Summary As proposed in the Cloud and AI Development Act (CADA), the Network of Open Source Programme Offices (OSPO Network) is explicitly tasked with developing practical tooling for public administrations. Under Article 44(3)(c) of the proposal, the network will contribute to the creation of "guidance, templates or recommendations on the sharing and reuse of open-source software." Crucially, these outputs are designated as "voluntary and non-binding." This means the network serves as a collaborative hub for best practices and standardisation, rather than a regulatory body issuing mandatory compliance standards. Public bodies can expect these resources to address common legal, technical, and organisational challengesβ€”such as licensing, security, and procurementβ€”while retaining full autonomy over their adoption.

Detail

The Cloud and AI Development Act (CADA), proposed by the European Commission in COM(2026) 502 final, introduces a comprehensive framework to strengthen Europe's cloud and AI ecosystem. A specific pillar of this framework, found in Title IV, Chapter V, focuses on promoting open-source solutions to enhance transparency, security, and technological autonomy. Central to this chapter is the establishment of a Network of Open Source Programme Offices (OSPO Network).

The Mandate and Structure of the OSPO Network

Article 44(1) empowers the Commission to establish the OSPO Network with the primary objective of facilitating cooperation on the implementation of the obligations set out in the open-source chapter. This network is designed to bridge the gap between isolated national or local initiatives and a cohesive Union-wide approach.

Membership is inclusive: Article 44(2) stipulates that Open Source Programme Offices established by public sector bodies at local, regional or national level in a Member State, as well as those established by Union entities, may request to join the network. The Commission is tasked with supporting and coordinating this network (Article 44(4)) and must convene and chair meetings of its members at least twice a year (Article 44(5)). This regular cadence ensures continuous dialogue and the timely exchange of emerging best practices.

Specific Tasks: The Role of Guidance and Templates

The core value proposition for public-sector procurement officers, IT managers, and legal teams lies in the specific tasks assigned to the network under Article 44(3). While the network has four distinct tasks, the third is the most direct source of the practical tooling in question:

  • Article 44(3)(a): Facilitating the exchange of information, experience, and best practices between Member States and the Commission. This includes discussing common technical, legal, and organisational challenges, specifically those related to licensing, security, maintenance and procurement of open-source software.
  • Article 44(3)(b): Promoting the sharing and reuse of open-source software by public sector bodies.
  • Article 44(3)(c): Contributing, on a voluntary and non-binding basis, to the development of guidance, templates or recommendations on the sharing and reuse of open-source software.
  • Article 44(3)(d): Collaborating on and exchanging open-source projects of common interest to Union entities and public sector bodies.

The phrasing in Article 44(3)(c) is legally significant. By explicitly stating that contributions are "voluntary and non-binding," the proposal ensures that the OSPO Network functions as a support mechanism rather than a source of new regulatory obligations. The guidance and templates are intended to be practical tooling to help administrations navigate the complexities of open-source adoption, reducing fragmentation and improving discoverability without imposing a "one-size-fits-all" mandate.

Context within the Broader CADA Framework

The OSPO Network operates in synergy with other provisions in CADA to create a functional ecosystem for open-source software:

  • Article 41 encourages Union entities and public sector bodies to use and facilitate the reuse of open standards and components released under an open-source licence when building their cloud and AI ecosystem.
  • Article 42 requires that when a Union entity or public sector body makes software available for reuse under an open-source licence, it must do so using a catalogue or repository connected to the EU Open Source Solutions Catalogue (EU OSS Catalogue).
  • Article 43 establishes the EU OSS Catalogue itself as a centralised, free-to-access repository hosted on the Interoperable Europe portal.

The templates and guidance developed by the OSPO Network are designed to help bodies comply with these structural requirements efficiently. For instance, a template for a "contribution agreement" might help a municipality ensure its software is properly licensed before being uploaded to the EU OSS Catalogue, thereby meeting the connectivity requirements of Article 42.

Furthermore, the network's mandate to discuss challenges related to "licensing, security, maintenance and procurement" (Article 44(3)(a)) suggests that the resulting practical tooling will likely cover:

  • Standardised clauses for open-source contributions in public procurement contracts.
  • Checklists for security audits and maintenance handovers.
  • Best practices for selecting appropriate open-source licences (e.g., distinguishing between permissive and copyleft licences).
  • Procedures for integrating internal developments into the EU OSS Catalogue.

By fostering a community of practice, the network aims to reduce the administrative burden on individual administrations, allowing them to leverage collective expertise rather than developing these resources from scratch.

What this means for you

For public-sector procurement officers, IT managers, legal counsels, and policy makers, the establishment of the OSPO Network represents a significant opportunity to access harmonised, EU-level support for open-source strategies.

1. Access to Pre-Vetted, Practical Tooling

Instead of negotiating complex open-source licensing terms or drafting security maintenance agreements from scratch, your organisation can look to the OSPO Network for standardised templates. These resources will be developed through a collaborative process involving experts from across the EU, ensuring they reflect best practices and address common pitfalls identified by peers. This is particularly valuable for smaller administrations that may lack dedicated legal resources for open-source governance.

2. Voluntary Adoption and Autonomy

Because the guidance and templates are explicitly "voluntary and non-binding" (Article 44(3)(c)), your administration retains full autonomy. You are not legally required to use OSPO Network templates. However, adopting them may demonstrate due diligence and alignment with EU-wide standards for open-source governance, potentially simplifying audits or facilitating cross-border collaborations where interoperability is key.

3. Participation and Influence

If your public body has an existing Open Source Programme Office (or a dedicated team fulfilling that role), you should consider applying to join the network. By participating, you can influence the development of these templates, ensuring they address the specific technical and legal challenges faced by your sector or jurisdiction. The network's focus on "common technical, legal and organisational challenges" (Article 44(3)(a)) means your input could directly shape the practical tooling available to all members.

4. Synergy with the EU OSS Catalogue

The templates developed by the OSPO Network will likely align with the requirements for listing software in the EU OSS Catalogue (Article 43). Using these templates can streamline the process of making your organisation's developed software available for reuse, ensuring it meets the discoverability and interoperability standards expected by the broader public sector.

5. Procurement Strategy

Procurement officers can use the network's guidance on "procurement of open-source software" (Article 44(3)(a)) to refine tender documents. This may include standardised evaluation criteria for open-source bids or model clauses that protect public investment while encouraging innovation and reuse.

Common misconceptions

Misconception: The OSPO Network issues mandatory regulations. Reality: The CADA proposal is explicit. Article 44(3)(c) states that the network's contribution to guidance and templates is "voluntary and non-binding." The network does not have regulatory or enforcement powers. It is a coordination and support body, not a legislative one.

Misconception: Only large national governments can join. Reality: Article 44(2) explicitly allows Open Source Programme Offices established by public sector bodies at "local, regional or national level" to request membership. This includes smaller municipal authorities or regional agencies, provided they have a structure dedicated to open-source management.

Misconception: The OSPO Network replaces national legal advice. Reality: While the network provides templates and recommendations, it does not replace the need for specific legal counsel. Public bodies must still ensure that their use of open-source software complies with national laws, data protection regulations (such as the GDPR), and specific contractual obligations. The OSPO Network's resources are best practice tools, not legal substitutes.

Misconception: The network is only for software developers. Reality: The tasks of the network include discussions on "legal and organisational challenges" and "procurement" (Article 44(3)(a)). This makes the network highly relevant for procurement officers, legal teams, and policy makers, not just technical staff. The guidance on sharing and reuse (Article 44(3)(c)) is particularly valuable for those responsible for asset management and public service delivery.

Official sources

Related

This is general information about a draft EU regulation, not legal advice.