Open Source Procurement Alone Cannot Guarantee Digital Sovereignty
An essay published ahead of the European Commission’s planned Tech Sovereignty Package argues that “Open Source First” procurement mandates alone are insufficient to guarantee digital sovereignty. Writing on his personal blog, Joost de Valk supports proposals that would require public-sector buyers to consider qualified open-source alternatives before proprietary software, but argues that procurement policy addresses only part of the problem. According to the article, open-source software can still become dependent on centralised infrastructure and governance structures, creating new forms of lock-in.
To illustrate that argument, de Valk points to events in the WordPress ecosystem and his work on the FAIR (Federated and Independent Repositories) project. The essay argues that software may be openly licensed while critical update and distribution infrastructure remains controlled by a single organisation. De Valk contends that procurement mandates create demand for open-source products but do not necessarily fund the neutral infrastructure, package repositories, identity systems, and governance mechanisms that those ecosystems depend on.
The article also references arguments made by Drupal founder Dries Buytaert and OpenForum Europe regarding public investment in open-source infrastructure and maintainership. De Valk proposes pairing Open Source First procurement policies with funding mechanisms for independently governed and federated digital commons, citing initiatives such as Germany’s Sovereign Tech Fund and proposals for an EU Sovereign Tech Fund. The essay concludes that sustainable digital sovereignty requires both open-source procurement and long-term support for the infrastructure on which those ecosystems rely.


