The course for open source will be set anew in 2026. We collect the most important initiatives and legal acts to keep an eye on.
After a turbulent 2025, the idea that open source can contribute to technological sovereignty, innovation, real security and competitiveness is gaining momentum.
Slowly it becomes clear:
Open Source is not a hobby, it is economically relevant!
Does that mean we are on the right track?
If you read the texts on open source in the EU Product Liability Directive, we see the danger that open source will be reduced to “non-commercial” projects – exactly contrary to the definition of open source. This is where the planned initiative and programmes contradict each other, as the Cyber Resilience Act clearly refers to the commercial use of open source software.
It is crucial for the community that funding programmes, procurement rules and policy formats strengthen commercially viable open source models and that sustainable business models can be based on them. Maintainers must be given structural support and open source must not just be seen as a cheap supplier for large industrial groups.
A more detailed analysis of this can be found in this publication from our network.
Two calls have recently been published, in which civil society is also invited to provide feedback on national and EU strategies in a timely manner:
EU “Towards European open digital ecosystems”
There is to be an open source strategy in the EU. The feedback phase for the “Towards European open digital ecosystems” initiative has been running since 6 January 2026. It is still possible to comment on the strategy for technological sovereignty presented there until 3 February.
Among others, the Open Source Community is invited. It is intended to present the state of open source in the EU and its value for private and public organisations, as well as to identify opportunities for strengthening the European open source ecosystem.
Although the title refers to open source software, hardware and other commons elements are part of the initiative. The goal is an ecosystem with internet technologies, software, hardware, cloud, artificial intelligence, cybersecurity and industrial applications.
Recommended reading: The feedback page is exciting, as it frequently discusses the importance of open hardware and open infrastructure.
Germany stack
The second consultation round for the Germany Stack, which aims to create a “national sovereign technology platform for digital projects in Germany”, will run from 16 January to 15 February 2026. There was a lot of feedback in the first round from 1 October to 30 November 2025, which has now been incorporated.
In the second round, the focus is increasingly on pragmatic implementation conditions, prioritised technology fields, standards and technologies and how these fit in with the strategic objectives.
Feedback is collected via GitLab Issues.
We are planning a submission in cooperation with the Open Hardware Alliance and other people who would like to join us.
In addition to these calls, there are other current initiatives and legal acts in which open source should be explicitly considered:
Digital Commons European Digital Infrastructure Consortium (DC-EDIC)
The EU has established a new instrument, the Digital Commons “European Digital Infrastructure Consortium (EDIC)”. (Announcement)
“The task of the DC-EDIC is to carry out a multi-country project on digital commons in the areas of common European data infrastructures and services and networked public administration.”
Cyber Resilience Act (CRA)
The Cyber Resilience Act is intended to introduce standardised cyber security requirements for “products with digital elements” – from secure development to vulnerability management and updates. There are overarching links here to the Product Liability Directive (see below), which will be ratified this year. What is interesting here is the clear designation of the roles of open source contributors.
EU Product Liability Directive
The EU Product Liability Directive, which will be revised at the end of 2024, extends strict liability to digital products, including software, updates and AI systems. The aim is to better protect consumers if faulty software causes damage. The directive must be transposed into national law by December 2026. It is therefore important to set the course for open source now.
For us, the main question here is whether maintainers or foundations could be considered “manufacturers” simply because they provide documentation, source code or binaries. From the perspective of the open source movement, it must be clear: Liability applies to those who place an entire product on the market under their name and exploit it commercially – not the community that provides building blocks as digital commons.
In our blog post “Why tech commons are dying”, we gave a more detailed insight into why a strengthening of the tech commons can only come about through free technology.
Other initiatives
Apart from this, various EU regulations for artificial intelligence and political measures are on the agenda, in which open source is partially addressed, or at least affected. Nezpolitik, Digitalcourage, FSFE and others from our network report on this in detail.
It would also be exciting to keep an eye on the other publications on the circular economy strategy in which open source hardware is already being discussed. We are in favour of this direction, but it remains exciting to see how much of this will be put into practice.
Is something still missing? Then let us know on Mastodon: @OSEGermany@mastodontech.de
The new year is already characterised by open source as a pioneer for more sovereignty and more participation.
Let’s have a say together and make voices from the community visible.
With this in mind, we wish you a successful Open Source year 2026.
Image/Meme Credits:
Tom Dietel, CC-BY-4.0 “Proprietary tech blindfolds freedom”
(Edit digital green version: Martin Schott)
