CADA OSPO Network

Summary Under the proposed Cloud and AI Development Act (CADA), the Network of Open Source Programme Offices (OSPO Network) is explicitly mandated to facilitate the exchange of open-source projects that are of "common interest" to Union entities and public sector bodies across the EU. Specifically, Article 44(3)(d) requires the network to "collaborate on and exchange open-source projects of common interest to Union entities and public sector bodies." This mechanism is designed to pool development efforts, eliminate redundant software creation, and maximize the value of public expenditure. By ensuring that software developed for one administration is discoverable, reusable, and jointly maintained by others, CADA aims to strengthen the Union's technological sovereignty and reduce dependencies on third-country proprietary solutions.

Detail

The Cloud and AI Development Act (CADA), as proposed in COM(2026) 502 final, introduces a comprehensive framework for open-source governance within the European public sector. A central pillar of this framework is the establishment of the Network of Open Source Programme Offices (OSPO Network). This network serves as the organizational backbone for coordinating open-source strategies, ensuring that public administrations across the EU do not operate in silos when developing, acquiring, or maintaining software.

The Mandate of the OSPO Network

Article 44 of the CADA proposal establishes the OSPO Network. Its primary purpose is to facilitate cooperation on the implementation of open-source obligations under Title IV of the Regulation. The network brings together Open Source Programme Offices (OSPOs) established by public sector bodies at local, regional, or national levels in Member States, as well as those established by Union entities.

The specific tasks of the OSPO Network are detailed in Article 44(3). These tasks are designed to create a cohesive, interoperable ecosystem for open-source software (OSS) within the public sector. The key tasks include:

1. Exchange of Information and Best Practices: Facilitating the exchange of information, experience, and best practices between Member States and the Commission, particularly regarding common technical, legal, and organizational challenges such as licensing, security, maintenance, and procurement (Article 44(3)(a)).
2. Promoting Sharing and Reuse: Actively promoting the sharing and reuse of open-source software by public sector bodies (Article 44(3)(b)).
3. Development of Guidance: Contributing, on a voluntary and non-binding basis, to the development of guidance, templates, or recommendations on the sharing and reuse of open-source software (Article 44(3)(c)).
4. Collaboration on Common Interest Projects: Collaborating on and exchanging open-source projects of common interest to Union entities and public sector bodies (Article 44(3)(d)).

Understanding "Projects of Common Interest"

The phrase "open-source projects of common interest" in Article 44(3)(d) is a critical operational concept within the proposed regulation. While CADA does not provide a rigid, exhaustive definition of what constitutes "common interest," the context of the Regulation and the objectives of the OSPO Network clarify its intent.

"Common interest" refers to software solutions that address shared challenges across multiple public administrations or Union entities. These are typically foundational technologies, standard administrative tools, or critical infrastructure components that are needed by many bodies but are often developed redundantly in isolation. Examples of such projects might include:

• Standard identity management and authentication systems.
• Common data governance and interoperability platforms.
• Shared cybersecurity tools and incident response frameworks.
• Generic administrative workflows (e.g., procurement modules, HR management tools, regulatory reporting systems).

By identifying these projects, the OSPO Network enables public bodies to pool development efforts. Instead of five different Member States building five different versions of a similar HR module or a regulatory reporting tool, they can collaborate on a single, shared open-source project. This approach aligns with the broader CADA objective of reducing dependencies on third-country providers and fostering a competitive, resilient European cloud and AI ecosystem.

The Mechanism of Exchange and Collaboration

Article 44(3)(d) does not merely suggest cooperation; it establishes a formal task for the network to "collaborate on and exchange" these projects. This implies a dynamic, two-way flow of resources and knowledge:

1. Identification: OSPOs must actively identify which software projects are of mutual benefit to the broader public sector.
2. Exchange: The network facilitates the transfer of knowledge, code, documentation, and maintenance responsibilities between entities.
3. Collaboration: It supports joint development efforts, allowing resources (financial, technical, and human) to be combined to build more robust and secure solutions.

This task works in tandem with other CADA provisions, such as Article 42, which requires Union entities and public sector bodies to make software available for reuse via the EU Open Source Solutions Catalogue (EU OSS Catalogue). The OSPO Network acts as the human and organizational layer that ensures the software listed in the catalogue is not just archived, but actively maintained, improved, and adopted through collaborative governance.

Commission Support and Coordination

The European Commission plays a pivotal supportive role in this ecosystem. Under Article 44(4), the Commission is tasked to "support and coordinate the OSPO Network." This includes convening and chairing meetings of the network members at least twice a year (Article 44(5)). These meetings provide the essential forum for discussing projects of common interest, resolving legal or technical hurdles, and aligning strategies across borders. The Commission's role ensures that the network remains active, that best practices are disseminated, and that the collective efforts of the public sector contribute to the Union's strategic autonomy.

What this means for you

For public-sector procurement officers, IT managers, and policy makers, the establishment of the OSPO Network and its specific mandate regarding projects of common interest has several practical implications:

1. Prioritize Reuse Over New Development When planning new digital initiatives, you should first check if a solution already exists within the OSPO Network or the EU OSS Catalogue. If a project of common interest is being developed or maintained by another Member State or Union entity, joining or contributing to that project is likely more efficient than building from scratch. This reduces costs, accelerates deployment, and ensures higher quality through broader testing.

2. Engage with Your National or Local OSPO If your organization does not have an OSPO, consider establishing one or designating a focal point. Engaging with the national OSPO allows you to connect with the broader network. You can learn about ongoing projects of common interest and contribute your organization's expertise or resources to shared development efforts.

3. Collaborate Across Borders The OSPO Network is designed to break down silos. If you identify a software need that is likely shared by other public bodies (e.g., a specific type of regulatory reporting tool or a crisis management platform), propose it as a project of common interest through your OSPO. This can lead to joint funding, shared maintenance responsibilities, and a more robust, widely tested solution that benefits the entire Union.

4. Standardize Licensing and Governance Participating in the OSPO Network helps you stay updated on best practices for open-source licensing, security, and maintenance. This ensures that the software you reuse or contribute to is legally compliant and securely maintained, reducing long-term risks and ensuring interoperability across different national systems.

Common misconceptions

Misconception 1: The OSPO Network dictates which software must be used. Correction: The OSPO Network's contributions to guidance and recommendations are voluntary and non-binding (Article 44(3)(c)). It does not mandate the use of specific software. Its role is to facilitate, coordinate, and promote collaboration, not to enforce usage.

Misconception 2: "Common interest" only applies to large, complex AI systems. Correction: While AI is a key focus of CADA, "projects of common interest" can include any open-source software relevant to public administration, from basic administrative tools to complex cloud infrastructure components. The focus is on shared utility and the potential for pooling resources, not just technological sophistication.

Misconception 3: Participation in the OSPO Network is optional for all public bodies. Correction: While joining the network is voluntary for individual OSPOs (Article 44(2)), the underlying obligations to share and reuse software (Article 42) and the establishment of the network itself (Article 44) are part of the regulatory framework. Public bodies are expected to engage with these mechanisms to fulfill their broader CADA obligations and maximize the value of public expenditure.

Related

• CADA OSPO Network: Common Technical, Legal & Organisational Challenges
• Why does CADA create an OSPO Network? (Recital 84 explained)
• Who establishes the OSPO Network under CADA?
• Who coordinates the CADA OSPO Network? Commission's role explained
• What templates or guidance can public bodies expect from the OSPO Network under CADA?

This is general information about a draft EU regulation, not legal advice.