Summary The proposed Cloud and AI Development Act (CADA) establishes the EU Open Source Solutions Catalogue (EU OSS Catalogue) as a mandatory, centralised hub to solve the critical fragmentation of public-sector software. As proposed in Article 43, the Commission must maintain this catalogue to provide a single search point for Union entities and public sector bodies. By requiring that any software made available for reuse be published in a repository connected to this central index, CADA ensures that valuable open-source solutions are no longer hidden in disparate, unconnected silos. This mechanism directly addresses the inefficiency identified in Recital 83, where scattered repositories "hamper searchability, discoverability and, ultimately, reuse," thereby preventing redundant development and maximising the value of public expenditure.

Detail

The European public sector is a massive generator of software, developing countless tools for healthcare, administration, transport, and education. However, under the current landscape, this intellectual property is often trapped in isolated repositories. CADA, as proposed in COM(2026) 502 final, introduces a structural remedy to this market failure through Title IV, Chapter V, specifically focusing on the creation of a unified discovery layer.

The Problem: Fragmentation and Hidden Value

The legislative intent behind the EU OSS Catalogue is explicitly grounded in the inefficiencies of the current system. Recital 83 of the proposal states: "An increasing number of Union entities and public-sector bodies are sharing software developed by or for them and making it available for reuse under an open-source licence. However, software is often made available and accessible in different repositories or catalogues, hampering searchability, discoverability and, ultimately, reuse."

This fragmentation creates a "tragedy of the commons" for public innovation:

  1. Invisibility: A highly effective digital tool developed by a regional authority in one Member State may remain completely invisible to a national ministry in another, simply because they do not monitor the same niche repositories.
  2. Redundant Expenditure: Public bodies frequently reinvent the wheel, spending taxpayer funds to develop software that already exists elsewhere in the Union, solely because they cannot find the existing solution.
  3. Procurement Distortion: Procurement officers may inadvertently purchase proprietary solutions when a suitable, cost-effective open-source alternative is available but hidden in an obscure, unconnected repository.

The Solution: A Centralised Index, Not a New Host

CADA does not propose to build a massive new code-hosting platform that replaces national infrastructure. Instead, it creates a centralised catalogue that acts as a unified index.

Under Article 43(1), the Commission is mandated to "provide and maintain an EU Open Source Solutions Catalogue... as a centralised catalogue to access software made available for reuse by Union entities and public sector bodies."

This distinction is crucial:

  • It is a Search Point: The catalogue serves as a single entry point for administrations across the Union to search for solutions.
  • It Connects Existing Repositories: It does not host the code itself. Instead, it connects to existing national, regional, or entity-specific repositories. This leverages existing infrastructure while solving the discovery problem.
  • It is Hosted on the Interoperable Europe Portal: Article 43(2) specifies that the catalogue "shall be hosted on the Interoperable Europe portal referred to in Article 8 of Regulation (EU) 2024/903." This ensures the catalogue is accessible electronically free of charge and aligns with broader EU interoperability standards, allowing users to link software solutions to further relevant information, training, and standards.

Mandatory Connectivity: The "Connected Catalogue" Obligation

To ensure the catalogue is populated with relevant content, CADA imposes a mandatory connectivity obligation on public bodies that choose to share software.

Article 42 stipulates that when a Union entity or public sector body makes software available for reuse under an open-source licence, it "shall do so using a catalogue or repository that is connected to, and made accessible through, the EU OSS Catalogue."

This creates a "connected catalogue" ecosystem:

  • No More Silos: If a public body decides to share software, it cannot simply publish it on a private GitHub organisation or an internal server without a public-facing connection. It must route that software through a repository that feeds into the central EU OSS Catalogue.
  • Curated Access: Under Article 43(3), the Commission retains the authority to decide on requests to connect a catalogue or repository based on "objective and relevant criteria." This ensures that the central index remains a reliable resource, preventing it from becoming cluttered with non-compliant or low-quality entries.

Governance: The OSPO Network

Recognising that technical connectivity alone is insufficient, CADA establishes a governance framework to support the ecosystem. Article 44 creates a network of Open Source Programme Offices (OSPOs).

This network brings together relevant structures within Union entities and Member States to:

  • Facilitate the exchange of information, experience, and best practices on sharing and reusing open-source software.
  • Discuss common technical, legal, and organisational challenges, including licensing, security, and maintenance.
  • Promote the sharing and reuse of open-source software by public sector bodies.

By fostering a community of practice, the OSPO Network ensures that public administrations have the expertise to navigate the EU OSS Catalogue and manage their own contributions effectively.

Alignment with Broader Digital Strategy

The EU OSS Catalogue is not an isolated initiative; it is a key component of the EU's broader digital sovereignty and interoperability strategy.

  • Interoperable Europe Act: By hosting the catalogue on the Interoperable Europe portal, CADA ensures that open-source discovery is integrated into the existing framework for public sector interoperability.
  • Digital Decade: The catalogue supports the Digital Decade Policy Programme's goals of digital transformation and the creation of a digitally skilled population by making tools and knowledge more accessible.
  • Open Source Strategy: The catalogue operationalises the EU Open Source Strategy's aim to foster open source for sovereignty, competitiveness, and security by creating a tangible mechanism for reuse.

What this means for you

For public-sector procurement officers, IT managers, and policy makers, the CADA provisions on the EU OSS Catalogue represent a fundamental shift in how public software is managed, discovered, and procured.

1. The "Search First" Procurement Mandate

Before initiating a procurement process for new software, you must check the EU OSS Catalogue. While CADA does not explicitly ban purchasing proprietary software if a solution exists, the framework is designed to make the catalogue the primary discovery tool. If a suitable open-source solution is available in the catalogue, leveraging it aligns with Article 41, which encourages Union entities and public sector bodies to "use and facilitate the reuse of open standards and components released under an open source licence." This can lead to significant cost savings, faster deployment, and reduced vendor lock-in.

2. The Obligation to Connect Your Repository

If your organisation develops software that you intend to make available for reuse, you have a new compliance obligation. You cannot simply publish code on a private server and claim compliance with reuse goals. Under Article 42, you must ensure your repository is connected to the EU OSS Catalogue. This involves applying to have your catalogue connected to the central hub, adhering to the objective criteria set by the Commission. Failure to connect means your software remains invisible to the wider EU public sector, defeating the purpose of making it available for reuse.

3. Enhanced Due Diligence and Quality Assurance

The EU OSS Catalogue is a curated resource, but it is not a guarantee of technical perfection. While the Commission applies objective criteria for connecting repositories, procurement officers must still perform standard due diligence regarding licensing, security, and maintenance. The catalogue ensures discoverability and connectivity, not necessarily that every listed solution is "production-ready" for your specific use case. However, the OSPO Network can provide guidance on best practices for evaluating open-source software found in the catalogue.

4. Strategic Participation in the OSPO Network

Consider establishing or joining an Open Source Programme Office (OSPO) within your organisation. Participating in the OSPO Network established under Article 44 will give you access to shared expertise, templates, and recommendations on licensing and security. This can significantly reduce the administrative burden of managing open-source contributions and ensure that your organisation's software is properly prepared for reuse and discovery.

Common misconceptions

Misconception 1: The EU OSS Catalogue is a central code repository.

  • Correction: No. The EU OSS Catalogue is a centralised catalogue or index. It does not host the code itself. Instead, it connects to existing national, regional, or entity-specific repositories. This decentralised hosting model respects local governance and infrastructure while providing a unified discovery layer.

Misconception 2: All public software must be published in the EU OSS Catalogue.

  • Correction: No. CADA applies to software that public sector bodies voluntarily decide to make available for reuse under an open-source licence (Article 42). If you choose not to share your software, you are not required to publish it. However, if you do choose to share it, you must do so through a connected catalogue.

Misconception 3: Listing in the catalogue guarantees software quality or security.

  • Correction: The catalogue ensures discoverability and connectivity, not technical quality or security. While the Commission applies objective criteria for connecting repositories, procurement officers must still evaluate the software's fitness for purpose, security posture, and licensing terms before adoption.

Misconception 4: The EU OSS Catalogue replaces national open-source portals.

  • Correction: No. National and regional portals can continue to exist. In fact, they are the primary sources of content. The EU OSS Catalogue aggregates and indexes these portals, making their content visible to a wider EU audience. It complements, rather than replaces, local infrastructure.

Misconception 5: The catalogue is only for large Member States.

  • Correction: The catalogue is designed for all Union entities and public sector bodies, regardless of size. Article 44 explicitly mentions facilitating cooperation between offices established at "local, regional or national level," ensuring that smaller administrations can also benefit from and contribute to the ecosystem.

Official sources

Related

This is general information about a draft EU regulation, not legal advice.