Summary The EU Open Source Solutions Catalogue (EU OSS Catalogue) is a centralised, free-to-access platform proposed under Article 43 of the Cloud and AI Development Act (CADA). As drafted in COM(2026) 502 final, the European Commission would be mandated to "provide and maintain" this catalogue to serve as a single entry point for discovering software made available for reuse by Union entities and public sector bodies. The catalogue would be hosted on the Interoperable Europe portal and made accessible electronically free of charge. Its primary purpose is to solve the fragmentation of public-sector software repositories, reduce vendor lock-in, and strengthen the EU's technological sovereignty by ensuring that open-source solutions developed by one public body are easily findable and reusable by others across the Union.

Detail

The EU Open Source Solutions Catalogue represents a critical infrastructure component of the proposed Cloud and AI Development Act (CADA). While the Act covers a broad range of topics from data-centre capacity to cloud sovereignty, the open-source provisions specifically target the "reuse" gap in the public sector. Currently, valuable software developed with public funds often remains siloed within individual Member States or specific agencies, leading to duplicated efforts and missed opportunities for collaboration.

Legal Basis and Core Mandate

The legal foundation for this initiative is explicitly set out in Article 43 of the CADA proposal. Article 43(1) establishes the Commission's obligation: "The Commission shall provide and maintain an EU Open Source Solutions Catalogue (β€˜EU OSS Catalogue’) as a centralised catalogue to access software made available for reuse by Union entities and public sector bodies."

This mandate is not merely administrative; it is a strategic intervention to create a unified digital marketplace for public-sector innovation. By centralising access, the regulation aims to transform the public sector from a collection of isolated software consumers into a collaborative ecosystem. The catalogue serves as the technical and organisational hub that bridges the gap between software providers (public bodies that develop tools) and software consumers (other public bodies seeking solutions).

The text of the proposal emphasises that the catalogue is "centralised." This does not necessarily mean that all code must be physically stored in a single location. Rather, it means that the discovery mechanism is centralised. The catalogue acts as the index, ensuring that software developed in one Member State is visible to a public body in another, thereby maximising the return on public investment in digital tools.

Hosting and Accessibility

A defining feature of the EU OSS Catalogue is its integration into existing EU digital infrastructure. Article 43(2) is precise regarding its location and cost: "The EU OSS Catalogue shall be hosted on the Interoperable Europe portal referred to in Article 8 of Regulation (EU) 2024/903 and shall be accessible electronically free of charge."

Hosting the catalogue on the Interoperable Europe portal is a deliberate choice with several implications:

  • Leveraging Existing Trust: The Interoperable Europe portal is already the established gateway for public sector interoperability solutions in the EU. By placing the OSS Catalogue here, CADA ensures immediate visibility to the target audience and leverages the portal's existing governance and security frameworks.
  • Zero Cost Barrier: The requirement that the catalogue be "accessible electronically free of charge" removes financial barriers to entry. This is essential for smaller public bodies, such as local municipalities, which may lack the budget for proprietary software discovery tools or subscription services.
  • Interoperability by Design: Being part of the Interoperable Europe ecosystem ensures that the catalogue adheres to the EU's broader standards for data exchange, metadata, and semantic interoperability, facilitating easier integration with national systems.

Connection and Integration Mechanism

One of the most innovative aspects of Article 43 is its approach to integration. The regulation recognises that Member States and Union entities often already maintain their own software repositories or catalogues. Rather than forcing a migration to a single monolithic database, Article 43(3) establishes a federated connection model: "The Commission shall, on the basis of objective and relevant criteria, decide on the request of any Union entity or public sector body owning or maintaining a catalogue or repository to have that catalogue or repository connected to and made accessible through the EU OSS Catalogue."

This mechanism allows for a "hub-and-spoke" architecture:

  • Local Autonomy: Public bodies can maintain their own repositories, governance models, and metadata standards. They are not forced to abandon their existing infrastructure.
  • Centralised Discovery: Once a repository is connected to the EU OSS Catalogue, the software within it becomes discoverable via the central EU search interface.
  • Objective Criteria: The Commission retains the authority to set "objective and relevant criteria" for connection. This ensures that only repositories meeting certain standards of quality, accessibility, and openness are linked, maintaining the integrity of the central catalogue.

This approach balances the need for a unified EU-wide view with the practical reality of diverse national and local IT landscapes. It encourages participation by reducing the administrative burden of migrating existing assets.

Relationship with Software Sharing Obligations

The EU OSS Catalogue does not operate in a vacuum; it is the operational engine for the sharing obligations set out in Article 42 of CADA. Article 42 states: "When making software to which they hold intellectual property rights available for reuse under an open source licence, a Union entity or public sector body shall do so using a catalogue or repository that is connected to, and made accessible through, the EU OSS Catalogue."

This creates a clear workflow:

  1. A public body develops software and decides to share it under an open-source licence.
  2. The body places this software in a repository.
  3. That repository must be connected to the EU OSS Catalogue (as per Article 43(3)).
  4. The software becomes visible to the entire EU public sector via the central catalogue.

Therefore, the EU OSS Catalogue is the mandatory access point for any software that public bodies choose to share under the CADA framework. It transforms the voluntary act of sharing into a structured, discoverable ecosystem.

What this means for you

For public sector procurement officers, IT directors, digital transformation leads, and open-source programme offices (OSPOs), the EU OSS Catalogue represents a fundamental shift in how software is sourced, managed, and shared. As CADA is currently a proposal, these measures would apply once the regulation is adopted and enters into force.

1. A Single Source of Truth for Reusable Software

Previously, discovering open-source software developed by other European public bodies was a fragmented process. Procurement teams might have to search through disparate national government websites, GitHub organisations, GitLab instances, or technical forums, often without a clear understanding of the software's maturity or support status.

  • Action: Once operational, the EU OSS Catalogue will serve as the primary search tool. When initiating a procurement process for a digital solutionβ€”whether it is a case management system, a data analytics platform, or a citizen portalβ€”your first step should be to query the EU OSS Catalogue. You may discover a solution that has already been developed, tested, and validated by another EU public body, potentially saving significant time and public funds.

2. Preparing for Repository Connection

If your organisation maintains an internal software repository or a national catalogue, you will need to prepare for integration. Article 43(3) allows for connection, but it is subject to the Commission's "objective and relevant criteria."

  • Action: Review your current repository's metadata standards, licensing information, and documentation. Ensure that your software is tagged with clear open-source licences and that technical documentation is accessible. Prepare to submit a request to the Commission to have your repository connected to the EU OSS Catalogue. This proactive step ensures your organisation can participate in the EU-wide reuse ecosystem as soon as the regulation applies.

3. Strategic Cost Savings and Vendor Independence

The catalogue is a tool for reducing dependency on proprietary vendors. By reusing software that is already available and open, public bodies can avoid licensing fees and gain greater control over their digital infrastructure.

  • Action: Conduct an audit of your current software portfolio. Identify any tools that could be replaced by solutions listed in the EU OSS Catalogue. Prioritise solutions that are actively maintained, have a clear community or support structure, and align with your security requirements. This shift can lead to substantial cost savings and increased negotiating power with vendors for support and maintenance contracts.

4. Contributing to the European Digital Commons

If your organisation develops custom software, you have a unique opportunity to contribute to the European digital commons. By making your software available for reuse, you increase its value and potentially reduce the cost of its maintenance through shared community contributions and peer review.

  • Action: If you have developed software that could be useful to other public bodies, prepare to list it on a repository connected to the EU OSS Catalogue. Ensure you have clear open-source licences (e.g., EUPL, Apache, MIT) and comprehensive documentation. This not only fulfils the spirit of CADA but also positions your organisation as a leader in digital innovation.

Common misconceptions

Misconception 1: The EU OSS Catalogue is a software repository where code is stored.

  • Correction: The EU OSS Catalogue is primarily a discovery tool and a centralised index, not necessarily a storage location for the code itself. While it will host metadata, descriptions, and links, the actual source code and binaries will likely remain in their original repositories (e.g., GitHub, GitLab, or national servers). The catalogue connects to these external repositories to make them searchable and accessible.

Misconception 2: All public sector software must be listed on the catalogue.

  • Correction: CADA does not mandate that all software developed by the public sector must be open-sourced or listed. Article 42 applies specifically to software that public bodies voluntarily decide to make available for reuse under an open-source licence. However, if a public body chooses to share software, Article 42 requires that it be done via a repository connected to the EU OSS Catalogue.

Misconception 3: Listing software on the catalogue guarantees its quality, security, or suitability.

  • Correction: The EU OSS Catalogue is a directory, not a certification body. While the Commission may establish criteria for connection under Article 43(3), the catalogue itself does not audit the security, code quality, or functional suitability of every piece of software listed. Procurement officers and IT directors must still conduct their own due diligence, security assessments, and compatibility checks before adopting any software found in the catalogue. The catalogue facilitates discovery, but the responsibility for adoption remains with the user.

Misconception 4: The catalogue is only for large EU institutions or national governments.

  • Correction: The EU OSS Catalogue is designed for all Union entities and public sector bodies, including local and regional authorities, municipalities, and public agencies. The goal is to create a pan-European ecosystem where a small municipality can discover and reuse software developed by a large national agency or another Union entity, fostering a level playing field for digital innovation across all levels of government.

Related

This is general information about a draft EU regulation, not legal advice.