According to the opinion formulated on the European Multi-Cloud pages issued by the promoter of LayerOps, a “Container as a service” (CaaS) platform that federates european cloud providers, the European Union Public License (EUPL) is seen as a sovereignty instrument for ensuring compatibility with EU copyright law while maintaining interoperability with other major open-source licenses.

The focus is put on the benefits of diverse cloud services while minimizing the risks associated with vendor lock-in. By utilizing multiple cloud providers, they say that companies can achieve greater flexibility and scalability, ensuring they are not overly reliant on a single vendor's ecosystem. Indeed, vendor Lock-In becomes a primary concerns for businesses moving to the cloud, where a company becomes dependent on a single cloud provider's services and technologies. 

This dependency could be strongly reduced by adopting a multicloud approach, enhancing business agility by allowing companies to choose the best cloud services for specific workloads. Such cloud sovereignty must be based on the portability of applications and data, ensuring that businesses can move seamlessly between different cloud environments without significant reconfiguration, maintaining operational continuity. Furthermore, the focus on cloud sovereignty allows companies to comply with regional data protection regulations by choosing cloud providers that align with their compliance needs.

Open source, while often seen as a symbol of freedom and technological independence, is not fully answering the needs, as the governance of main projects is primarily led by non-European entities, real risks emerge for Europe's digital sovereignty. Considering the potential impact of non-European open-source governance, three main risks are highlighted:

• The risk of economic or political influence from  non-EU stakeholders
• The vulnerability to regulatory changes
• The lack of control over project development and direction

Concrete examples of governance risks are provided:

• The 2023 change, by HashiCorp,  of the license of several of its flagship tools—including Terraform—to the Business Source License (BSL). This unilateral decision severely limited commercial use and impacted many companies that relied on those tools.
• The contributor concentration in Kubernetes (open-source project under the CNCF) where most contributions are dominated by US tech giants like Google, Microsoft, and Amazon, shifting the roadmap toward their commercial interests—potentially at odds with European needs.

They also provide examples of European initiatives for sovereign open source governance:

• The Germany’s Sovereign Tech Fund, launched in 2022, which supports open-source infrastructure projects critical to sovereignty, such as operating systems and communication protocols.
• The European Union Public License (EUPL), which ensures compatibility with EU copyright law while maintaining interoperability with other major open-source licenses.

They formulate recommendations for an Open Source strategy oriented towards an European-led governance. To preserve technological autonomy, Europe must:

• Increase participation in key open source projects by encouraging European developer contributions.
• Fund and sustain strategic initiatives with dedicated EU-level resources.
• Standardize adoption of EU-compatible licenses such as the EUPL.
• Create and lead sovereign open source infrastructure with native European oversight.

Conclusion is that open source governance can no longer be an afterthought. Europe needs to step up and ensure the technologies of tomorrow remain aligned with its values and interests.

More information: here