I.               Why the Commission's Tech Sovereignty Approach Is the Right Call

The European Commission's Communication on European Tech Sovereignty, published on June 3rd 2026, is a landmark. For the first time, the EU has not only mentioned Open Source as part of its digital policy but has put Open Source at the centre of how Europe intends to secure its technological future. The accompanying EU Open Source Strategy recognises what our community has long understood - that open, transparent, collaboratively governed software is not merely a cost-saving alternative to proprietary systems, but a strategic foundation for European autonomy, resilience and competitiveness.

The Eclipse Foundation warmly welcomes this Communication. It reflects a maturity of thinking about Open Source that we have worked toward for many years, and it sets out a credible architecture for turning Europe's Open Source strengths into lasting sovereign capability as it combines demand-side measures, serious attention to maintenance and security, sustained funding, and a clear commitment to procurement reform.

II.             Why the Open Source Strategy is Important

Several elements of the Open Source strategy should be recognized.

First, the Communication explicitly defines “Open Source” in a way consistent with the industry’s globally recognised understanding, as reflected in the Open Source Definition developed and maintained by the Open Source Initiative.

Second, the Communication understands that “stewardship” matters. It rightly identifies Open Source foundations as the governance structures that allow projects to remain viable, secure and trusted over time and it reinforces the steward concept introduced in the Cyber Resilience Act: Code without sustained, neutral, professional stewardship is code at risk — and Europe's digital infrastructure depends on exactly this kind of long-term custody that mature Open Source foundations can provide.

Third, the Open Source strategy takes “maintenance and security” seriously. The introduction of an Open Source Maintenance Instrument, the work with ENISA on identifying the most exposed dependencies, and the emphasis on attestations under Article 25 of the CRA, all address the real, structural fragility of the components on which European mobility, banking, healthcare, energy and government services quietly rely. We have long argued that securing the commons requires investing in the people and institutions who maintain it; it is encouraging to see that argument officially reflected in EU policy.

Fourth, the strategy recognises that “industrial collaboration around Open Source building blocks is already working in Europe”. We are delighted that the Commission points to the Eclipse Foundation's work in the automotive sector — and to our Software Defined Vehicle Working Group — as an example of how competitors can share non-differentiated building blocks under open governance while continuing to compete on final products. This model is not theoretical. It is operating today, across automotive, and it is directly extensible to other sectors, such as industry 4.0 and smart manufacturing, finance and related digital infrastructure, drones and autonomous systems - and beyond.

And finally, the Communication addresses the “procurement disadvantage” that European Open Source companies — most often SMEs — have faced for years. Tenders designed around proprietary incumbents, turnover thresholds that exclude smaller bidders, and a focus on itemised price over total value and public benefit have all tilted the playing field. An "Open Source first" approach to public procurement, if done well, can begin to correct this.

The challenge now is implementation. The principles set out in the strategy are sound; the next question is how Europe organises the stewardship capacity needed to deliver them.

III.            Sovereignty is Built on Plurality, not on a Single Gateway

The Communication is right that Europe needs strong, well-funded, EU-anchored stewardship of its strategic Open Source assets. The question now is how that stewardship is facilitated — and here we offer a perspective grounded in decades of running Open Source infrastructure at scale.

Open Source draws its strength, its security and its legitimacy from being “plural, federated and open”. The reason Open Source improves cybersecurity is that many independent eyes inspect the code. The reason open governance builds trust is that no single actor controls the outcome. The reason European industry has been willing to collaborate in shared platforms is that those platforms are vendor-neutral and not captured by any one interest. These are not incidental features. They are intentional design principles – and they serve as the source of the value the Commission rightly wants to harness.

Consequently, Europe's Open Source capacity will be strongest if it is built as “an ecosystem of trusted organisations” — existing and new, European headquartered and internationally connected — coordinated through common principles, interoperable governance and shared funding mechanisms, rather than concentrated in any single point of entry. A diverse landscape of foundations and stewardship bodies is more resilient, more innovative and more credible to the global communities Europe needs to work with than a single channel could ever be. Concentration is precisely the risk the sovereignty agenda exists to address; we should be careful not to reproduce it in the institutions we build to defend against it.

And Europe does not have to build this capacity from scratch. Mature, proven, openly governed stewardship organisations already exist and already serve European industry, public administrations and developers — operating under European law, embedded in European communities, and connected to the global Open Source ecosystem on which Europe also depends. The most efficient and most resilient path to the Commission's goals is to build on this existing capacity and federate it, complementing it where genuine gaps exist rather than routing European Open Source through a single new gateway.

IV.           How Eclipse Foundation Can Help

The Eclipse Foundation is ready to be a partner in delivering this strategy. As one of the world's leading Open Source foundations, headquartered in Europe and operating under European law, we already provide exactly the kind of vendor-neutral, long-term stewardship the Communication calls for. Operating under an open governance model based on EU law and with mature legal and IP frameworks, we bring industrial collaborations and direct experience with the very instruments the strategy puts forward.

In particular, we offer to contribute to the work ahead in several ways:

• Stewardship by example: Our Software Defined Vehicle Working Group and our broader industrial collaborations show how Europe's "shared building blocks, competitive products" model works in practice. We are ready to help extend it to other strategic sectors, such as industry 4.0 and smart manufacturing, drones and autonomous systems, etc.
• Maintenance and resilience: We can help give practical shape to the Open Source Maintenance Instrument and dependency-resilience measures, ensuring they reach the components and communities that most need support.
• Security and attestation: We are prepared to engage closely on the design of the voluntary EU assessment framework and CRA Article 25 attestations, drawing on our existing stewardship and security practices.
• Standards: With our longstanding experience in producing international standards, including the Eclipse Dataspace Protocol (ISO/IEC DIS 26450 Information Technology) and the Eclipse Decentralised Claims Protocol (ISO/IEC DIS 26451 Information Technology), we support the Commission's commitment to integrating Open Source into European standardisation, and we can help channel real implementation experience into standards work that underpins EU law.
• Shaping the framework: We welcome the feasibility study on a common European framework for foundations and the discussions on European stewardship. We look forward to engaging constructively as these initiatives take shape, helping to ensure that any new framework strengthens and builds upon the trusted stewardship capacity Europe already has, while addressing gaps where needed.

V.             A Shared Agenda

This Communication marks a genuine turning point, and the Eclipse Foundation stands firmly behind its ambition. Europe has the talent, the communities - and now the political commitment to lead in Open Source. What remains is to build the institutional architecture in the Open Source way: Plural, federated, transparent and collaborative — strengthening the stewards Europe already trusts and welcoming new ones into a shared, resilient ecosystem.

We look forward to working even more closely with the Commission, the Member States and our fellow communities to turn this strategy into European capability. The commons cannot be secured by a single gatekeeper. It is secured by all of us, together — which is exactly how Open Source has always worked, and exactly how Europe's open digital future will be won.

About the Eclipse Foundation

The Eclipse Foundation provides a global community of individuals and organisations with a vendor-neutral, business-friendly environment for open source collaboration and innovation. We host Adoptium, the Eclipse IDE, Jakarta EE, Open VSX, Software Defined Vehicle, and more than 400 high-impact open source projects. Headquartered in Brussels, Belgium, we are an international non-profit association supported by over 300 members. Our events, including Open Community Experience (OCX), bring together developers, industry leaders, and researchers from around the world. To learn more, follow us on X and LinkedIn, or visit eclipse.org.