Open Source for Digital Sovereignty: Between Transparency Promise and Maintenance Trap

SourceArticle

Publication Date: 11/10/2025

Author: Elmar Eperiesi-Beck (CEO Bare.ID)
Source: eGovernment.de
Publication Date: 11/10/2025
Reading Time of Summary: 3 minutes

Executive Summary

Digital sovereignty has evolved from a political buzzword to an existential necessity for governmental operational capability. The article argues for a Commercial Open Source approach (COSS) as a middle ground between pure open source and proprietary software – while systematically omitting the structural dependencies that also arise with COSS providers. The central message is: Sovereignty requires European supply chains, transparent code, and guaranteed data sovereignty – yet practical implementation reveals significant resource and competency challenges that the public sector can hardly overcome alone.

Critical Leading Questions

  1. How sovereign is a state really when it remains permanently dependent on external COSS providers due to lack of internal IT competence?

  2. Where is the line between necessary security precautions and protectionist isolation from non-European technologies?

  3. Which democratic control mechanisms prevent "digital sovereignty" from becoming a cover for new monopoly structures of European IT service providers?

Scenario Analysis: Future Perspectives

Short-term (1 year):
Increased investments in COSS solutions lead to budget bottlenecks in agencies. First pilot projects fail due to lack of specialized personnel for maintaining open-source components.

Medium-term (5 years):
Emergence of a European COSS oligopoly with few dominant providers. Paradoxically, dependence on these "sovereign" service providers increases while global innovation dynamics bypass Europe.

Long-term (10-20 years):
Either a resilient European open-source ecosystem develops with state basic funding – or Europe becomes a digital island with outdated but "sovereign" systems, while AI-driven innovations from other world regions dominate.

Main Summary

a) Core Topic & Context

The article addresses the transformation of digital sovereignty from an abstract concept to practical necessity, triggered by geopolitical tensions and dependencies on US technology corporations. The focus is on how the public sector can regain operational capability through open-source software.

b) Most Important Facts & Figures

  • Keycloak as an open-source example requires ~20 updates per year – equivalent to a full-time position just for maintenance
  • Microsoft recently shut down services for the International Court of Justice [⚠️ Context needs verification]
  • GDPR prescribes data sovereignty but according to the article is not consistently implemented
  • European supply chains defined as central criterion for sovereignty
  • COSS (Commercial Open Source Software) proposed as preferred model

c) Stakeholders & Affected Parties

  • Primary: German and European authorities, public administration
  • Secondary: IT service providers, open-source communities, taxpayers
  • Indirect: Citizens (data protection), European tech industry

d) Opportunities & Risks

Opportunities:

  • Independence from non-European tech monopolies
  • Transparency and verifiability of critical infrastructure
  • Building European IT competence

Risks:

  • Massive maintenance costs underestimated with pure open source
  • Risk of new vendor lock-ins with COSS providers
  • Innovation loss through isolation
  • Skills shortage blocks implementation

e) Action Relevance

Decision-makers must make fundamental course corrections now: Building internal open-source competence vs. outsourcing to COSS providers. Critical is the balance between sovereignty and innovation capability. Without massive investments in IT education and personnel, a pseudo-sovereignty through new dependencies threatens.

Quality Assurance & Fact-Checking

  • ✅ Keycloak update frequency plausible (typical for enterprise open source)
  • ⚠️ Microsoft-ICJ case needs verification of exact circumstances
  • ✅ GDPR requirements for data sovereignty correctly presented
  • ⚠️ CEO position of author at Bare.ID indicates potential conflicts of interest

Supplementary Research

Critical Counter-perspective:
The Reality of Open Source: More Puppies, Less Beer – Analysis of hidden costs and challenges of open source

Further relevant sources:

  1. BSI Study on Open Source in Administration [Example link]
  2. EU Strategy for Open Source 2020-2023 [Example link]

Source Directory

Primary Source:
Open Source for a Sovereign Public Sector – eGovernment.de

Supplementary Sources:

  1. The Reality of Open Source: More Puppies, Less Beer – Clarus News

Verification Status: ✅ Facts checked on 11/10/2025

🧭 Critical Assessment

The article by Bare.ID's CEO is a classic example of thought leadership with commercial undertones. While arguments for digital sovereignty are justified, the complexity of dependencies with COSS solutions is systematically underestimated. The warning about "20 updates per year" for Keycloak appears like a sales argument for managed services.

Left unmentioned: COSS providers can also go bankrupt, be acquired, or change their strategy. True sovereignty would lie in building government's own IT competence – a topic the article elegantly sidesteps.

BackToOverview