Don’t reinvent the wheel — Build new features and push them upstream

The COVID-19 pandemic rapidly accelerated the implementation of digital communication tools in public institutions across Europe. Schools, universities, and even government agencies found themselves compelled to catch up on their neglected digitisation efforts overnight in order to maintain their fundamental functions. In this transition to digital services, a multitude of institutions turned to the most readily available option: Software-as-a-Service (SaaS) solutions from major platform providers. Although this dependence on Big Tech did provide continuity in the short term, it has now moved to a somewhat hybrid (onsite and online) work environment, resulting in even greater dependency and a perceived lack of alternatives. In light of the need for resilient and sovereign digital infrastructure for public institutions during times of multiple crises, it is crucial to re-examine this current state more thoroughly and to explore participatory solutions.

Digital dependencies become endemic

In a nutshell, four avoidable dependencies arise from the use of SaaS. The most obvious is hardware dependency, since “the cloud” merely means that one's data is stored on someone else’s computer, outside of one's own control. Whether, how often, and with whom this data is shared in the backend is opaque to users. Users are further dependent on believing the assurances of Big Tech manufacturers. Additionally, even the process of how data is generated is dependent on the provided generalised interface, such that content adapts to the template rather than the template being designed to be context-specific. Finally, there is economic dependency, where the licensee falls into a subscription trap with SaaS. The more content that is created, the more difficult it becomes to migrate this content, a usually hard or impossible task, and thus in monopolistic situations increasingly higher subscription costs can be incurred with no viable alternatives.

Alongside this disheartening dependency into which public institutions are increasingly entering, there are legislative initiatives attempting to moderate this field. Following the implementation of the General Data Protection Regulation (GDPR) in 2018, the Digital Markets Act (DMA) came into effect in the European Union in March 2024, with the aim to strengthen competition in the digital market by regulating dominant platforms, aka gatekeepers. It establishes rules to prevent these companies from abusing their market power, for instance by favouring their own services or making it difficult for users to switch providers. It also lays the groundwork for the first approaches to scaled federated systems through the required interoperability of messaging services.

Now that the problems are known and the barriers to adopting open alternatives have been lowered, what remains is the design of this newly emerged space. What might the future of resilient digital infrastructure of public institutions look like, and how do we get there? By viewing ourselves as drivers of innovation, we gave it a try in the past years…

Open-source·ing a university

At the onset of the COVID-19 pandemic, Europe's largest art university, the Berlin University of the Arts, faced the same challenges as everyone else; except it had even less digital infrastructure than many others. Yet this unique situation allowed for the implementation of alternative emergency digitalisation based on Free/Libre Open-Source Software (FLOSS), rather than utilising Microsoft Teams or similar. Within the framework established by the university presidency's 'AG Online Lehre' (Working group on online teaching), an interdisciplinary group consisting of teachers, system administrators, as well as students/alumni of the ‘digitale klasse’ set out to create a digital environment specifically tailored to the needs of the arts. This setup was both privacy-focused and self-hosted, as detailed in the mission statement from around that time.

After FLOSS software was curated, their individual interfaces were brought in line to allow for a cohesive user experience, and federated protocols were adopted to create network effects between universities. The question that then arose was: how do we prevent this from becoming another isolated solution? Time passed, the working group evolved into a ‘Taskforce Digitalisierung’ (Digitalisation taskforce), and together with the presidency we dared to take the time needed to transform this idea into an independent FLOSS project of its own. Our goal: allow for this to be adapted, configured, extended, and operated by other public institutions. At the same time we contributed feature additions and bug fixes to those original FLOSS projects as merge/pull requests. A labour-intensive but gratifying effort. Four years on, the lesson learned is that neither the federative structures nor the legislative framework for tenders, project-based employment, or contracting of services favour the strengthening of a FLOSS-oriented process — quite the contrary is true. Without a motivated presidency, which created significant space for this unconventional approach, it would not have been feasible within the current structures of a public university.

Building on these insights, let’s identify the conceptual building blocks needed for enabling public institutions to actively participate in moving away from their dependence on platform economies.

Open-source as a foundational layer for public money

Open-source and free licenses are fundamental to any steps taken in this field. While development tools and libraries have long been standard in open-source, the same cannot be said for the front-facing applications built on top of them. Although these development tools are often chronically underfunded and have their own complexities of dependency, as recently highlighted by the xz incident, government initiatives such as the Sovereign Tech Fund (STF) are making small steps to address this issue by recognising maintained development tools as a basis for digital sovereignty.

Beyond these development tools or established FLOSS front-facing applications, it has been gratifying to see that even smaller public funding programmes in German-speaking countries have recently required that results be published under an open license. This is a good start towards encting the 'public money, public code' paradigm. However, while sufficient for prototyping, dumping source code on the internet without any mandatory documentation or configuration options — which would allow for its usable adaptation by third parties — is simply not good enough. The term ‘open-source’ does not represent the goal but rather the foundation necessary to even begin to address the described dependencies. To create a sufficient baseline for the collaborative development of open software across contexts, the software that emerges must be designed to be not only easily configurable and adaptable by other institutions in their specific contexts, but it must also be well documented so that third parties can build upon and further develop it even after the specific institutional project funding has expired. This is to ensure that digital solutions do not become isolated islands or repository zombies floating around the world wild web.

To counter this potential risk, it is absolutely essential that any user data generated by these front-facing applications is saved in database systems that are built on federation protocol mechanisms in a semantic web manner. This way, content can be re-used outside the initial application context, and users are empowered to recombine it with other distributed data parts at will, even if the initial application is no longer being developed.

A gradual shift

FLOSS front-facing applications have become much more usable than they were years ago, yet they cannot compete with the amount of well-trained and well-paid employees working within platform economies. Comparable resources are needed not only for personnel but also for project coordination in order to create a viable alternative for public institutions aiming for digital sovereignty. A solution to achieve such a state might be found in the digital sphere through a combination of both centralised and decentralised elements.

Starting with the decentralised: Public institutions do not have the budgets to develop comparative FLOSS solutions on their own, nor do they need to. Instead of trying to develop isolated solutions, they can identify the nearest possible FLOSS software that fits their use scenarios and, instead of paying for licenses, issue work contracts or dedicate their own man-hours to submit desired functionalities as feature additions towards this software repository. While merging feature extensions into the upstream is not always sensible, as outlined in article ‘Open-source as a chainsaw’, designing feature extensions to be upstream compatible is always worth the extra effort. When a specific problem is solved and cleanly implemented by one institution, it becomes usable for all others at no additional cost — a holistic union of smaller budgets for a larger whole.

However, FLOSS projects do not manage themselves; deciding which functionalities to merge or requesting reviews tie up enormous capacities. Here, a central state funded entity could help, one based roughly on Tim Bray's idea of an "Open Source Quality Institute" (OSQI). This entity would support FLOSS projects by providing staff for these purposes, complemented by an index of accredited FLOSS projects and a curation of verified fork derivatives, making it easier for public institutions to find, use, and extend them.

Legislators still need to establish framework conditions for this to happen. These conditions could ideally be implemented within procurement laws, ensuring that market competitors are required to disclose their source code when bidding for public sector contracts. Additionally, it would be feasible to create an incentive structure that provides extra funding for the development of feature enhancements under a free license for existing FLOSS front-facing applications. In this context, it is crucial to ensure that no complicated over-regulation occurs which would only result in more bureaucracy without adding value in the end.

Only through the combination of opening platforms with the help of the Digital Markets Act (DMA), increased adoption of federated protocols, competitive FLOSS front-facing applications, and an adapted legal framework that favours FLOSS will self-hosted digital infrastructure prevail. Universities especially can play a pioneering role in reaching this state with their specific fields of expertise early adopting just as they did back in the adolescence of the world wide web, setting an example in the active development of the FLOSS landscape of front-facing applications. Through continuous iterations, enclaves of the future can materialise in the present, moving the public sector towards a resilient digital sovereignty.