How does CADA open source support better value for public money?

Summary As proposed, the Cloud and AI Development Act (CADA) directly links open source adoption to better value for public money by shifting procurement focus from initial price to total cost of ownership and by mandating the reuse of publicly funded software to eliminate duplication. Article 41 requires public bodies to consider "functionalities, including security, total cost, and other relevant, duly justified objective criteria" when choosing solutions, explicitly preventing vendor lock-in. Recital 81 states that promoting open source is "essential to support innovation, ensure better value for public expenditure and strengthen the Union's digital autonomy." Furthermore, Recital 83 highlights that sharing software "may maximise the value of public expenditure, reduce duplication costs and foster innovation across the Union." By requiring connected repositories (Article 42), the proposal ensures that public investments in software become shared assets rather than siloed expenses.

Detail

The proposed Cloud and AI Development Act (CADA) represents a strategic pivot in EU digital policy, moving beyond simple cybersecurity or data protection to address the economic efficiency of public digital transformation. The Act posits that the current fragmentation of software development and the prevalence of vendor lock-in are primary drivers of poor value for public money. By integrating open source principles into the core of its cloud and AI strategy, CADA would establish a framework where public funds are optimized through transparency, auditability, and the systematic reuse of digital assets.

The Economic Rationale: Recitals 81 and 83

The legal foundation for CADA's open source provisions is rooted in the economic arguments presented in the proposal's recitals. These recitals clarify that the push for open source is not merely ideological but is a pragmatic response to market failures that inflate public costs.

Recital 81 provides the primary justification for the "better value" argument. It explicitly states that "Promoting the use of open source is therefore essential to support innovation, ensure better value for public expenditure and strengthen the Union's digital autonomy." The recital details the mechanism: "Access to the source code enables auditability, fosters collaboration and reuse and reduces dependency on a single vendor, thereby limiting the risk of vendor lock-in." In the context of public procurement, vendor lock-in is a critical inefficiency. Once a public body is locked into a proprietary ecosystem, it loses negotiating power, faces inflated renewal costs, and struggles to migrate to more efficient solutions. By mandating the consideration of open source, CADA would force a market correction where competition is based on quality and service rather than proprietary data silos.

Recital 83 expands on the value of reuse. It observes that "An increasing number of Union entities and public-sector bodies are sharing software developed by or for them and making it available for reuse under an open-source licence. This may be considered to be in the public interest and may maximise the value of public expenditure, reduce duplication costs and foster innovation across the Union." The recital identifies a specific inefficiency: "However, software is often made available and accessible in different repositories or catalogues, hampering searchability, discoverability and, ultimately, reuse." By addressing this fragmentation, CADA would transform individual public investments into collective assets, ensuring that a solution developed for one purpose can be adapted for another, thereby spreading the fixed costs of development across the entire Union.

Article 41: The Total Cost Criterion

Article 41, titled "Promoting open source solutions and open source first," operationalizes these economic principles into a binding obligation for the Union and Member States. The Article mandates that they "take the necessary measures to encourage Union entities and public sector bodies to use and facilitate the reuse of open standards and components released under an open source licence when building their cloud and AI ecosystem or stack."

Crucially, Article 41 does not impose a rigid "open source only" mandate that ignores economic reality. Instead, it introduces a sophisticated evaluation framework. It requires that the choice of solution be made "taking into account functionalities, including security, total cost, and other relevant, duly justified objective criteria."

The inclusion of "total cost" is the most significant element for value for money. In traditional procurement, decisions are often driven by the lowest upfront capital expenditure (CapEx). However, proprietary software often hides high operational expenditures (OpEx) in the form of licensing fees, mandatory support contracts, and exit costs. By legally requiring the consideration of "total cost," Article 41 empowers procurement officers to evaluate the Total Cost of Ownership (TCO). This includes:

• Initial acquisition and implementation costs.
• Ongoing licensing or subscription fees.
• Maintenance, support, and training costs.
• Costs associated with data portability and potential migration (exit costs).

This framework ensures that a solution with a higher initial price tag but lower long-term costs (often characteristic of well-supported open source) can be selected over a cheaper proprietary alternative that becomes expensive over time. The phrase "duly justified objective criteria" ensures that the decision remains transparent and defensible, preventing arbitrary choices while allowing for the flexibility needed to achieve the best economic outcome.

Article 42: Eliminating Duplication through Mandatory Reuse

While Article 41 sets the criteria for buying, Article 42 ("Share and reuse of software") sets the rules for selling (or rather, sharing) public assets. The Article addresses the inefficiency identified in Recital 83 regarding fragmented repositories.

Article 42 states: "When making software to which they hold intellectual property rights available for reuse under an open-source licence, a Union entity or public sector body shall do so using a catalogue or repository that is connected to, and made accessible through, the EU OSS Catalogue referred to in Article 43."

This provision creates a "single source of truth" for public sector software. Without this requirement, a public body in one Member State might develop a high-quality AI module for healthcare, while a body in another Member State unknowingly funds the development of an identical module. By mandating connection to the EU OSS Catalogue, CADA would ensure that:

1. Discoverability: Public bodies can easily search for existing solutions before commissioning new ones.
2. Standardization: Reuse of common components reduces the complexity of the public digital ecosystem.
3. Cost Avoidance: The duplication of development efforts is minimized, directly saving public funds.

The Article applies specifically when an entity decides to make software available for reuse. It does not force the open-sourcing of all software, but it ensures that if the decision is made to share, it is done in a way that maximizes the public return on investment.

Supporting Infrastructure: The EU OSS Catalogue and OSPO Network

To make these articles effective, CADA establishes supporting structures. Article 43 mandates the Commission to provide and maintain the EU Open Source Solutions Catalogue as a centralized hub. Article 44 establishes a network of Open Source Programme Offices (OSPOs) to facilitate the exchange of best practices, legal guidance, and technical support. These mechanisms reduce the transaction costs for public bodies, making it easier to find, evaluate, and reuse open source solutions, thereby further enhancing the value for money.

What this means for you

For public-sector procurement officers, IT directors, and policy makers, the proposed CADA offers a clear pathway to optimize public spending through open source strategies.

1. Adopt a Total Cost of Ownership (TCO) Mindset: When drafting tender documents for cloud or AI services, explicitly include "total cost" as a key evaluation criterion alongside "functionalities" and "security." Use Article 41 to justify selecting open source solutions that may have higher initial integration costs but offer significantly lower long-term licensing and exit costs.
2. Audit for Duplication Before Procuring: Before launching a new software development project, mandate a search of the EU OSS Catalogue (once operational). If a suitable open source solution exists, consider adapting it rather than building from scratch. This directly aligns with the "reduce duplication costs" objective of Recital 83.
3. Publish Your Public Assets: If your organization develops custom software using public funds and decides to open source it, ensure it is published in a repository connected to the EU OSS Catalogue as required by Article 42. This maximizes the visibility of your investment and allows other public bodies to benefit from your work.
4. Document Your Justification: When choosing between open source and proprietary solutions, document how you weighed "functionalities, including security, total cost, and other relevant, duly justified objective criteria." This transparency protects your decision-making process and demonstrates compliance with the proposed regulation's intent to ensure better value for public expenditure.

Common misconceptions

"CADA forces all public bodies to use open source." This is incorrect. Article 41 uses the language of "encourage" and "facilitate." It does not impose a blanket ban on proprietary software. The proposal explicitly requires that the choice be based on "duly justified objective criteria," including total cost and functionality. If a proprietary solution demonstrably offers better value or meets specific security requirements that open source cannot, it remains a valid option.

"Open source always means lower costs." While open source often eliminates licensing fees, it may involve higher costs for support, customization, or integration. Article 41's emphasis on "total cost" acknowledges this reality. The goal is not to choose open source blindly, but to choose the solution that offers the best overall value when all costs (initial and long-term) are considered.

"I can keep my custom software private if I don't want to share it." Article 42 applies specifically when an entity decides to make software available for reuse under an open source licence. It does not force entities to open source all their software. However, if they do choose to do so, they must use the connected catalogue to ensure discoverability. The proposal encourages reuse to maximize public value, but the initial decision to open source remains voluntary.

"CADA only affects software, not cloud services." While the specific open source articles focus on software, the broader context of CADA links open source to the "cloud and AI ecosystem or stack" (Article 41). This implies that open source components are integral to the cloud infrastructure and AI models that public bodies procure, affecting the entire technology stack.

Related

• How does CADA open source support resilience of public-sector IT?
• CADA Open Source: Practical First Steps for Public Bodies
• What is a public sector body for CADA open source purposes?
• CADA Article 42: What happens if a public body shares open source software outside the EU OSS Catalogue?
• What does CADA's open source chapter mean for public-sector buyers?

This is general information about a draft EU regulation, not legal advice.