How does CADA open source support innovation across the EU?

Summary As proposed, the Cloud and AI Development Act (CADA) would establish a framework to encourage Union entities and public sector bodies to prioritise open source solutions when building their cloud and AI ecosystems. Under Article 41, public authorities must facilitate the reuse of open standards and components, while Article 42 requires that any software developed by or for the public sector and made available for reuse under an open source licence must be published in a catalogue connected to the central EU Open Source Solutions Catalogue. These measures are designed to foster innovation, reduce vendor lock-in, and maximise the value of public expenditure by ensuring transparency, interoperability, and the creation of a shared digital commons.

Detail

The proposed Cloud and AI Development Act (CADA) places open source software at the heart of its strategy to strengthen Europe's cloud and AI ecosystem. Recognising that technological sovereignty and innovation are closely linked to transparency and collaboration, the proposal introduces specific obligations for public authorities to promote and standardise the use of open source solutions. This approach moves beyond mere encouragement to establish a structured mechanism for sharing public-sector code, thereby creating a foundation for a more resilient and competitive European digital market.

Promoting Open Source First

Article 41 of the CADA proposal establishes a clear preference for open source in the public sector. It states that the Union and Member States shall take the necessary measures to encourage Union entities and public sector bodies to use and facilitate the reuse of open standards and components released under an open source licence. When building their cloud and AI ecosystem or stack, public authorities must take into account functionalities, including security, total cost, and other relevant, duly justified objective criteria.

This provision is grounded in Recital 81, which explains that open source plays a crucial role in ensuring transparency, security, and efficiency. The recital explicitly states that "access to the source code enables auditability, fosters collaboration and reuse and reduces dependency on a single vendor, thereby limiting the risk of vendor lock-in." By promoting the use of open source, the proposal aims to support innovation, ensure better value for public expenditure, and strengthen the Union's digital autonomy. The choice of cloud computing services or software has significant implications not only for cost-efficiency but also for security, interoperability, accountability, and technological autonomy.

Sharing and Reusing Public Sector Software

To operationalise this preference, Article 42 imposes a sharing obligation. When a Union entity or public sector body decides to make software available for reuse under an open source licence, it must do so using a catalogue or repository that is connected to, and made accessible through, the EU Open Source Solutions Catalogue. This centralised catalogue, maintained by the Commission (as detailed in Article 43), serves as a one-stop-shop for any public administration to search and access software made available for reuse.

Recital 83 highlights the rationale behind this requirement. It notes that an increasing number of Union entities and public sector bodies are already sharing software developed by or for them. This practice is considered to be "in the public interest and may maximise the value of public expenditure, reduce duplication costs, and foster innovation across the Union." However, the recital observes that software is often made available in different repositories, "hampering searchability, discoverability, and ultimately reuse." By connecting these disparate sources to the central EU OSS Catalogue, CADA aims to solve this fragmentation. The catalogue will be hosted on the Interoperable Europe portal, ensuring that solutions can be easily linked to further relevant information and training.

Building an Innovation Ecosystem

The combination of Articles 41 and 42 is designed to create a positive feedback loop for innovation. By mandating the sharing of public sector code, the proposal ensures that taxpayer-funded software becomes a public good that can be built upon by other administrations, SMEs, and the broader tech ecosystem. This reduces the barrier to entry for smaller providers who can leverage existing, vetted open source components rather than building from scratch.

Furthermore, the proposal supports the establishment of a network of Open Source Programme Offices (OSPOs) under Article 44 to facilitate cooperation, exchange best practices, and provide guidance on licensing, security, and procurement. This network is intended to embed open source capabilities directly into public administration structures, ensuring that the transition to open source is supported by dedicated expertise. The OSPO network would also contribute to the development of guidance, templates, and recommendations on the sharing and reuse of open-source software, further strengthening the ecosystem.

What this means for you

For public-sector and procurement officers, the CADA proposal signals a shift towards mandatory transparency and reuse in software acquisition and development. If adopted in its current form, your organization would need to align its procurement and development practices with these new requirements.

• Procurement Strategy: When procuring cloud or AI services, you should prioritise solutions that utilise open standards and open source components. Article 41 requires you to consider security, total cost, and other objective criteria, but the overarching goal is to encourage open source. This means evaluating bids not just on price, but on their contribution to digital autonomy and interoperability.
• Software Development and Reuse: If your authority develops custom software or commissions software development, you must consider releasing it under an open source licence. If you choose to do so, Article 42 mandates that you publish it in a repository connected to the EU Open Source Solutions Catalogue. This ensures your work is discoverable and reusable by other public bodies, maximising the return on public investment.
• Operational Changes: You may need to establish or strengthen an Open Source Programme Office (OSPO) within your organization. Article 44 foresees a network of these offices to help manage open source governance, licensing compliance, and security. This could involve new internal processes for code review, licence management, and contribution to the broader open source ecosystem.
• Reduced Vendor Lock-in: By focusing on open standards, you protect your organization from being trapped by proprietary technologies. This gives you greater flexibility to switch providers or integrate services from different vendors, fostering a more competitive and innovative market.

Common misconceptions

• "CADA forces all public software to be open source." This is incorrect. Article 41 encourages the use of open source and facilitates reuse, but it does not mandate that all software developed by the public sector must be released as open source. However, if an entity does decide to make software available for reuse, Article 42 requires it to be done through the connected catalogue. The proposal promotes open source as a best practice for innovation and autonomy, rather than an absolute obligation for every piece of code.

• "Open source is less secure than proprietary software." Recital 81 explicitly counters this by stating that open source ensures transparency, security, and efficiency. Access to source code enables auditability, which can enhance security by allowing independent verification of code. The proposal views open source as a tool to strengthen security and accountability, not compromise it.

• "This only applies to large IT departments." While large entities may have more resources, the proposal aims to foster innovation across the entire public sector. The establishment of the OSPO network (Article 44) and the centralised catalogue (Article 43) are designed to support entities of all sizes by providing shared resources, guidance, and discoverability, thereby helping smaller authorities benefit from open source innovation without needing extensive in-house expertise.

Related

• How does open source under CADA reduce duplication across the public sector?
• How does open source support security and auditability under CADA?
• How does CADA open source support waste reduction and efficiency in IT spend?
• How does CADA open source support resilience of public-sector IT?
• How does CADA open source support better value for public money?

This is general information about a draft EU regulation, not legal advice.