Why Open Source Won’t Be Enough to Free Us from Big Tech

Let’s play a game. A management game, SimCity-style.

Here’s the setup: You manage a country. Actually, let’s increase the difficulty: You manage a federal state made up of several countries.

This state is losing money every year because it buys more from neighboring countries than it sells to them.

This drain has several consequences: your companies sell less, so they under-invest. Your citizens have fewer jobs and lower wages.

You depend on imported products. The states selling them take advantage of this to impose their own conditions for continued business.

As you’ve probably guessed, this game already exists. It’s called Europe, and the products I’m talking about are essentially digital services.

And apparently, a solution is currently being studied to counterbalance this slow digital colonization: Open Source.

Okay, let’s explore this path and try to understand where it might lead us.

264 Billion Euros and 1 Million Jobs

264 billion euros and 1 million jobs, that’s what Europe lets slip away every year to major American Tech companies (Cloud, AI, etc.).

This figure hides massive blind spots. Digital technology means direct AND indirect jobs, risks of espionage, and proven cases of public opinion manipulation.

It’s also a constant weight on our diplomatic relations, because it’s hard to resist our digital dealer when they impose conditions, for instance, demanding we abandon inclusion policies within our own companies.

In this context, Europe wants to rely on the European Open Digital Ecosystem.

So, is Open Source the solution?

Open Source and Geopolitics?

If money has no smell, does Open Source? Not necessarily.

An open license tells us nothing about a project's governance, meaning, who decides and who captures the revenue.

A huge number of major open-source projects are simply funded by large American corporations (e.g., Kubernetes, React, VS Code). GitLab, for instance, sees a vast majority of its contributions coming from salaried engineers.

Another part of these projects is managed by foundations that may also be based in the US (Apache, Linux, Mozilla).

In the event of a conflict, even if Open Source is "open," Europe could find itself penalized.

We could be excluded from major distribution platforms, like GitHub, which has restricted usage in Iran in the past.

A project could unilaterally decide to stop supporting local standards or legislation (such as privacy regulations).

A state could influence contributors to insert backdoors.

But it’s open source, you might say. We could just create our own fork and maintain it in Europe, right?

It’s not that simple.

That would imply finding, mobilizing, and funding armies of contributors in Europe. Contributors who would spend a portion of their time "just" catching up with the original code and verifying that no backdoors were introduced to target us.

In short, it requires resources and people willing to maintain projects built elsewhere.

Then there’s the concept of the ecosystem. Take Huawei, for example: they forked Android but couldn't access the Play Store or Google Play Services, which severely limited its appeal.

You might argue that we also have foundations in Europe. Eclipse moved to Europe in 2020, making it the largest European open-source foundation.

True, but a foundation lives off membership fees, and the main contributors to Eclipse are American (IBM, Oracle, Microsoft, Intel, Amazon, Google). Not to mention that the Eclipse Foundation isn't the most advanced on current topics like AI or Cloud.

A Structural Fragility in Open Source

This isn't just a hunch; it all circles back to the question of resources.

Until now, we’ve mostly discussed massive projects, but the vast majority of projects rest on fragile foundations.

Open source is underfunded. Countless projects are simply too small to be visible, even though they likely power 99% of modern digital software (source: myself, but I doubt I'm far off).

Between maintainer burnout and the lack of resources to keep up with current demands, it’s easy to connect this fragility to cyber risks. Log4Shell, Heartbleed, and XZ are perfect examples of vulnerabilities and cyberattacks targeting open source.

Relying on such fragile actors without funding them is hypocrisy.

But this conclusion is widely shared, and Europe is planning to put money on the table to fund open source as an alternative to major US software.

We’re talking about funding programs in the billions of euros and policies favoring open-source solutions.

Digital Commons

Of course, we return to the problem mentioned earlier: open source does not mean neutrality. Therefore, Europe is setting criteria and, above all, defining the concept of a Digital Common:

A digital common is not just software (code); it is a triad of inseparable elements:

• A digital resource: Software, a database, a technical standard.
• A community: Developers, contributors, companies, and users who maintain the resource.
• Governance: A set of rules defining who can contribute, how decisions are made, and how to prevent the resource from being captured by a single actor ("vendor lock-in").

An open-source project "dictated" by a single American multinational is not a digital common, because the community has no real decision-making power.

And "digital commons" created in Europe do exist: OpenStreetMap, VLC, and even Linux and the Web.

Toward a Fragmented Open Source?

The primary fear in a digital cold war is seeing a fragmentation of open source: license wars, targeted exclusion of contributors by country, and a decline in international collaboration. It’s already becoming difficult to get visas for international events, and refusing certain foreign travel is becoming both a political and ecological act.

While this outlook is somewhat grim, it is relatively inevitable. In a closing world, open source will not live in an isolated bubble. And this will force us to create our own digital identity.

A European Digital Identity

It’s true: open source alone is not the solution because it is a fragile, underfunded, and inherently non-neutral ecosystem.

A large portion of US Open Source is funded by big US companies, often serving as a digital Trojan horse to capture revenue.

But how many companies in the US actually run on "Free Software"?

Relatively few.

This is less true in Europe. The International Criminal Court (ICC) runs on OpenDesk. Several French administrations have just announced their migration to "La suite numérique".

We could see a European digital identity taking shape, based on standards like interoperability (open formats), reversibility (the ability to easily retrieve one’s data), and the digital commons I mentioned earlier.

We could see industrial consortiums joining forces to create digital standards, such as Eclipse SDV (for Software Defined Vehicles).

We could imagine conditions in public tenders that de facto eliminate US products—for example, an extraterritorial immunity clause to protect us by default against laws like the Cloud Act.

Finally, we can imagine Europe becoming a hub for digital ethics, attracting global talent who want to contribute to projects serving the general interest rather than the stock price of a giant.

In short, open source is not a magic wand for Europe to stop being a digital colony. We will have to go further. This will require courageous public procurement, massive funding of digital commons, and strict legal protection against extraterritorial laws. European digital identity will not be a gift from Tech giants, but an infrastructure we must build ourselves.