< Back to Blog

An Open Letter from Europe’s Open Source Industry

May 18, 2026 | By: Dirk-Peter van Leeuwen

Share
Share

Why we wrote the letter

The conversation about digital sovereignty has changed. What was, not long ago, a concern primarily of government CISOs and Brussels policy teams has become a board-level question for organisations across every sector. In a geopolitically unstable world, controlling your own infrastructure and applications is a strategic requirement. That means knowing what is running on your systems, being able to switch providers without starting over, and adapting when circumstances change. How quickly can I change, or pivot? Speeding up the adoption of sovereign solutions is something many people and organizations are working on – not just us. In fact it has made it all the way to Brussels.

The proposal for an EU Cloud and AI Development Act (CADA) is expected to be presented on May 27 as part of the EU Tech Sovereignty Package. At its core, it is a capacity bill: the EU currently lags the US and China in data centre infrastructure, and CADA is designed to accelerate investment, simplify permitting, and triple EU compute capacity within five to seven years. Those are legitimate and necessary goals.

But capacity alone does not mean you can move quickly. You can build data centres on European soil, subject to European law, and still run proprietary software that your organisation cannot inspect, modify or replace. The buildings become European. The dependency does not. CADA has the potential to address this at the procurement level, by requiring public sector bodies to assess open source alternatives before reaching for a proprietary solution.

Our letter asks that CADA includes a binding Open Source First requirement – an obligation for public sector bodies to assess whether a qualified open source solution exists before any proprietary alternative is considered. That assessment must be documented and auditable.

The case is straightforward. The benefits of open source for digital sovereignty are well understood. However, the public sector is still the largest driver of proprietary software lock-in in Europe. Not because open source cannot compete, but because procurement frameworks have never systematically required it to be considered.

An Open Source First requirement changes the default without restricting choice.

This has to be about architecture, not just geography. I strongly believe that open source is the only approach that makes the foundational layer genuinely portable and maintainable by anyone, not solely the original vendor. Geographic location is a necessary condition for sovereignty, but it is not a sufficient one.

Following the letter, the Cabinet of Executive Vice President Henna Virkkunen invited the co-signatories to meet with them. The conversation was encouraging. The cabinet understood the urgency of the timing and acknowledged that the open source industry represents a delivery-ready alternative to the proprietary default. We intend to build on it.

Change does not happen in a vacuum but in collaboration. We are now opening the letter to additional signatures. If your company is headquartered in Europe and operates in cloud infrastructure, cybersecurity, enterprise software, or open source development, I would ask you to consider adding your name.

https://www.suse.com/eu-tech-sovereignty-letter/

Best wishes
Dirk-Peter van Leeuwen, Chief Executive Officer, SUSE

Share
(Visited 1 times, 1 visits today)

Related Articles

Dec 18th, 2025

The IT Paradox: Why “If It Ain’t Broke” Will Break You in 2025 (and Life After HP-UX) 

Nov 05th, 2025

SUSE Partner Engineering Releases YES System Certification Kit v10.

Nov 18th, 2025

The 6-Month Fallacy: Why Short Linux Lifecycles Don’t Work for Enterprises

Nov 11th, 2025

End Security Sprawl: Introducing Unified SSO/RBAC for Centralized Kubernetes Governance

Dirk-Peter-van-Leeuwen
3 views
Dirk-Peter van Leeuwen