Book a call
Book a call

From Brussels EU-FOSSA hackathons to EU sovereignty infrastructure (2019–2026)

Why Europe needs to focus on it and not only on the prevalent deep tech narrative

Lauri Aarnio

3/25/20266 min read

Entering the world of hackathons back in 2017 when I had started my journey in the tech and innovation industry in Paris allowed me to put a finger on something that had always been somewhat abstract to me: the power of open source software systems (OSS) and the hidden superpowers the developers enforcing, coding and maintaining the frameworks.

Compressing the key moments driving European tech adoption in 48 hours

This is what hackathons embodied for me back then when they were still up and coming method of rapid innovation. The EU-FOSSA was a DG-DIGIT led (European Commission) initiative to improve the (cyber) security of widely used free and open source software (OSS) that EU institutions relied on.

Most people I had encountered back then did not bother to think why their iPhone or laptop were capable of everything they were, how they were able to use the numerous digital services and software they were using to live their lives, and earn their living. Or what potential security breaches in the OSS-networks would expose them to.

Personally, working with software developer communities with a business background in communications, marketing and international relations background was eye-opening in the sense that I had to get out of my comfort zone to understand the hidden and tremendously complex code frameworks, languages and applications without which my digital world, which I consumed and used to deliver my work, would not exist.

I would lie if I said I never had to pretend with a few enthusiastic nods and smile and name-dropping of frameworks I knew to give the impression that I fully understood the full picture back then.

Europe accelerates its digital ambitions

It was in April 2019 and October 2019, I was in Brussels for the first EU-FOSSA 2 hackathons that had the aim to foster European-level coordination on open source networks and frameworks, uniting the doers and thinkers that made European OSS possible. This was a token of EU taking a more active role in ensuring that the OSS systems work seamlessly, instead of just consuming the frameworks.

Obviously, ensuring cybersecurity had always been an integral part in the Commission's promise for the Single Market and its digital commons, explicitly and implicitly, actually investing in it was a major moment of recognition for the developers working relentlessly for our digital autonomy.

A community-driven approach was thus validated by institutions and policymakers; the EU Fossa hackathons would not have taken place without the strong community leads at Symfony, a widely used open-source PHP framework, and Apache, here, Apache Software Foundation (ASF), a non-profit that stewards a large collection of open-source projects.

The European Commission (DG Informatics, DIGIT) had commissioned our agency to bring institutional stakeholders, top-tier open-source developer community members and innovation experts in the same room to discuss OSS policy, the open-source networks' importance for the European Union and its technological future. Prior to these hackathons, I had barely given thought to the unglamorous work of keeping modern software systems alive, I had taken the rapid software prototyping work for granted, even though I had always been fascinated by the distinguished technical skills of software experts.

Open source… what? Who'd benefit from openness? Was this another money hole that the EU was so often criticized for? What was the purpose to bring these people in the same room and have them work on their frameworks for days non stop?

At that time, most people found the OSS frameworks a niche corner of EU digital policy, and it was not widely discussed outside of dedicated communities and policymakers.

Listening to the experts during these hackathons, got me genuinely wondering though, who else would care about this? Yet, what really stuck with me, is that maintaining open source is extremely hard, and the invisible work that goes into doing that, rarely got (or gets) the praise it merits. The systems benefiting from a widely functional OSS system are happy to consume the output, while the developers and the technical consultants remain hidden in the background.

Writing about them back then felt like a topic too niche to interest others than the community leaders of APACHE and Symfony, and API platform experts. All the laptops and jargon about security, documentation and governance felt so unglamorous, yet I knew it was important and was proud to be in the same room, I also knew translating the OSS experts' language into an understandable format was crucial.

I thought it'd have to change one day.

These EU-FOSSA hackathons were in a way part of the early structural diagnosis of how Europe's digital stack actually works.

Now looking back in 2026, I realized the chains of events and discussions these hackathons started created an avalanche of micro-level discussions that ended up traveling borders and meeting rooms petit à petit, and that without this prototype, parts of the concluding remarks on European digital sovereignty would not have taken place as quickly as soon as they did.

We cannot simply fast forward to 2026 from 2019 and the first EU Fossa Open Source Hackathons without mentioning the realizations that took place since

It was increasingly discussed outside of hackathon and OSS maintenance circles that the EU was lacking something in this regard.

A good example of tangible actions taking things forward was the creation of the Sovereign Tech Fund, funded in Germany. This project highlighted the need for a real funding mechanism, directed at maintaining critical open source components as infrastructure.

Could it be that the hands-on hackathons were a preface to actually giving the tangible means to OSS infrastructure to be developed and held in that as a wider EU-level paradigm shift?

From the German pioneering initiative, 2024/2025 onward, the Sovereign Tech Agency label, was led by Adriana Groh, and it would be oversimplifying to say that the work is purely millions of euros poured into a fund. The shift in mentality and strategic readiness to create programs that strengthen critical digital infrastructure was starting to materialize, and it becomes the reference point for EU-level proposals (EU-STF).

The EU Sovereign Tech Fund (EU-STF) push: a decision to move from reactivity to proactivity

In May 2026, a large coalition of maintainers, industry, researchers, and civil society signed a public letter calling for an EU Sovereign Tech Fund, arguing for baseline resourcing at €350m over seven years, and warning that without maintenance funding Europe risks undermining its own digital agenda (Digital Decade targets, Cyber Resilience Act, Chips Act, AI Act, competitiveness).

The framing is explicit: open source maintenance is 21st-century infrastructure responsibility, especially given the challenging geopolitical times the EU is facing; it cannot afford another technology-related crisis, in other words, to be reactive when things get rough, like the continent has done too often.

Again, why something we regard as "open" would be worth pouring money, talent and policymakers' time into? The metrics explain.

  • 70%+ of software depends on open source.

  • Underinvestment creates systemic risk (security, fragility, strategic dependency).

  • A single unmaintained dependency can bring down critical systems that millions rely on daily, digitally incapacitating us.

  • It must be developer-friendly and low bureaucracy, or it will fail on contact.

This essentially reframed open source funding as industrial policy, not philanthropy or only developer-oriented comms.

Digital Commons EDIC: the governance layer that EU-FOSSA did not have

DC-EDIC is the logical continuation of the EU-FOSSA instinct, with a crucial upgrade: a structure designed for cross-border adoption and sustained operations. Multiple member states of the EU collaborating, with the possibility of adding an additional layer of corporate and private partners to contribute to the goals. Flexibility with the institutional authority, aligning business interests with realities.

La raison d'être of EDICs, and in this case, Digital Commons EDIC: build, maintain, and scale digital commons across member states to reduce dependency and increase resistance to potential shocks.

The project frames open source underinvestment as a European resilience gap, and positions pooled funding (including an EU-STF pilot logic) as a mechanism to fix it.

DC-EDIC for Digital Commons is the first cross-border structure to formally pool member state resources for open source maintenance, moving the question of who pays and who governs out of national silos.

Broadening the discussion to cover invisible layers

The ethos heard throughout EU's deep tech conferences about sovereignty and competitiveness and lab-to-market speed and scaling would not be possible without these hidden, unglamorous layers beneath. We can only (deep) tech if our open-source infrastructure that we depend on is secure, well maintained and invested in.

Sources:

OpenForum Europe (8 May 2026). Public Letter: European Industry and Civil Society Call for Open Source Maintenance Funding through an EU Sovereign Tech Fund (EU‑STF).

Gates, Nicholas. (2025/2026). Investing in the EU Sovereign Tech Fund: Open source maintenance as a 21st century digital infrastructure responsibility for the European Union. Policy primer (OpenForum Europe).

Press release: The Sovereign Tech Fund launches funding: an investment in Europe’s digital sovereignty

lauri@la-insights.com

Paris, France

Privacy Policy