Summary Under the proposed Cloud and AI Development Act (CADA), the European Commission is the sole entity responsible for establishing the Network of Open Source Programme Offices (OSPO Network). As set out in Article 44(1), this network is designed to facilitate cooperation on implementing the Regulation's open-source obligations. The Commission will actively support and coordinate the network (Article 44(4)), convening meetings at least twice a year. The network serves as a voluntary platform for Union entities and public sector bodies to exchange best practices, develop non-binding guidance, and collaborate on open-source projects of common interest, thereby reducing fragmentation and enhancing the reuse of software across the Union.

Detail

The proposed Cloud and AI Development Act (CADA), COM(2026) 502 final, identifies open source as a critical lever for strengthening technological sovereignty, security, and innovation. To translate these high-level objectives into operational reality, the proposal introduces a specific governance mechanism: the Network of Open Source Programme Offices (OSPO Network). This network is not an optional initiative but a structured component of the Regulation's Chapter V on Open Source.

The Establishing Authority: The European Commission

The question of who establishes the network is answered definitively in the text of the proposal. Article 44(1) states: "The Commission shall establish a network of Open Source Programme Offices ('the OSPO Network') to facilitate cooperation on the implementation of the obligations under this Chapter."

This provision places the initiative and structural responsibility squarely with the European Commission. Unlike some EU initiatives that rely on Member States to create parallel structures, CADA mandates a single, Union-wide network established by the Commission. This centralised approach is intended to ensure that the implementation of open-source obligations is consistent across the single market, preventing the emergence of divergent national approaches that could hinder interoperability and software reuse.

Purpose and Scope of the Network

The primary purpose of the OSPO Network, as defined in Article 44(1), is to "facilitate cooperation on the implementation of the obligations under this Chapter." Chapter V of CADA imposes specific duties on Union entities and public sector bodies, including:

  • Encouraging the use of open standards and components released under open-source licences (Article 41).
  • Making software available for reuse via catalogues connected to the EU Open Source Solutions Catalogue (Article 42).

The OSPO Network acts as the operational bridge to help these entities meet those obligations. It brings together "relevant structures within Union entities and Member States" (Article 44(1)). Specifically, Article 44(2) clarifies that the network includes Open Source Programme Offices established by public sector bodies at local, regional, or national levels in a Member State, as well as those established by Union entities.

By connecting these disparate offices, the network aims to overcome the siloed nature of public sector IT. It creates a formal channel for sharing the challenges and successes encountered when managing open-source lifecycles, from licensing compliance to security maintenance.

The Commission's Role: Support and Coordination

While the network is a collaborative body, the European Commission retains a central, active role. Article 44(4) explicitly mandates that "The Commission shall support and coordinate the OSPO Network."

This coordination role is operationalised through specific mechanisms:

  • Convening Meetings: Article 44(5) requires the Commission to "convene and chair a meeting of the members of the OSPO Network at least twice a year." This ensures regular engagement and prevents the network from becoming dormant.
  • Flexibility: The same article notes that these meetings "may be organised online," ensuring that participation is not hindered by geographical distance or logistical constraints.
  • Strategic Alignment: By supporting the network, the Commission ensures that the activities of the OSPOs align with the broader strategic goals of CADA, such as reducing dependencies on non-EU providers and fostering a competitive European digital ecosystem.

Defined Tasks of the OSPO Network

Article 44(3) outlines four specific tasks that the network is designed to perform. These tasks define the practical value of the network for public sector bodies:

  1. Exchange of Information and Best Practices: The network facilitates the exchange of information, experience, and best practices between Member States and the Commission. This includes discussing "common technical, legal and organisational challenges, including those related to licensing, security, maintenance and procurement of open-source software." This task is crucial for helping public bodies navigate the complex legal landscape of open-source licences and security vulnerabilities.
  2. Promoting Sharing and Reuse: The network actively promotes "the sharing and reuse of open-source software by public sector bodies." This directly supports the CADA objective of maximising the value of public expenditure and reducing duplication costs.
  3. Voluntary Guidance Development: The network contributes, "on a voluntary and non-binding basis, to the development of guidance, templates or recommendations on the sharing and reuse of open-source software." This allows the network to produce practical tools (e.g., standard licence checklists, procurement templates) that can be adopted by members without creating new binding legislation.
  4. Collaboration on Projects: The network facilitates "collaboration on and exchanging open-source projects of common interest to Union entities and public sector bodies." This encourages joint development initiatives where multiple administrations can pool resources to build or maintain software that serves a shared need.

Participation Mechanism

Participation in the OSPO Network is not automatic for every public body; it is based on the existence of an established Open Source Programme Office. Article 44(2) states that offices "may request from the Commission to join the OSPO Network." This implies that a public sector body must first have an internal structure dedicated to open source to participate. Once established, the request is made to the Commission, which manages the network's membership.

What this means for you

For public sector IT leaders, procurement officers, and legal counsel, the establishment of the OSPO Network under the proposed CADA represents a significant shift towards a coordinated, Union-wide approach to open source.

Access to Centralised Expertise As the Commission coordinates the network, public bodies will gain access to a centralised hub of expertise. Instead of each administration reinventing the wheel when facing a complex open-source licensing issue or a security vulnerability in a critical component, they can rely on the collective intelligence of the network. The exchange of best practices mandated by Article 44(3)(a) means that solutions tested in one Member State can be rapidly shared and adopted by others.

Standardisation of Practices The network's ability to develop "guidance, templates or recommendations" (Article 44(3)(c)) will likely lead to greater standardisation in how public bodies manage open source. For procurement officers, this could mean the emergence of standard contract clauses for open-source software or unified approaches to evaluating the security of open-source components. This standardisation reduces legal risk and administrative burden.

Strategic Collaboration Opportunities The provision for collaboration on "open-source projects of common interest" (Article 44(3)(d)) opens the door for joint procurement and co-development. Public bodies facing similar challenges (e.g., digitalising tax administration or managing health data) could leverage the network to identify partners and pool resources, potentially reducing costs and accelerating innovation.

Compliance Support With CADA requiring public bodies to make software available for reuse via connected catalogues (Article 42), the OSPO Network will be a vital resource for understanding how to technically and legally implement these requirements. Engagement with the network can serve as a proactive step to ensure compliance with the Regulation's open-source obligations.

Common misconceptions

Misconception 1: The OSPO Network is a regulatory enforcement body. The OSPO Network is not a regulator. Its contributions to guidance and templates are explicitly "voluntary and non-binding" (Article 44(3)(c)). It does not have the power to sanction non-compliance or enforce specific open-source policies. Its role is facilitative and cooperative.

Misconception 2: Only national-level offices can join. The network is inclusive by design. Article 44(2) explicitly states that offices established at "local, regional or national level" are eligible to join. This ensures that best practices can flow from the municipal level up to the national and Union levels, and vice versa.

Misconception 3: The OSPO Network replaces national open-source strategies. The network complements, rather than replaces, national strategies. While CADA requires Member States to adopt national cloud and AI strategies (Article 7), the OSPO Network provides a horizontal layer of cooperation that cuts across these national boundaries, fostering a single market for open-source software.

Misconception 4: All public bodies must join the network. Participation is conditional on having an established Open Source Programme Office. Article 44(2) states that offices "may request" to join. Public sector bodies that do not yet have a dedicated OSPO structure are not automatically members, though the network's existence may incentivise them to establish one to participate in the benefits of the network.

Related

This is general information about a draft EU regulation, not legal advice.