critical OSS projects itself. Reporting requirements for funding recipients should also be minimal, ensuring their time is spent improving their projects rather than dealing with burdensome processes.
Political independence is the third criterion. Public funding often chases the latest technological trends, be it blockchain, quantum computing, or AI. The foundational work of open-source maintenance often gets overlooked because it is not a flashy new development. The EU-STF must have sufficient political independence to shield it from these shifting priorities and maintain its core mission of securing our public software infrastructure.
Fourth, the fund must offer flexible funding. The open-source world is not monolithic; maintainers work in various capacities—as part of their day jobs at companies, in their free time, through foundations, or as part of loose global collectives. The EU-STF needs the flexibility to fund individuals, non-profits, and companies for their open-source maintenance work. Residency in the EU should also not be a prerequisite for receiving funding, just as the German Sovereign Tech Agency does not limit funding to Germans. To benefit the EU, software just needs to be “Made Open-Source”, not necessarily “Made in the EU”.
A strong community focus is the fifth principle. A fund managed exclusively by career public servants will likely struggle to build the necessary expertise and trust within the open-source ecosystem. The EU-STF should collaborate closely with the community to co-define funding priorities and shape the funding process.
Sixth, strategic alignment is key. To justify a budget of at least €350 million, the EU-STF must demonstrate a clear positive impact on the EU’s strategic goals. The study details how funding open-source maintenance enhances economic competitiveness, promotes digital sovereignty by enabling users to design and use technology on their own terms, and bolsters cybersecurity. This includes helping companies comply with supply chain security obligations for open source components under the Cyber Resilience Act.
Finally, the seventh criterion is transparency. As with any expenditure of taxpayer money, the EU-STF must operate with the highest standards of transparency in its governance and funding decisions. This is required to earn the trust of both the open-source community and the policymakers who approve its budget.
The timing for this initiative is critical, as the European Union is currently negotiating its new multi-year budget for 2028-2035. Support for the EU-STF is growing, with key industry players like Mercedes-Benz advocating for its creation.
As Magnus Östberg, Chief Software Officer at Mercedes-Benz AG, and Markus Rettstatt, Vice President Software Defined Car at Tech Innovation GmbH, state, “Without sustainable funding and support, it is entirely foreseeable that ever more open-source software projects will not receive the diligence and scrutiny appropriate for software of such criticality.”
The first legislative proposals for the new EU budget are now with the European Parliament and national governments. Now is the moment for individuals, open-source organisations, and companies to voice their support for the creation of the EU Sovereign Tech Fund to the European Commission, their elected representatives, and their national governments.
(Photo by Ashim D’Silva)
See also: Meta and UK Government launch ‘Open Source AI Fellowship’
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including Digital Transformation Week, IoT Tech Expo, Blockchain Expo, and AI & Big Data Expo.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
