2025 was a busy year for Linux Foundation Europe across technical collaboration, regulation, and coordination with global open source communities. There were many discussions about open collaboration models, digital sovereignty, security baselines, and the growing mix of EU regulations affecting software. Open source continued to emerge as a shared layer connecting diverse sectors, including energy systems, telecommunications networks, financial infrastructure, hardware platforms, and emerging AI initiatives. At events in Brussels, Ghent, Paris, Rome, London, Warsaw, and Amsterdam, as well as at many online gatherings, one question emerged: how do we keep open source strong and sustainable while the regulatory , geopolitics and technical landscape shifts around it?
Early in the year, Open Source Week in Brussels set the tone. SIMPL talked about data-sharing, CHAOSS shared research on how public funding affects projects, the EU Open Source Policy Summit focused on regulation, and FOSDEM brought the community together again. People asked practical questions: what does CRA readiness actually mean for projects? How long will maintainers be expected to support their work? Around the same time, DeepSeek’s open AI releases expanded the discussion on sovereignty and efficiency. These releases highlighted Europe’s role in open AI development as well as its interest in smaller, specialized models, multilingual LLMs, open datasets, and evaluation tooling.
This raised a broader question: what role should Europe play in this landscape?
As the digital sovereignty conversation started to make headlines, Gabriele Columbro, General Manager of Linux Foundation Europe, framed it this way: “It’s a momentous and exciting time in technology, and Europe has an opportunity to be a true neutral ground for global open source efforts, drastically growing its technology relevance globally in the process.”
Later in the year, Gabriele expanded on this vision in his blog post “Open Is Sovereign: Why Europe’s Digital Future Must Be Built on Global Open Source Ecosystems”. In it, he explained that digital sovereignty is not a choice between openness and protectionism. Instead, he stressed that open source is one of the strongest safeguards against technological dependency, because it allows anyone to inspect, modify, and operate software. He also made the point that most proprietary software already depends on open source, and that Europe should strengthen the global open tech ecosystem rather than isolate itself from it.
From February through June, we worked with OpenSSF to create policy working groups and resources such as the Global Cyberpolicy Working Group. We also did research that showed how people and companies weren't aware of or weren't planning to follow the rules about CRA.
During UN Open Source Week, participants explained digital public infrastructure (DPI) by comparing open components to shared public systems. This raised questions such as: what parts of digital infrastructure are “public”? Who maintains them? How do commercial and public operators depend on the same open building blocks? Discussions about digital sovereignty shifted toward the idea that autonomy comes from the ability to inspect, modify, and operate software not from fragmenting ecosystems. This idea came up again later in Warsaw and Paris when people were talking about national OSPOs, standardization strategies, and public procurement.
During summer and autumn, the focus changed from analyzing the situation to formulating actionable recommendations for achieving greater digital sovereignty through open source. The community met in Amsterdam, Ghent, and Brussels to talk about open source private and public funding, cybersecurity, digital sovereignty in practice, open hardware, energy grids, how to put CRA into practice, and how the public sector can get involved. European plans for cloud and telecommunications companies continued through IPCEI-CIS activity, cloud-edge reference architectures, and new community foundations. Poland's Digital Strategy 2035 now includes open source, with plans for repositories, funding channels, and a national OSPO. This shows that the public sector is also interested in open source. Similar trends were seen in Germany's funding for Sovereign technology fund, UN DPI discussions, and regulatory talks around NIS2, CRA, and AI frameworks.
Later in the year, conversations circled back to digital sovereignty but from a much more practical angle. How do we fund and maintain shared software infrastructure? How maintainers should be supported, how regulatory workloads map (or do not map) to real OSS governance, and how to strengthen the commons without fragmenting global collaboration.
Research outputs from LF Research and others documented maturity gaps, funding gaps, and misalignment between executives and technical contributors. Research outputs highlighted the same point: Europe has significant open source talent, but still captures only a small portion of the downstream economic value, raising questions about sustainability and investment.
This aligns with growing policy discussions about the need for structured public investment in open source as digital infrastructure. Reports such as “Funding Europe's Open Digital Infrastructure" argue that open source now comprises over 70% of modern software, making its security and sustainability a matter of public interest rather than purely technical stewardship. The paper highlights how OSS suffers from a “tragedy of the commons,” where critical components are widely relied upon but structurally underfunded, and uses examples like Germany’s Sovereign Tech Fund (STF) to show how targeted investment can strengthen autonomy, resilience, and competitiveness.
Across LF Europe hosted projects, technical work progressed steadily.
By the end of 2025, three coordinated events in Belgium wrapped up the year: the LF Europe Member Summit in Ghent, the LF Europe Roadshow in Ghent, and the European Open Source Security Forum in Brussels.
Stepping back, 2025 showed how LF Europe’s work fits into Europe’s broader push toward digital sovereignty. Instead of treating sovereignty as a call for isolation, LF Europe helped frame it as something practical: funding open projects and the local commercial ecosystems behind them, connecting communities to policymakers, improving security baselines, and making sure Europe can actually run and evolve the technologies it relies on. Across cloud, telco, hardware, AI, and energy systems, LF Europe’s involvement helped turn conversations into concrete progress. This also reflects the main point from the blog “Open Is Sovereign”: Europe doesn’t gain autonomy by building walls, but by strengthening open digital commons and scaling European companies and institutions that build on them.
In 2026, the next step is to keep this momentum going as CRA goes into force, and sovereignty conversations have matured into more fully shaped policy proposals and practical requests for input by the EU like the recent Open Source Digital Ecosystem call for evidence.
A message from Gabriele Columbro, GM of LF Europe:
2025 showed us that open source is more than code, it’s the backbone of Europe’s digital infrastructure and a foundation for sovereignty, security, and economic opportunity. Across events, research, and community conversations, one thing became clear: Europe needs to invest in the global open source commons, while growing a thriving local commercial open source ecosystem to scale credible sovereign alternatives.
In my recent blog “Open Is Sovereign: Why Europe’s Digital Future Must Be Built on Global Open Source Ecosystems,” I explained that real digital sovereignty doesn’t come from isolation, but from mastering and contributing to the open technologies that power the world. Open source gives Europe transparency, flexibility, and the chance to shape technology on its own terms.
This idea is reflected in the recent EU Sovereign Tech Fund (EU-STF) feasibility study, which makes the case for a dedicated, mission-driven fund to support the maintenance, security, and improvement of critical open source software that highlights the EU’s digital economy and public services. The report shows how chronic under-investment in open source creates risks and how structured, strategic funding could strengthen digital sovereignty, cybersecurity, resilience, and competitiveness across Europe by helping maintainers, secure key projects, and map critical dependencies.
But it’s not just about public funding. In fact facilitating the creation, scaling and profitability of a stronger European ecosystem of commercial open source product and services companies will be equally key to create a value flywheel, that can both deliver to the EU sovereignty goals and contribute to the long term sustainability of upstream open source projects. Making open source companies a central thesis in initiatives like the ScaleUp fund and the EU Inc will be critical in this sense.
Looking ahead, LF Europe will continue working with policymakers, communities, and industry to turn these important conversations into real, sustainable progress because Europe’s digital future should be open, resilient, and built together on the global commons we work every day to preserve and grow.
Related blog: EU Open Source Week 2026: What to Expect from Linux Foundation Europe