Digital Public Infrastructure is needed for resilient societies in Europe, but not just there: All over the world, government and civil society offer digital services to their constituencies. And increasingly, they have become aware of the risks that come with using infrastructure owned by a few large companies under a jurisdiction that traditionally was not necessarily ranking their interests very high and these days have become rather unpredictable. The judges and employees of the International Criminal Court are making this very visible, losing their digital life due to being sanctioned.
This session shows how the GovStack [1] initiative empowers government and societies by openly specifying building blocks for such services, thus avoiding the dependencies. The presenter has contributed to the cloud building block [2]. Naturally, the specifications also need implementations which can be qualified for the GovMarket [3], with a strong preference for Open Source solutions.
The presenter will present the specifications and will also provide insight into the OSS implementation for the cloud building block. He can report on cloud trainings in African countries and work done with GIZ, ITU and UNICC to empower these countries to create modern IT without falling into the dependency trap that European countries by and large have fallen into.
[1] https://govstack.global/ [2] https://cloud.govstack.global/ [3] https://govstack.global/our-offerings/govmarket/
Digital public products need sustainable vehicles
https://www.publiccode.net/public-product-organizations
For almost 10 years, the Foundation for Public Code has been working with public administrations and their partners to better develop public digital infrastructure together. Through many collaborations between cities., states, and other public institutions, we have come to realize that all projects that hope to become sustainable implementations in the context of the public sector would benefit from a well formed nonprofit vehicle that has a strong governance model, financial model, community practice, open license, and continuous integration process. We have been working with multiple members state governments in the European Union, and with several in the European commission, on defining a legal form for a new type of NGO that we call the public product organization.
The PPO, a non-profit vehicle built specifically to develop and steward an open digital public asset [like a software product, dataset, content database, or machine learning model] would become the hub for collaborations among a constellation of public and private partners and establish a strong governance model, provide context and support for a community of practice, and maintain access to an array of developers who could take on specific work packages set out in a shared roadmap, or do bespoke implementations for specific local administrations.
We believe that building the policy infrastructure to enable the easy creation of vehicles that allow for this type of collaboration will unlock an economy that thrives based on the contribution of a huge network of small software development studios across Europe. By enabling the creation of an NGO subtype that is specifically qualified to serve as a steward of digital assets, we can de-risk institutional engagement with open source options in procurement, and begin to design sustainable funding mechanisms that support a newly flourishing ecosystem of digital public infrastructure.
The Foundation for Public Code have served in the process of the creation of products, born from the pioneering work of teams in public administrations and their vendors, who have created some of the most celebrated digital public infrastructure in Europe. In the past, we have called ourselves "codebase doulas", helping products move out of a development cycle funded by a single public institution, which leaves them vulnerable to political change and less capable of engaging with an array of partners at peer administrations. Now we are helping guide projects toward realization as fully collaborative nonprofit stewardship vehicles. Projects like Decidim [https://decidim.org/], X Road [https://x-road.global/], DIIA [https://expo.diia.gov.ua/], and Gov.UK Notify [https://www.notifications.service.gov.uk/]
This roundtable will bring together FOSS product owners and governments to engage in a strategic discussion around two interrelated areas: 1) How to assess the technical maturity using the draft Universal Software Maturity Indicators (v0.1) https://github.com/DPGAlliance/CoP-Maturity-Indicators 20 How to assess institutional readiness of government to adopt, scale, and maintain FOSS projects in the context of Digital Public Infrastructure (DPI)
The discussion will explore how these two dimensions: software maturity and institutional readiness can be better aligned to guide investment decisions, promote responsible implementation, and reduce barriers to adoption across countries and sectors.
Specifically, this session aims to: - Collect multi-stakeholder feedback on the draft Universal Software Maturity Indicators, including their structure, clarity, and relevance across diverse implementation contexts. - Explore what governance or incentive mechanisms are needed to ensure that such assessments are actually used—for example, in procurement, donor funding, or partnership processes. - Initiate dialogue on how to assess government readiness to adopt and scale FOSS and DPIs, with reference to the existing tools, such as the E-government Development Index, the World Bank's Open Data Readiness Assessment
The roundtable will provide space for constructive discussion, exchange of experiences, and co-creation of next steps toward strengthening maturity and scalability of FOSS from both sides, software and government readiness. This session will ultimately build alignment with stakeholders to explore solutions to share challenges regarding maturity indicators.
1 year ago, EU OS put out an architecture for a common Desktop Linux for the public sector. Since then, EU OS had many closed-room conversations with public servants from several member states and with various open source communities. EU OS also published a how-to for a DIY Proof-of-Concept (PoC). This talk explains briefly the vision and PoC of EU OS, gives a summary of the feedback received so far and formulates the public sector expectations on the underlying Linux distribution.
Across Europe, institutions are seeking credible, sovereign, open alternatives to proprietary cloud platforms. France’s public digital agency, DINUM, took a bold step in that direction by developing La Suite, a fully open-source service stack. What is unique is not only the openness of the code, but the ambition: that a public administration can edit and publish digital commons for the public good.
But building a commons is only the first step. Ensuring long-term adoption, usability, and sustainability requires an ecosystem. This is the role of LaSuite.coop, a SCIC (Société Coopérative d’Intérêt Collectif), which extends La Suite beyond the administration to local governments, universities, associations, cooperatives, and civil society. As a democratic, multi-stakeholder cooperative, LaSuite.coop enables users not just to access the tools, but to co-govern them — reclaiming strategic control over their digital environment.
LaSuite.coop brings together several open-source service providers — Open Source Politics, Yaal, lebureau.coop, Galae— who mutualise development, DevOps, hosting, support, UX, and community engagement. This model funds open-source development sustainably without enclosure, venture capital, or extractive business models.
This talk explores how La Suite and LaSuite.coop illustrate a public–private–commons partnership model:
a public entity creating and guaranteeing the commons,
a cooperative ecosystem maintaining and scaling it,
a community steering its evolution,
and a sustainable business model aligned with the public good.
We believe this hybrid model offers a concrete blueprint for future European digital commons.
In late 2023, DINUM (the French Interministerial Digital Directorate) set out to answer a simple question: How do you turn promising national open-source products into shared European products? Two years later, after 2 consortium projects, cross-border hackathons, and several experiments with EU funding mechanisms, we have accumulated a set of practical insights forged through coordination with other EU partners
This talk offers an experience-based walkthrough of what worked, what didn’t, and what we wish we had known earlier. Attendees will leave with concrete takeaways for initiating or strengthening cross-border open-source collaborations within public administrations. We hope to invite partners like Zendis or the Lisbon Council to bring their perspective to these cooperations.
1. Why we started
For some of DINUM products communities grew rapidly inside France, but we wanted to test whether it could become part of Europe’s shared digital infrastructure (Eurostack). Our goal was not to “export” code, but to evaluate:
2. What we tried (and what we learned)
This objective can be accomplished through the establishment of a European strategy for the funding and development of open source products led by member states
Use case 1 : The 100Days Challenge: iterative hackathons, real code Use case 2 : GovTech4All: 16 partners, 3 pilots, 3 sustainability challenges
We also see this talk as an opportunity to inform and connect with European partners across various administrations to encourage cooperation and lay the groundwork for future projects
While digital sovereignty is increasingly prompted on European and National levels, the urgency and risks implied have yet to reach the regional and local levels of government. Building robust public digital infrastructure and services on open source foundations have potential both in addressing risks while also providing a substantial economic up-side considering how public digital services are mirrored across regional and local borders. This talk shares insights from a cross-country, multiple-case study investigating how collaboration, sharing, and reuse among local governments are actively forging sovereignty from the ground up.
Drawing on detailed examples—including democratic engagement platforms, public desktop solutions, open data infrastructure, parliamentary transparency tools, and national public transport systems —the session highlights governance models and practical mechanisms enabling local actors to translate policy ambitions into operational, interoperable, and sovereign public digital infrastructure. By foregrounding how municipal IT teams partner with foundations, non-profits, and each other, the presentation illustrates how public digital infrastructure that can be adapted and reused across borders, tailored to local needs yet scalable for European cooperation.
Attendees will gain concrete recommendations for institutionalising open source in public service delivery, developing community capacity, and ensuring public values are embedded in digital infrastructure. The session advocates for bottom-up, collaborative approaches, demonstrating that digital sovereignty is not merely a national top-down project. Attendees, including policymakers, practitioners, and technologists eager to operationalise digital sovereignty at local and regional levels, will benefit from actionable narratives and strategies grounded in real, European experience.
The full report with all case studies are openly available via OSOR: https://interoperable-europe.ec.europa.eu/collection/open-source-observatory-osor/news/multiple-case-study-public-sector-open-source
Sovereign software in the cloud? Many projects are taking care of that. FOSS services running on servers? Lots of excellent choice.
But what about your office, the place where you work? Is your local network just invisible infrastructure at the mercy of whatever vendor you picked?
This talk will show you how we built and operate the "Flurfunk" network prototype at BSI (German Federal Office for Information Security). Flurfunk is a Proof of Concept wireless and wired network with a sizable number of human users with purely FOSS infrastructure: Routers, Switches, WiFi Access Points and a Certificate Authority, all of them running FOSS firmware, operating systems and services. This whole infrastructure is centrally orchestrated and requires almost zero maintenance.
The magic lies in OpenWrt https://openwrt.org/ (for the network components) and Smallstep step-ca https://smallstep.com/open-source/ combined with OpenSSL https://www.openssl.org/ (for the CA), as well as Debian https://www.debian.org/ , Das U-Boot https://u-boot.org/ and coreboot https://www.coreboot.org/ (behind the scenes).
Yes, the network supports the latest and greatest in authentication standards (WPA3 Enterprise), but it also offers user-friendly setup for users and admins. This includes automated certificate rollout to all centrally managed laptops and smartphones for WLAN access via WPA3 Enterprise. Yes, Flurfunk aims to be CRA compliant ahead of time.
Yes, all components are current off-the-shelf hardware and yes, installing OpenWrt on them is easy (no tools needed).
No, Flurfunk is not a production network nor does it come with support, it's a PoC.
Do you want to stand on the shoulders of giants as we do, and replicate the setup for your own network? Of course the configuration files for all components as well as links to the relevant firmware/OS images will be provided for download. Where applicable, existing tutorials/wikis have been improved.
Building Mzansi Xchange: Open Source Approaches to Secure Data Exchange in South Africa's Digital Public Infrastructure
South Africa’s digital future depends on robust, scalable, and inclusive Digital Public Infrastructure (DPI). My talk introduces the core components and foundational principles of DPI, highlighting the latest directions in the South African Digital Transformation Roadmap, as unveiled by The Presidency. We’ll discuss why governments globally—including South Africa—are embracing Open Source solutions to reduce vendor lock-in, foster innovation, and ensure transparency, while exploring local challenges around adoption, interoperability, security, and compliance with regulations like POPIA.
The heart of my session is a real-world use case: building Mzansi Xchange, a secure, national data exchange platform co-designed with government and built primarily on Open Source software. We’ll unpack the architectural choices, implementation milestones, and hands-on lessons the project team learned, from aligning with the National Data and Cloud Policy to establishing federated data governance and deploying secure Open Source software.
The openCode Badge Programme promotes quality, security, and reusability of open source software in public administration. Part of the openCode platform run by the German Centre for Digital Sovereignty (ZenDiS), it automatically evaluates repositories against defined criteria and awards badges in areas such as security and maintenance, which are visible in the openCode catalogue. The Badge Programme is an integral part of ZenDiS and the German Federal Office for Information Security’s (BSI) strategy to strengthen the security of software supply chains in public administration. By creating clear incentives to meet standards and supporting informed decisions when reusing software, the programme shows how open source development and use can be fostered in the public sector.
In 2024 France and Germany signed an agreement to cooperate on building an open source digital workspace. As part of this collaboration, DINUM (France), ZenDiS (Germany) and MinBZK collaborated on building a modern Open Source Document editing product (Docs) on top of modern
As part of this, they collaborated with the existing open source libraries: BlockNote and Yjs.
This talk will share our joint experience in financing core features such as exports, comments, edit attribution, and suggestions. We'll explain: - What the collaboration looked like in practice - How funding core libraries can help you build your own Sovereign solutions efficiently - Challenges and differences between funding libraries and Application-Level solutions - Broader ecosystem benefits
As European public sector organizations pursue digital sovereignty, the technical migration from proprietary to open source solutions is only half the battle. Technology is often the easy part. The real challenge lies in transforming not just infrastructure, but mindsets, workflows, and institutional culture. True independence requires successfully leading organizational change - preparing teams, managing resistance, and building confidence in open source alternatives.
This talk shares proven change management strategies from leading IT transformations and guiding public sector clients through transitions from Jira to OpenProject, demonstrating how to build sustainable and resilient digital ecosystems that serve citizens rather than vendors. You'll learn how to:
Drawing from real-world public sector experiences and Rosanna Sibora's experience in driving IT transformations, this session reveals the human factors that make or break digital sovereignty initiatives. Whether you're planning your first migration or looking to improve your change management approach, you'll leave with actionable frameworks for leading successful transitions to independent and interoperable digital workspaces.
Many public bodies, NGOs and small providers in Europe want to move away from US‑dominated cloud platforms, but struggle to build and run their own stack with small teams and limited capacity. At the same time, the threat landscape makes it urgent to build more resilient infrastructure for critical public services.
TAPPaaS is a trusted, automated and privacy‑friendly Platform as a Service, built only with Free and Open‑Source Software, that makes it easier for small teams to run sovereign workspaces and public digital services. In this talk, we present the TAPPaaS blueprint and show how we combine existing FOSS building blocks into a sovereign, standards‑based stack that can be operated by SMBs, NGOs and local governments with limited resources. We highlight how automation and common patterns reduce operational effort, improve security and resilience, and avoid lock‑in to proprietary hyperscalers.
TAPPaaS is work in progress, so we share what already works well in pilots and prototypes, where we still hit hard problems, and which trade‑offs we made along the way. Attendees will leave with a concrete blueprint for running a sovereign PaaS with a small team. TAPPaaS comes with pre selected modules and integrations that can reuse in their own public or civic infrastructure, and clear ways to get involved as consumer, operators or contributors in shaping TAPPaaS as a building block of Europe’s public digital infrastructure.