Summary As proposed in the Cloud and AI Development Act (CADA), sharing and reusing public-sector software under open-source licences is designed to reduce duplication costs, foster innovation, and maximise the value of public expenditure. By mandating that voluntarily released software be published in a centralised, connected catalogue, the proposal aims to make these digital assets findable and accessible across all Union administrations. This ensures that publicly funded development serves the broader public interest, preventing the fragmentation of digital solutions across Member States.

Detail

The Cloud and AI Development Act (CADA) positions open source not merely as a technical preference but as a strategic lever to boost technological sovereignty, efficiency, and resilience within the European Union's public sector. A core component of this strategy is the mandatory sharing and reuse of software developed by or for Union entities and public sector bodies, provided that such software is made available for reuse.

The Strategic Rationale: Reducing Waste and Boosting Innovation

The proposal recognises a persistent inefficiency in the public sector: an increasing number of authorities are developing software solutions to meet specific local or national needs, yet these solutions often remain siloed. This fragmentation makes them difficult to discover and reuse by other administrations, leading to redundant efforts where multiple public bodies independently build similar tools.

Recital 83 of the CADA proposal explicitly addresses this issue. It states that an increasing number of Union entities and public-sector bodies are sharing software developed by or for them under an open-source licence. This practice "may be considered to be in the public interest and may maximise the value of public expenditure, reduce duplication costs and foster innovation across the Union."

However, the recital identifies a critical barrier: software is often made available and accessible in different repositories or catalogues, "hampering searchability, discoverability and, ultimately, reuse." CADA seeks to correct this market failure by creating a unified ecosystem for digital reuse. By ensuring that software is not just released but also findable, the proposal aims to transform isolated public investments into shared Union assets.

Legal Obligations: Article 42 and the Connected Catalogue

The mechanism for enforcing this reuse is detailed in Article 42 of the CADA proposal. This article establishes a clear procedural obligation for public entities that choose to share their software.

It stipulates that when a Union entity or public sector body makes software to which it holds intellectual property rights available for reuse under an open-source licence, it "shall do so using a catalogue or repository that is connected to, and made accessible through, the EU Open Source Solutions Catalogue ('the EU OSS Catalogue')."

Key aspects of this obligation include:

  • Voluntary Trigger: The obligation applies when a public entity decides to make software available for reuse. It does not force the open-sourcing of all proprietary software, but it mandates the method of publication once that decision is taken.
  • Centralised Access: The software cannot remain hidden in a private, local, or disconnected repository. It must be integrated into the centralised EU OSS Catalogue to ensure visibility to other public administrations across the EU.
  • Interoperability: The requirement for connectivity ensures that local catalogues do not become digital islands. They must be technically linked to the Union-wide hub to facilitate cross-border discovery.

The Centralised Hub: EU OSS Catalogue (Article 43)

To support the mandate in Article 42, Article 43 requires the European Commission to provide and maintain the EU Open Source Solutions Catalogue. This catalogue serves as the centralised entry point for any public administration to search for and access software made available for reuse by Union entities and public sector bodies.

The proposal outlines specific features to ensure the catalogue's effectiveness:

  • Centralisation: It aggregates software from various national and Union-level repositories into a single, searchable interface, solving the "searchability" problem identified in Recital 83.
  • Accessibility: The catalogue will be hosted on the Interoperable Europe portal (as referenced in Article 8 of Regulation (EU) 2024/903) and must be accessible electronically free of charge.
  • Federated Connectivity: National or local catalogues can request to be connected to the EU OSS Catalogue. The Commission will decide on these requests based on "objective and relevant criteria," ensuring a federated but cohesive network of open-source assets. This allows Member States to maintain their local governance while contributing to the Union-wide pool.

Governance and Coordination: The OSPO Network (Article 44)

Recognising that technical connectivity alone is insufficient to drive cultural change, CADA also establishes a governance layer. Article 44 mandates the creation of a network of Open Source Programme Offices (the 'OSPO Network'). This network brings together relevant structures within Union entities and Member States to facilitate cooperation on the implementation of share-and-reuse obligations.

The OSPO Network is tasked with:

  • Facilitating the exchange of information, experience, and best practices between Member States and the Commission.
  • Discussing common technical, legal, and organisational challenges, including those related to licensing, security, maintenance, and procurement of open-source software.
  • Promoting the sharing and reuse of open-source software by public sector bodies.
  • Contributing, on a voluntary and non-binding basis, to the development of guidance, templates, or recommendations on the sharing and reuse of open-source software.

By establishing this network, CADA aims to create a community of practice that supports public officials in navigating the complexities of open-source governance, thereby lowering the barriers to entry for reuse and ensuring consistent implementation across the Union.

What this means for you

For public-sector IT directors, procurement officers, digital transformation leads, and policy makers, the CADA proposal introduces specific operational changes regarding how software assets are managed, published, and discovered.

  1. Audit Your Software Assets: Begin identifying software developed by your organisation (or funded by public money) that is suitable for reuse. Even if you do not plan to open-source everything immediately, you must have a clear inventory of what you hold to assess potential for sharing.
  2. Prepare for Catalogue Integration: If your organisation currently maintains a local software repository, prepare to connect it to the future EU OSS Catalogue. This will likely require adopting standard metadata formats to ensure your software is discoverable and interoperable with the central EU hub.
  3. Establish or Join an OSPO: Consider establishing an internal Open Source Programme Office (OSPO) or joining your national OSPO network. This body will be crucial for managing the legal, technical, and security aspects of releasing software, ensuring compliance with Article 42, and leveraging the support offered by the EU-wide OSPO Network.
  4. Shift Procurement Mindsets: When procuring new software, consider the potential for future reuse. Contracts may need to include clauses that allow the public sector to retain the right to release the software under an open-source licence, facilitating future compliance with the proposal's requirements.
  5. Leverage Existing Solutions: Before commissioning new development, search the EU OSS Catalogue (once established) and connected national repositories. Finding an existing, vetted solution can save significant time and budget, directly aligning with the proposal's goal of reducing duplication costs.

Common misconceptions

Misconception 1: CADA forces all public-sector software to be open-source.

  • Reality: CADA does not mandate that all public-sector software must be open-sourced. Article 42 applies only when a Union entity or public sector body voluntarily decides to make software available for reuse. If an organisation chooses to keep its software proprietary, it is not required by this specific article to release it. However, the proposal strongly encourages open-source usage through other measures, such as the "open source first" principle in Article 41.

Misconception 2: Reuse is only about saving money.

  • Reality: While cost reduction is a primary benefit, the proposal highlights broader strategic advantages. Recital 83 explicitly notes that reuse "fosters innovation across the Union" and is "in the public interest." By sharing code, public sectors can collaborate on security patches, improve software quality through community contributions, and accelerate digital transformation across borders.

Misconception 3: The EU OSS Catalogue replaces national catalogues.

  • Reality: The EU OSS Catalogue is designed to be a centralised access point, not a replacement for local infrastructure. Article 43 allows national or local catalogues to be connected to the EU OSS Catalogue. This federated approach allows administrations to maintain their local governance and metadata standards while ensuring their assets are visible to the entire Union.

Misconception 4: Only large IT departments can comply.

  • Reality: The proposal includes support mechanisms for smaller entities. The OSPO Network (Article 44) is tasked with providing guidance, templates, and best practices. Furthermore, the proposal encourages the use of open standards and components, which can simplify the technical burden of integration for smaller public bodies.

Related

This is general information about a draft EU regulation, not legal advice.