All programmers, from hobbyists to those at Microsoft or Google, use open source software, present in between 70% and 90% of the computer applications we use today. Nobody starts a job from scratch, but instead goes to libraries like GitHub or GitLab to download code packages already written, reviewed and improved by the community. “Developers spend on average two-thirds of their time adapting open software to their needs and building their application on top of that. Therefore, if there is a security flaw in that code, everyone from Apple or Meta to the German or Spanish government has a problem,” explains Adriana Groh (35, Würzburg, Germany).
Groh is the CEO of the German government’s Sovereign Tech Agency, a pioneering institution in Europe dedicated to maintaining common digital infrastructure. In his view, the path to European technological sovereignty, which has gained momentum since Donald Trump returned to the White House, involves ensuring that the foundations of open source are solid. He attended EL PAÍS in Madrid, where he participated in the Digital Resilience Forum and did the same the day before in Barcelona at the 4D Conference organized by Xnet and Accent Obert.
Ask. In Spain there is no organization equivalent to the one you lead. What do they do at the Sovereign Technology Agency?
Answer. We started three years ago with a fund, which worked very well. We are now working on a standards program and will probably also launch talent attraction programs in the future. Our structure is quite unique: we are a private company owned by the German government, so we operate independently, but we have public procurement. We also have an international vocation: we try to provide a sort of roadmap to other governments to inspire them to take on the same mission as the German government.
Q. What is that mission?
R. In the 21st century, every government should consider it part of their job to ensure that software is sovereign and safe, not only for themselves, but also for companies, society and researchers. In the 21st century, software is the invisible infrastructure of our daily lives, like roads and bridges. Everything works through software, and a significant part of it is viable thanks to open source, which is altruistically managed by people. If the latter breaks, then it is as if a road or a bridge collapsed: everything else becomes much more complicated and dangerous.
Q. What kind of projects have you promoted from the agency?
R. We’re still relatively small, even though our budget has grown from about 10 million to about 20 million. With that money we want to focus on where we have the biggest impact: we look at the software that developers need to develop new software. Most people have never heard of it curl OR pi (Python) or the other 60 technologies we work on. But if these programs fail, suddenly the payment systems no longer work. If we look at shared digital infrastructure as a big building block, we need to invest in the pillars to be able to continue growing upwards. Otherwise it’s like building castles in the sand. Our mission is to look at those foundations.
Q. So they focus on the software, not the hardware.
R. Exact. We believe it’s best to do just one thing very well. And, if you succeed, you can move on to the next one. Of course, software alone is not enough. If we want to be more sovereign in Europe, we need to identify the problems and then design effective new tools for each of them and make sure they are coordinated and aligned so that they have a real impact. You really need to understand how software developers work and how the open source ecosystem works.
Q. Are there other countries that do something similar to yours?
R. We are faced with a classic commons problem: everyone uses open software as a basis for building their own developments, but no one feels responsible for it. Why should I invest in open software if my competitor also uses it and doesn’t pay for it? This is the problem we want to address. So we’re getting a lot of interest from the industry as well. If we can get them to cooperate, I think that will make us very strong. It’s a good time to spread this message because everyone wants digital sovereignty. It’s not enough to replace one or two products, but to think about the entire process: software, hardware, data and who has the means of production.
We are faced with a classic commons problem: everyone uses open software as a basis for building their own developments, but no one feels responsible for it.
Q. To what extent is it possible to pursue European digital sovereignty without addressing the hardware part?
R. That leg needs to be addressed as well. But you have to start somewhere. We need strategic independence at different levels. I don’t think this means you have to do everything yourself, but you should know where you are strongest. We need data centers, we need computing power, we need chips.
Q. Should this process be addressed by the public sector?
R. We need a triangle to create a sustainable and safe ecosystem. On the one hand there are the volunteers who have always supported open source software, those people who, once their paid work is finished, return home to maintain the software that the rest of the world uses. They do it because they truly believe in open source. We don’t want this to end, but we want to take some of the pressure off them. On the other hand there are companies that trust open source, who use it in their daily lives. They need an open source strategy, considering how they contribute. Third, we believe that the government should also be present.
In the 21st century, software is the invisible infrastructure of our daily lives
Q. Do you think there is awareness of the need to contribute to the maintenance of open source software? Or is more pedagogy needed?
R. The Internet works on a shared infrastructure that is not owned by anyone, but which we must take care of. Developers at Google, Microsoft or Meta use Python as much or more than their colleagues at a small startup in Barcelona or Berlin. This type of open software is a shared global resource, there is no commercial incentive to own it, because that would mean having to maintain it. This is the challenge: everyone needs it, but no one feels responsible for it. In addition to infrastructure, there are also open source products, although this is a different challenge that we do not face. In any case, open source products are increasingly attractive. When WhatsApp was acquired by Meta, many of my friends switched to Signal, which is open source, because they were not comfortable with WhatsApp’s data protection policy. I think that citizens will increasingly make decisions of this type: if two services are very similar, we prefer the safer one.
Q. What does open source contribute to the debate on reducing technology’s carbon footprint?
R. Open source software is reusable and can be adapted to each project. So we avoid people doing the same job multiple times. That’s why the industry is so interested: If you can save resources by using open source software, why develop it from scratch, knowing that the open source software is already the best there is?
Q. Do you think the EU should regulate the use of open source software in some way?
R. The answer varies for each of the sides of the triangle I mentioned earlier. If you look at civil society, each person chooses whether they want to use WhatsApp, Signal or something else. However, companies should understand that using a free common resource without contributing in return is not sustainable. As for the government, instead of buying licenses for proprietary programs, it should spend public money on open source, that is, what companies and individuals can use for free. It is more transparent, safer, because it has been reviewed and improved by the entire community, and reusable.
