DevRoom organisers welcome all to the Legal & Policy Issues DevRoom
Legal and licensing issues are a vital part of the Free Software ecosystem. While many Free Software developers may have a good idea of the legal and licensing requirements that turn their project into Free Software, there are many more attending FOSDEM who may lack the knowledge or have misconceptions about the legal issues in Free Software.
This session hopes to provide an introduction and background to the legal concepts that underpin the freedoms in Free Software, and how the law is an important tool in ensuring our digital freedoms, so that participants can better appreciate the legal and licensing issues to be discussed by speakers in the Legal and Policy Devroom.
Open protocols underpin much of Europe’s digital infrastructure, yet they remain a blind spot in European digital policy. This talk highlights why supporting open protocol governance is crucial for Europe’s digital sovereignty, interoperability, and innovation. It explores how policymakers and developers can together address this gap by recognising protocols as foundational infrastructure and shaping policies that enable resilient, interoperable, and decentralised systems.
In 2020 the Dutch government adopted the 'open, unless' principle, promoting the use and procurement of open source software, unless impossible. But what happens after such a policy is published? This isn’t as straightforward as we’d think. Within government projects, we still regularly need to answer practical questions such as “are we allowed to build or buy this? Are we allowed or required to publish our code? What do we need security wise? What do our procurement policies say? Where do we put the code? Does code need to be archived like documents? How do we collaborate with other government tenants? And how do we support the open source communities whose code we use?” The ‘open, unless’ principle is clear on paper, but applying it turns out to be more complex.
In this talk, we will look at how the Dutch are putting 'open, unless' into practice inside the Ministry of the Interior (BZK), through the daily work of our Open Source Program Office (OSPO). Instead of focusing on just policy, the focus is on the operational side. Once the choice for open source is made, what challenges arise then? This will be illustrated with concrete project examples. The first is MijnBureau, a sovereign open source workspace for the government, that has been built openly from the start. The second example is the Dutch Government Codeplatform, a shared development environment, based on Forgejo. A third example is OpenKat, a collectively built open source vulnerability scanner. Together we’ll explore how 'open, unless' is applied in a consistent way (spoiler alert: it’s not).
These examples show what “from policy to practice” actually looks like for the public-sector. For instance, many open source projects start bottom-up. How do we ensure proper top-down alignment with national strategies, adequate funding and sponsorship? When a project is done, who is going to manage and maintain it? How do we make sure we don’t take advantage of open source communities?
This talk is aimed at anyone interested in public-sector open source, OSPOs, procurement and policy implementation, or in understanding why “just publish code” is rarely as easy as it sounds, and what we can do to make it easier.
Open source initiatives usually bubble up from the grassroots community, and while governments have been paying more attention recently, policy is often subject to the whims of election cycles. This means long-term continuity is never guaranteed.
Even when policies are in place, their implementation can be hampered by two significant factors: civil servants' open-source literacy and existing legal/regulatory bottlenecks. Sure, enshrining open source into law would make it mandatory and sustainable, but let’s be real—the legislative process is painfully slow.
The Open Culture Foundation (OCF) has been deeply embedded in Taiwan’s open source scene for over a decade. Some of our members have been tracking the government’s on-again, off-again open-source journey for nearly 30 years, since the early community days. Others have even moved from leading government open-source policy to eventually return to the non-profit sector. Throughout this journey, OCF has continually adapted how we collaborate with and support the government, seeking the best communication strategies and case studies—all while managing the inevitable cycles of disappointment and excitement.
Most recently, we saw Audrey Tang depart from the Ministry of Digital Affairs (MODA), and the government's visible focus on open source has noticeably dialed down. However, we also found like-minded partners in the Taipei City Government's Department of Information Technology (DOIT). We are now working with them to ensure that open source software continues to be adopted and deployed within the government.
In this 30-minute session, we’ll be sharing the different collaboration models we’ve developed with the government and the tangible deliverables we’ve produced. Crucially, we’ll also discuss how we keep the momentum going and move forward even when we face headwinds.
In this Q&A session we will address all the questions our audience might have on the CRA in relation to Free Software. We will kick of the session with a short introduction focussing on current challenges around the implementation of the CRA with a specific focus on Open Source Stewards and Attestation programs and how and where financial support is needed in order to make the CRA work.
Software Freedom Conservancy (SFC) sued Vizio in October 2021 because Vizio did not provide the required source code for the GPL and LGPL works that Vizio chose to use in its TVs, preventing SFC from making privacy and security enhancing changes, among other improvements that the GPL and LGPL require that companies allow in devices they sell. SFC brought the case as a third-party beneficiary of these copyleft agreements, to demonstrate how users of copylefted software can directly enforce the agreements if a company fails to comply.
The case finally made it to trial two weeks ago, after several long years of negotiation, hearings, and source candidate reviews. Join us to learn how that long-awaited trial went: what the arguments were, how Vizio tried to make its case, and what the likely outcomes may be, both for Vizio and for software freedom as a whole. We look forward to your questions and discussion around this historic case for user rights!
A number of countries are introducing "online safety" laws, which generally impact providers of online services. An example of these is the UK's Online Safety Act 2023.
It purports to have extra-territorial effect, applying to anyone, anywhere in the world, who provides a service to people in the UK, if certain criteria are met.
While the ostensible aim of these acts is to address concerns relating to the largest social media providers, they are not always well drafted, or else are drafted intentionally broadly, and catch all number of services which are used commonly by FOSS projects, including self-hosted projects.
For instance:
I have spent far too much pro bono time this year working with FOSS projects to help them with the Online Safety Act 2023, working out whether it poses a realistic risk to them, and what, if anything, they might want to do about it.
I've also produced onlinesafetyact.co.uk, as a free, CC-licensed, resource, which has been well used as far as I can tell.
This talk will:
This panel will bring together policy/legal experts and enforcement officers from the European Commission to discuss how the Digital Markets Act (DMA) applies to Apple’s iOS/iPadOS and Google’s Android from the perspective of interoperability.
In particular, the panel will deal with the European Commission's recent decisions in regulating hardware and software interoperability for Apple’s OSes. The audience will learn what interoperability under the DMA means for Free Software developers, and how they can expect the interoperability solutions to be provided by gatekeeper companies like Apple and Google.
More importantly, the discussion will address relevant questions for the effective implementation of the interoperability obligations in the DMA, including:
The panel will be composed by:
The panel will be moderated by Lucas Lasota, Legal Researcher and Lecturer at the Halle-Wittenberg University. The language will be English.
This talk details the currently-planned litigation strategy of FOSS Users e.V. (https://foss-users.eu) for the next decade. We are also looking for the community for feedback on other possible strategies. The first part of our current strategy is to get precedent that copyleft violations can be pursued with injunctions against consumer rights infringements in Germany. This is best done with the most obvious violation first: lock down of LGPLed libraries. The next issue will be proprietary Linux kernel modules using EXPORT_SYMBOL_GPLed interfaces.
This talk wants to explore the options we, as a community, have to safeguard copyleft and software freedom. To this end, the talk takes a two-pronged approach. First, it calls on the community to come up with clever ideas about how to enforce copyleft licenses and protect our commons from more and more savvy and blatant violators. Second, the main part of the talk will be to present my ideas so far on how we should move forward in the next decade. Subject to community feeback on these ideas, I propose that we frame copyleft violations as consumer rights infringements and have a consumer association getting injunctions against these infringements. More broadly speaking, we need a community of hobby legal experts taking the burden from the developers to enforce copyleft. If these hobbyists pursue violations in a rewarding way, they can sustainably take on the task of enforcing the developers' will. The presentation will conclude with discussion of how the audience can contribute. First, they could become members of the consumers association already incorporated in Germany, of FOSS Users e.V. . Under German law, consumers associations need at least 75 members to be allowed to sue. Second, they could donate money for copyleft enforcement. Third, they could make suggestions for improvements to the plan and contribute new ideas to incorporate.
FOSS communities have historically developed governance models that include within them biases and other problems, often belatedly recognized. For example, there is now general agreement that no dictator can be benevolent. Common alternatives to the "benevolent" dictator— the "meritocracy", "do-acracy", and the self-perpetuating committee — also have serious problems. Often the alternative offered to these kinds of governance systems is for some kind of elected governance body.
Democratic governance institutions are messy, however. We'll consider some historical examples of problems that have occurred in various democratic FOSS initiatives and organizations, and will focus particularly on the Open Source Initiative (OSI) board of directors elections of 2025. We'll consider the question: how can we design elected governance bodies for FOSS that truly represent the views of our community and are held properly accountable to their constituencies?
Joe 'Zonker' Brockmeier will moderate this panel, and additional individuals have been invited and will be added once they are confirmed.
Clean-room design is a method of recreating and relicensing software without infringing any of the copyrights. So what happens when we use LLM's to recreate thousands of open source projects in seconds, and relicense them all to more permissive licenses?
We first started looking at this when in 2025 MongoDB used an AI agent to take thousands of lines of code from a copyleft project, and used Cursor to recreate and relicense it all under apache. The prompts used to do this were left in the repository.
What does it mean for the open source ecosystem that 90% of our open source supply chain can currently be recreated in seconds with today's AI agents?
In this talk we will be demonstrating the process of large scale clean rooming, and explore what it means for open source, and what it means for community.
Closing of to the Legal & Policy Issues DevRoom by the DevRoom organisers.