IEA: EU Parliament advances in stengthenting the role of Free Software, yet needs more to improve

The two EP Committees for opinion, IMCO and LIBE, have today adopted their texts on the Interoperable Europe Act. While both recognise the importance of Free Software for this regulation, the inclusion of the Free Software community in the Board remains uncertain. The wording on proper monitoring and evaluation goes in the right direction.

The Committee on the Internal Market and Consumer Protection (IMCO) and the Committee on Civil Liberties, Justice and Home Affairs (LIBE) have today adopted by a large majority their opinions on the Interoperable Europe Act.

The IMCO Committee, following some of our demands, has highlighted the need for public bodies and institutions to prioritise the use of Free Software in order to support the creation of reusable solutions. Furthermore, it has also recognised our demand for clearer objectives and indicators to assest its achievement. Moreover, it has included measures to report and monitor the number of Free Software solutions developed and adopted by the public sector within the scope of the Regulation.

Unfortunately, no amendments to include more stakeholders in the Interoperable Europe Board were adopted, apart from the proposal to include the European Parliament as an observer. Therefore, it is now up to the lead Committee on Industry, Research and Energy (ITRE) to take further steps forward in the direction of enriching the Board.

On the other hand, the LIBE Committee has briefly included the wording to encourage Free Software solutions when it comes to enhancing transparency in the processing of personal data within the scope of this regulation. However, this wording still needs to be improved by more firmly prioritising the use of Free Software for such purpose.

In the coming weeks, the Committee on Industry, Research and Energy (ITRE) will agree on its text, which will most likely be voted in plenary after the summer break, and then enter into the inter-institutional negotiations. We call upon the decision makers to not only anchor the progress that IMCO and LIBE have achieved with their opinion but also to undertake the actions needed for a more inclusive governance approach by including the Free Software community as part of the Interoperable Europe Board. This is also true for the Council, that wants to exclude relevant stakeholders from contributing to an Interoperable Europe.

Support FSFE

Cyber Resilience Act: First committee backs FSFE demand to protect Free Software

The Internal Market and Consumer Protection Committee (IMCO) today launched a landmark decision to protect Free Software developers in the Cyber Resilience Act (CRA).

The Internal Market and Consumer Protection Committee (IMCO) today launched a landmark decision to protect Free Software developers in the Cyber Resilience Act (CRA). In September last year, the EU Commission presented the CRA. The proposal to exclude Free Software “outside the course of a commercial activity” would fail to address a large part of software that will not be covered but is deployed. Furthermore, smaller and non-profit projects would be harmed as they would have to bear major costs. We, therefore, proposed a solution that will lead to more security while safeguarding the Free Software ecosystem:

1. Liability should be shifted to those deploying Free Software instead of those developing Free Software and
2. Those who significantly financially benefit from this deployment should make sure the software becomes CE-compliant

Shortly, the leading committee, Committee on Industry, Research and Energy (ITRE), will define its position and submit it to the plenary for a vote. After that, the trialogue with Parliament, Council and Commission will begin in order to reach a final agreement. At the same time, similar rules are being negotiated in the Product Liability Directive (PLD). Here, too, FSFE is calling for the protection of developers of Free Software. We thank all those organisations and individuals contributing to this position and making sure to safeguard Free Software in those files.

Support FSFE

Council to exclude relevant stakeholders from contributing to an Interoperable Europe

The current draft from the Council on the Interoperable Europe Act is limiting the Interoperable Europe Board, and with this excluding relevant stakeholders from contributing to a more interoperable and innovative Europe. There is also a lack of improved wording in the area of monitoring and budgeting.

The Interoperable Europe Act is aiming to enhance cross-border digital public services across the European Union. This proposal is currently discussed in the European Parliament and the Council. Through a Freedom of Information request, the FSFE caused access to the latest compromise text (.pdf) of the Council.

From this draft, it gets clear that the Council is seeking to limit the overall participation in the Interoperable Europe Board by hindering the possibility to include experts and other stakeholders with observer status in such board. This not only goes in the completely opposite direction of our demand for more inclusion of different stakeholders – especially the Free Software community – but it also undermines the position of the Expert Group on Interoperability of European Public Services.

This Expert Group consists exclusively of representatives of public authorities and they demanded (.pdf) back in 2021 to work “closely with different stakeholders. Some of them “private partners; local entities (e.g involving regions, municipalities), EU standardisation and other international organistations (OECD, UN, international standardisation bodies, etc.) as well as citizens’ representatives depending on the subjects to be handled”. With the current proposal, none of these stakeholders could even be invited to a board meeting nor be an observer, as proposed by the European Commission (.pdf).

The European Parliament would also not be part of the Interoperable Europe Board, which the Parliament's rapporteur, Ivars Ijabs -Renew Europe member- understandably changes in his draft report (.pdf) by suggesting to give the Institution a seat. Members of the European Parliament, like Jordi Solé on behalf of the Verts/ALE Group, also call for the inclusion of Free Software communities, which is mostly in line with our demands.

Furthermore, the Council has failed in defining Open Standards, while doing very little to improve the way monitoring will be carried out after such legislation comes into force. The Council has also not taken note of the need for a proper budget allocation that will assist public administrations in executing the activities that will follow with this Act. At least a definition of ‘Open Source licence’ includes the four freedoms has been introduced [Art. 2 (8b)].This underlines the strong link between Free Software and interoprability.

As the European Parliament will agree on its draft position on the Interoperable Europe Act in the coming weeks, we urge EU lawmakers to address this matter by improving the Commission’s proposal, in order to ensure a robust and inclusive governance structure in which different stakeholders, including the Free Software community, can be part of the Interoperable Europe Board. A proper monitoring workflow and evaluation together with a dedicated budget are also very much needed to move forward. Right now, Europe has the chance to pave the way for a legislation that allows efficient, innovative cross-border administration by recognising the crucial role that Free Software and its community play in interoperability.

Support FSFE

EU: Majority for AI Act – and safeguards for Free Software

The European Parliament today voted in favour of the AI Act with 499 votes in favour, 28 against, and 93 abstentions. Free Software is given safeguards, these rules must now be defended in the trilogue and transferred to the Cyber Resilience Act and the Product Liability Directive.

With a large majority, the plenary of the EU Parliament today confirmed the compromises of the lead committees from May. The AI Act contains a far-reaching exemption from this regulation for non-profit organisations as well as small Free Software projects up to the size of micro-enterprises. The position of the EU Parliament must now be defended in the upcoming trilogue, in which the final text will be negotiated together with the Council and the Commission.

"With today's decision, the EU Parliament has demonstrated how Free Software can be regulated in a meaningful way. Developers must be protected, but at the same time those who significantly benefit on the market with the use of Free Software must also be responsible. This principle must now also be anchored in the Cyber Resilience Act and the Product Liability Directive", explains Alexander Sander, Senior Policy Consultant of the Free Software Foundation Europe (FSFE)

More information on the negotiations on the Cyber Resilience Act and the Product Liability Directive can be found here.

Support FSFE

Germany: dPhoenix on the road to failure?

A Free Software office and collaboration suite for the public sector is one of the projects with which the German government aims to fulfil the goals of the coalition agreement. But a closer look at the project raises questions: Where is the source code? Who is responsible? What happens to the public money involved? We asked the relevant ministry.

Back in 2020, the north German IT service provider Dataport started the first pilots of its dPhoenixSuite as an alternative to Microsoft’s proprietary office and collaboration suite. The dPhoenixSuite integrates Free Software components such as Nextcloud, Matrix, Jitsi, Collabora, and UCS. The suite is already being offered on a small scale as a cloud service to German adminstrations, taking a stand where the German IT Planning Council is calling for a sovereign working environment for administrations, with Free Software solutions as a priority. But Dataport seems to fall short of this expectation.

The current issue 07/23 of Linux Magazin comes with a detailed and critical analysis by Markus Feilner, which covers both the history and the problems of Dataport’s “Projekt Phoenix” and its relation to the “Sovereign Workplace” (“Souveräner Arbeitsplatz”), a long promised reference implementation under the responsibility of the German Federal Ministry of the Interior and Community (BMI), coordinated by the recently founded Centre for Digital Sovereignty of Public Administration (ZenDiS). Some of the major problems Feilner reveals are the missing dPhoenixSuite source code, a lack of understanding of Free Software and of collaboration within the Free Software community, a tendency to open-wash by claiming to be “based on open source”, unclear responsibilities, and an opaque relationship to the BMI’s “Sovereign Workplace” project.

We have been promoting the concept of “Public Money? Public Code!” since 2017, and we welcome and encourage every step towards Free Software in public administrations. However, the recent news developments around Dataport and the Sovereign Workplace are reason to be wary, especially of any attempts to open-wash.

Therefore, we have today sent a list of questions to the BMI, expecting that the answers will make the situation around the dPhoenixSuite and the Souvereign Workplace transparent.

Questions for the Federal Ministry of the Interior and Community (BMI):

1. Dataport advertises its dPhoenixSuite as an “open source solution”. So far, however, only the source code of the underlying Free Software (also known as Open Source) components is available under Free Software licences. The code of the complete, integrated suite cannot be obtained from Dataport upon request.

   1. When will the full source code of the Sovereign Workplace be published on OpenCoDE?
   2. Will the code be published under a Free Software license, and if yes, under which one?
   3. Is the Sovereign Workplace based on the same code stack as the dPhoenixSuite?
   4. What part of the Sovereign Workplace code comes from dPhoenixSuite? In which parts do they differ and why?
   5. Will it be possible for everyone to compile the Sovereign Workplace from the source code and run it on one’s own infrastructure as soon as it is published on OpenCoDE? Will an elaborate documentation to the code be available
   6. Are there plans do further develop the Sovereign Workplace in collaboration with the community of the underlying Free Software projects after the code has been published?
   7. Will further development using OpenCoDE take place openly according to the tried and tested principles of “coding in the open” and “release early, release often”, establishing and involving a community?

2. According to public news and information from Dataport, the dPhoenixSuite is based on the Sovereign Workplace, which is to be published on OpenCoDE before the end of 2023. According to the BMI, the Sovereign Workplace is based on dPhoenixSuite.

   1. Which of the two statements is correct? How do the two different statements come about?
   2. Which contracts with reference to the Sovereign Workplace exist between the BMI or ZenDiS on the one hand and Dataport on the other?
   3. Is the Sovereign Workplace rather a fork of dPhoenixSuite or a reference implementation? Once the source code has been published on OpenCoDE, will the Sovereign Workplace be further developed independently of dPhoenixSuite or will it remain coupled to dPhoenixSuite?
   4. Can you provide us with an organisation chart of the Sovereign Workplace project with all the authorities, offices, public bodies and responsible persons involved? If this is not possible: Which authorities, offices, public bodies and responsible persons are involved in the Sovereign Workplace project (in each case with details of their role and responsibility within the project)?
   5. Who is responsible for the Sovereign Workplace project in the BMI?
   6. What competences does the CIO have in coordinating the project and in coordinating with Dataport?
   7. Where and by whom is the cooperation between Dataport and BMI/ZenDiS on the Sovereign Workplace and the Phoenix project controlled and coordinated?
   8. Where and under whose leadership are the components of the Sovereign Workplace that are not adopted from the Free Software community (for example gluecode and integration scripts) developed?
   9. How many people develop code for the Sovereign Workplace at the BMI or ZenDiS? Is this code also made available to Dataport for the dPhoenixSuite?
   10. Are there any requirements from BMI/ZenDiS to Dataport for the development of the dPhoenixSuite? If yes: Are these fulfilled?
   11. Has the BMI exerted any influence on Dataport to publish the complete dPhoenixSuite as Free Software

3. Funding

   1. What public funding has been spent on the Sovereign Workplace so far?
   2. What funding is available for the project for the current year?
   3. What annual funding is needed until 2025 to further develop the Sovereign Workplace?
   4. Did Dataport receive any funding from the BMI/ZenDiS for the development of dPhoenixSuite or contributions to the Sovereign Workplace?

We expect that the BMI’s response will give the public a better understanding of what is going on around the Sovereign Workplace and the dPhoenixSuite. We will stay tuned to this issue and report back as soon as we receive a response.

Free Software and “Public Money? Public Code!”

Free Software gives everyone the right to use, study, share and improve applications for any purpose. These freedoms ensure that similar applications do not have to be programmed from scratch every time and, thanks to transparent processes, others do not have to reinvent the wheel. In large projects, expertise and costs can be shared and applications paid for by the general public are available to all. This promotes innovation and saves tax payers money in the medium to long term. Dependencies on vendors are minimised and security issues can be fixed more easily. The Free Software Foundation Europe, together with over 200 organisations and administrations, is therefore calling for “Public Money? Public Code!” - If it is public money, it should be public code as well. More information on the initiative on the “Public Money? Public Code!” website.

Support FSFE