For EU Open Source, the Budget Is the Policy
Vikunja Cloud<br>Get started
Back to all
For EU Open Source, the Budget Is the Policy<br>2026-06-03
If Vikunja is useful to you, please consider<br>buying me a coffee,<br>sponsoring me on GitHub<br>or buying a sticker pack.<br>I'm also offering a hosted version of<br>Vikunja if you want a hassle-free solution for yourself or your team.
In 2020, the European Commission wrote a document about open source and addressed it to itself. Today it published a strategy for the whole continent. The distance between those two documents is the part worth talking about.
The 2020 to 2023 strategy was about how the Commission would use and share its own code, and its strongest line was a hedge: open source “will be preferred when equivalent in functionalities, total cost and cybersecurity”. Back then, it was a careful internal memo. Useful, but pointed inward.
Today’s European Technological Sovereignty Package points outward. It comes with a dedicated Open Source Strategy aimed at all of Europe, well beyond one institution’s data center. It wants European open-source alternatives to non-EU proprietary tools. It wants to turn open source into sustainable businesses, with accelerators and an “Open Source Maintenance Instrument.” It pushes public procurement toward open standards and talks about “openness and sovereignty by design.”
Treating open source as industrial policy instead of an internal cost-saving preference is the right instinct, and it’s years overdue. After almost a decade of the FSFE’s “Public Money? Public Code!” campaign, the recognition is real. Credit where it’s due.
The Commission’s own diagnosis is blunt, and I agree with it: leaning on non-EU vendors for critical software narrows user choice, weakens European companies, and turns every supply chain into someone else’s leverage.
Lately the leverage has stopped being only commercial. When the US sanctioned the International Criminal Court’s chief prosecutor in early 2025, he lost access to his Microsoft email and moved to a Swiss provider. The ICC spent the rest of the year migrating off Microsoft Office onto open-source software, because the question it could no longer answer was whether an American company would keep serving it through a political fight it didn’t control. Henna Virkkunen, the Commission’s tech sovereignty chief, named the fear directly: the point of this package is making sure nobody holds a “kill switch” over critical European systems.
Europe’s governments have already started acting on this without waiting for a strategy. Denmark’s digital ministry, the German state of Schleswig-Holstein, and France have all begun moving public workplaces off Microsoft and onto Linux and open formats. In a lot of ways, this strategy is Brussels catching up to its own member states.
That same 2020 memo quotes the Tallinn Declaration, where EU Member States called on the Commission to strengthen the requirements for open-source solutions in EU-funded systems “by 2020.” That deadline came and went. It’s 2026, and the FSFE notes the new strategy is still non-binding.
There’s a money problem underneath it. The FSFE puts the EU’s open-source commitment at roughly two billion euros over seven years, against the around 264 billion euros Europe spends on proprietary software every year. A plan funded at a rounding error of the problem it describes hasn’t committed to anything yet. It has noted a concern.
Now, the strategy talks about creating sustainable European open-source businesses as if they have to be summoned out of nothing. But some of them already exist. Just days before the package, a group of them said as much in public: Nextcloud, Proton, Mastodon, and OVHcloud, along with civil-society groups and MEPs, signed a sovereignty declaration. Europe already has the open alternatives. What they need is a market to sell into.
Vikunja is one of them, and I’ll be honest about the scale: it’s niche. Growing, but niche. It’s also exactly the shape of thing the strategy says Europe needs. Vikunja is AGPL-3 licensed, built and run in Germany, self-hostable on your own infrastructure, and funded by the people who use it rather than by investors waiting for an exit. I wrote about why that matters elsewhere.
If you’re a team or a public body trying to actually act on this strategy, the words “open source” on a pricing page aren’t much to go on. The things that make a tool genuinely sovereign are less obvious. It runs on infrastructure you control, inside the EU. It’s under a genuine copyleft license rather than a “source available” arrangement that only looks open. It can do the enterprise things, like single sign-on, without a five-hundred-user minimum. And its maintenance is something a buyer can actually fund. Hold products to that and a lot of them fall out, including plenty that wave the open-source flag while holding a CLA in one hand and a term sheet in the other. Otherwise you’re buying a logo and calling it...