Open Source Licensing Emerges as Key Fault Line in EU Cloud Sovereignty Debate

Dries Buytaert Argues Open Source Must Be a Sovereignty Prerequisite in EU Cloud Policy

European cloud policy has become the focus of a new Open Source sovereignty argument after Dries Buytaert, founder of Drupal, called for software licensing to be treated as a baseline requirement rather than a minor scoring factor in the European Commission’s procurement framework. In a blog post published on 1 April 2026, Buytaert argued that the Commission’s current model gives Open Source too little weight to function as a credible measure of long-term software control.

That argument matters because the Commission’s existing Cloud Sovereignty Framework could influence the proposed Cloud and AI Development Act, which is expected to extend similar policy logic beyond EU institutional procurement and into the wider European cloud market. Buytaert’s intervention therefore goes beyond a procurement technicality. It raises a larger policy question about whether sovereignty should be judged by where software comes from, where it is hosted, or whether users retain the right to keep using, modifying, and maintaining it over time.

In the post, Buytaert says Open Source is effectively undervalued in the current framework. Technology sovereignty accounts for 15% of the total sovereignty score, and open licensing is only one of four factors inside that category. By his calculation, that leaves Open Source contributing roughly 4% to the final score, which he argues is too low for a characteristic that determines whether software remains usable and forkable even after ownership changes or vendor decisions.

Buytaert proposes that licensing should be moved out of the weighted scoring system and into the framework’s Sovereign Effectiveness Assurance Levels, or SEAL levels, where minimum thresholds already operate as pass-fail gates. Under that approach, higher-assurance deployments such as SEAL-3 and above would require Open Source licensing, especially for mission-critical systems with high switching costs. Lower-risk procurement could still allow proprietary software where replacement remains practical.

He also argues that regional ownership and hosting location do not provide the same durability as licensing. To make that case, the post contrasts proprietary software on a European cloud with Open Source software on a non-European provider with European data centres. Buytaert’s conclusion is that infrastructure dependencies can be changed more easily than a proprietary licence model, and that the strongest sovereignty position remains Open Source software deployed on a sovereign European cloud.

Reference: The Sovereignty Prerequisite (1 April 2026)

Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please reach out to us at #thedroptimes channel on Drupal Slack and we will try to address the issue as best we can.

Related People

Upcoming Events