Authored by Felix Reda, this article calls for greater public investment in open source software through a proposed European Sovereign Tech Fund, highlighting GitHub’s policy efforts and recommendations to address the critical funding challenges facing OSS maintainers.

We Need a European Sovereign Tech Fund

By Felix Reda

Open source software forms a crucial layer of digital infrastructure underpinning economies and societies worldwide. However, despite its vast impact, open source maintenance remains severely underfunded compared to physical infrastructure—a disconnect the public sector is uniquely positioned to address.

The Maintenance Challenge

  • Scale of Impact: Open source technologies (libraries, languages, development tools) are present in all sectors, with European Commission research estimating OSS contributes €65–95 billion to the EU economy annually. Globally, open source demand-side value is estimated at $8.8 trillion.
  • Funding Gap: Despite broad usage, maintainers often go uncompensated. A survey from Germany’s Sovereign Tech Agency found:
    • 1/3 of maintainers are unpaid but willing to be paid.
    • 1/3 are not able to make a living from OSS maintenance.
    • 1/3 are sole maintainers, and most projects are run by very small teams.
  • Security Risks: Security incidents like the xz backdoor or Log4Shell show the systemic risks of relying on overworked, underfunded maintainers for critical infrastructure. Inadequate scrutiny threatens the health and security of the global software ecosystem.

At GitHub, initiatives like GitHub Sponsors, the GitHub Secure Open Source Fund, and free security tooling aim to close this gap, but substantial public funding is still urgently needed.

Designing an Impactful Fund

Building on Germany’s successful Sovereign Tech Agency (over €23 million invested, 60 projects 2022–2024), the proposed EU Sovereign Tech Fund (EU-STF) would:

  1. Identify EU’s critical open source dependencies
  2. Invest in maintenance
  3. Invest in security
  4. Invest in improvement
  5. Strengthen the open source ecosystem

Funding Model: The study proposes either a centralized EU institution or a consortium of member states, calling for at least €350 million from the next EU multiannual budget—enough to leverage further industry and national contributions.

Design Criteria:

  • Pooled Financing: Resource aggregation from industry, national governments, and the EU, reducing maintainer burden in seeking support.
  • Low Bureaucracy: Streamlined application and reporting processes, with the fund’s own research proactively identifying key projects.
  • Political Independence: Sustained focus on foundational maintenance, independent from political cycles or tech trends.
  • Flexible Funding: Support for individuals, nonprofits, and companies; recipients do not need to live in the EU.
  • Community Focus: Collaboration with the open source community in defining priorities and processes.
  • Strategic Alignment: Demonstrable positive impact on EU competitiveness, digital sovereignty, and cybersecurity, aiding compliance with supply chain obligations (e.g., Cyber Resilience Act).
  • Transparency: Highest standards in governance and decision-making, building trust with the community and policymakers.

Making the EU Sovereign Tech Fund a Reality

  • EU Budget Cycle: The proposal coincides with negotiations for the 2028–2035 Multiannual Financial Framework. GitHub is advocating for the fund, partnering with industry leaders like Mercedes-Benz and presenting findings to EU legislators.
  • Industry Support: Mercedes-Benz, among others, has stressed that without sustainable funding, the health and security of critical OSS projects will be jeopardized.
  • Community Mobilization: Whether you are an individual, organization, or company, you can voice support for the EU-STF to EU institutions and your representatives.
  • Next Steps: Legislative proposals have begun; community presentations (e.g., EU Open Source Summit Europe) will further raise awareness and support.

“Without sustainable funding and support, it is entirely foreseeable that ever more open source software projects will not receive the diligence and scrutiny appropriate for software of such criticality.”

— Magnus Östberg (Chief Software Officer, Mercedes-Benz AG), Markus Rettstatt (VP Software Defined Car, Tech Innovation GmbH)

For further engagement, see the study’s community discussion or explore more on GitHub’s open source blog.

References & Further Reading

This post appeared first on “The GitHub Blog”. Read the entire article here