Europe Chose Differently
€264 billion. That is how much European organisations spend annually on digital technology from non-European companies. And that number increases by roughly 10% every year, not because the products are getting better at the same rate, but because licence agreements are structured that way, and because the switching costs are designed to make leaving expensive. Some vendors have raised prices tenfold. The organisations paying them have, in most cases, no meaningful governance over the systems they depend on.
On 1 July 2026, approximately 300 large European organisations met in Paris to commit to a collective migration away from that dependency. This was the launch of EuroCommons, an initiative led by Caisse des Dépôts, the French public financial institution. It was not a conference, a think tank report, or a government consultation paper. It was a programme of work, structured as 11 coalitions around specific digital components, designed to produce migration roadmaps that participating organisations will actually follow.
I find this genuinely exciting, not because it is European, but because it is the right kind of institution making the right kind of decision, for reasons that are rigorous rather than rhetorical.
Why the Caisse des Dépôts Matters
Caisse des Dépôts is not a technology company. It is not a civil society organisation or an open-source advocacy group. It is a 200-year-old French public financial institution whose mandate is to manage public interest missions and support long-term national development.
When an institution like this commits €18 billion to a digital strategy, “Horizon Numérique 2030”, it is not making an ideological gesture. It is making a risk assessment. The risk it has assessed is structural dependency: European organisations collectively building their administrative, financial, and social infrastructure on systems whose governance, data handling, pricing, and strategic direction are controlled by foreign entities, operating under foreign law, subject to foreign courts.
The EuroCommons model is built on three principles that are simple enough to be credible. First, demand-driven: migrations start from what CIOs actually need, not from what open-source advocates think they should want. Second, collective action: the coalitions unite CIOs, open-source vendors, and commons stakeholders to achieve the critical mass that individual organisations cannot reach alone. Third, European scale: operating across the continent means cost-sharing and interoperability that make the economics work.
The “no strings attached” commitment (participation requires no financial commitment and no mandatory migration at the conclusion) is not charity. It is the design choice that makes broad participation possible without demanding that organisations bet their operations on an outcome they cannot yet verify.
Germany: The Nuanced Picture

Germany’s contribution to European digital sovereignty is real and significant, but it is worth being precise about what it is and what it is not.
Germany’s Sovereign Tech Agency has committed tens of millions of euros across dozens of supported technologies to maintaining the open digital infrastructure that underpins much of the world’s software: encryption libraries, networking tools, open protocols. The NLnet Foundation, backed by European public funding through the Next Generation Internet initiative, is committing €21.6 million through the NGI0 Commons Fund, awarded between now and 2027 in grants to individual engineers and small teams doing foundational work. These programmes have been doing what no equivalent Australian programme does: funding the maintenance of shared foundations that everyone builds on, with no equity requirement and no exit.
The same public-institution model reaches into narrower domains, too. OpenAgrar, Germany’s open-access repository for agricultural, forestry, fisheries, and veterinary research, holds more than 175,000 publications, some dating back to the late 19th century. It is jointly operated by six federal research institutes, including the Thünen Institute and the Julius Kühn Institute, funded by the Federal Ministry of Agriculture, Food and Regional Identity, and hosted on open-source infrastructure by the Common Library Network. No publisher paywall sits between a German agronomist and research their own government funded. It is a smaller and quieter example than the Sovereign Tech Agency, but it makes the same point: publicly funded knowledge infrastructure, built to outlast any single grant cycle or change of government, is a choice, not a default.
But the federal momentum has genuinely weakened, and it would be dishonest to pretend otherwise. Research published in 2026, drawing on interviews with senior decision-makers across German, Australian, and Canadian government agencies, finds that the German federal level has been less directive about AI and digital sovereignty than many assumed, with more decentralised decision-making pushed to individual agencies and states.
The states are picking up what the federal level has partially set down. Hamburg, Baden-Württemberg, and Schleswig-Holstein have each developed distinct approaches to open-source adoption and digital sovereignty. The city of Munich’s history is the cautionary tale: it began switching to open-source software in 2004, had migrated 12,600 of its 15,500 desktop computers by 2012, faced intense vendor lobbying, and switched back to proprietary software in 2017 following a political change in the local government. The lesson is not that open source doesn’t work in government. It is that digital sovereignty requires political will that survives electoral cycles, not just a single procurement decision.
France has been more consistent. Mistral AI, headquartered in Paris and building open-weight large language models with a European data governance approach, has become a reference point for what European AI development looks like when it prioritises sovereignty alongside capability. The same pattern shows up in less visible infrastructure. Panoramax, an open street-level imagery platform built jointly by IGN (France’s national mapping agency) and OpenStreetMap France, now holds more than 85 million photographs covering roughly 795,000 km, the open, publicly governed alternative to depending on a single foreign vendor’s street-view product. Christian Quest pitched the idea to IGN a decade before it launched in 2022 through France’s State Startup programme, a government incubator for public digital services built inside existing agencies rather than outsourced to contractors. IGN and OpenStreetMap France are now formalising a Panoramax Foundation, so governance doesn’t rest with the two founding organisations indefinitely. It is a slower, less glamorous kind of sovereignty than a headline AI lab, built the same way OpenAgrar was in Germany: patiently, publicly, and without an exit. The French state has been willing to make the sovereignty argument in terms that connect it to national interest rather than just technical preference, which has proved more durable.
Australia: Choosing by Default
The contrast with Australia is not comfortable to sit with.
Research drawing on interviews with Australian public sector decision-makers on AI model choice, published in the first half of 2026, finds that Australian agencies are far more reliant on cloud infrastructure than German counterparts, with cloud dependency coded in nearly 80% of relevant references. Microsoft Copilot is the default path for most agencies, not because it was selected after careful evaluation of alternatives, but because “the least amount of friction is the Microsoft way… you arrive, your computer is pre-loaded with it… [and] for everything else [there] is a path of approvals.”
That is an accurate description of how vendor lock-in operates at scale. The lock is not imposed by force. It is built into every pre-loaded laptop, every procurement process that treats incumbents as defaults, every IT team that has been told the most defensible choice is the established one. The friction is asymmetric: continuing with the incumbent requires no justification; choosing anything else requires substantial political capital.
The sovereignty implications are not abstract. Every Australian public servant using Microsoft 365, every document processed through Teams, every email stored on Azure is subject to the CLOUD Act: US legislation that allows American authorities to compel American cloud providers to hand over data regardless of where the servers are physically located. Australia signed a bilateral agreement formalising this arrangement in 2021. This is not a hypothetical risk. It is a structural condition of the current procurement landscape, normalised through a decade of quiet accumulation.
I wrote about this in more detail in The Billion Dollar Brick in the context of AUKUS and defence procurement. The pattern is the same: dependency dressed as choice, exposure dressed as capability.
What Digital Sovereignty Actually Requires
Estonia has demonstrated what building it right looks like. The X-Road data exchange layer connecting all Estonian government databases is open source. Multiple vendors implement it competitively. If one fails or behaves badly, there are alternatives, and public administration can respond without asking permission. The architecture was designed so that no single vendor could hold the system hostage. That was a deliberate political choice, made early, when it still cost less than the alternative.
The EuroCommons model extends this logic to collective action at scale. The observation behind it is that individual organisations, facing the same dependency problem, cannot solve it individually: the switching costs are too high, the alternatives too fragmented, the critical mass of demand too small. But 300 large organisations, working across 11 coalitions, standardising interoperability requirements and pooling the cost of evaluation and migration, changes that calculus.
Australia’s version of this problem is different in scale, but not in structure. An AUKUS partner with significant digital infrastructure, Australian public services run on US cloud, US software, and hardware governed by US law. The exposure is real. The political will to address it is, to date, largely absent.
What would an Australian equivalent look like? Not a one-for-one copy of EuroCommons: the institutional context is different, the scale is different, and the Commonwealth relationship with digital infrastructure has its own history. But the principles translate: demand-driven rather than mandate-driven, collective rather than agency-by-agency, structured to produce actual migration roadmaps rather than aspirational policy statements.
The Unicorns Build Monocultures post made the case for an Australian Sovereign Tech Fund modelled on Germany’s. That case has not weakened. The case for an Australian equivalent of the EuroCommons collective migration model is the complement to it: if the Sovereign Tech Fund builds the open alternatives, the collective migration programme builds the shared demand that makes those alternatives viable.
Neither requires waiting for the federal government to lead. The Queensland Government Customer and Digital Group (QGCDG), Digital NSW, Victoria’s Digital Victoria, state-level equivalents of what Schleswig-Holstein is doing in Germany, are possible right now. Hamburg’s willingness to be an early mover on open-source AI has given it leverage in vendor negotiations and built internal capability that other German states are now drawing on.
None of these needs to be a moonshot. QGCDG could require multi-vendor evaluation, not single-vendor renewal, on the next major software-as-a-service contract that comes up for tender. Digital NSW could publish a public register of expiring contracts and their switching costs, the transparency Kamphorst and colleagues identify as the precondition for any alternative being seriously considered. Digital Victoria could do what Hamburg did: commit one significant workload to open-source AI infrastructure and publish what it costs and what it saves. Each of these is a decision a state CIO can make this financial year. None of them requires an act of parliament.
None of this holds without the mechanism that makes it durable, not the invitation to switch, but the requirement to stay switchable. Every new government software contract could carry a standard clause: full data portability, no proprietary lock-in on interfaces, exit costs disclosed at signing rather than discovered at renewal. That is not a boycott of any vendor. It is a procurement standard, the legal equivalent of what X-Road did architecturally: make sure no single vendor can hold the system hostage, this time by rule rather than by design. Writing that requirement into the Commonwealth Procurement Rules would cost nothing and would bind every future contract, not just the next one someone happens to renegotiate.
The question is not whether Australia can afford to do this. The question is whether Australia can afford to keep paying 10% more every year for systems it does not govern, to vendors it cannot hold accountable, under law that is not its own.
The clock does not stop while the procurement renewal is being processed. But the next renewal is also the next opportunity, and unlike the licence fight of the 1990s, this one doesn’t need millions of contributors. It needs one CIO, in one agency, writing one clause into one contract. That is a far smaller ask than the commons ever made of anyone.
Part two of three. Next: : why open model weights alone don’t constitute an AI commons, and what genuine commons governance of the AI stack would actually require. Previously: What the Commons Built (And What's Taking It Apart) on the history of digital commons enclosure. Also: The Billion Dollar Brick on AUKUS, vendor lock-in, and sovereignty at the defence scale.
Sources
EuroCommons and Caisse des Dépôts
- Caisse des Dépôts, EuroCommons: the initiative overview, including the 11 coalitions model and the 1 July 2026 Paris launch event
- Caisse des Dépôts, “Horizon Numérique 2030”: the €18 billion digital strategic plan of which EuroCommons forms part
France’s open infrastructure beyond AI
- French Interministerial Directorate for Digital Affairs (DINUM), “France’s Open Source Lab: Panoramax, a utopia turned public infrastructure”, Open Source Observatory (OSOR), European Commission: governance, scale, and history of Panoramax, the open street-level imagery platform built by IGN and OpenStreetMap France
Germany’s digital sovereignty instruments
- Sovereign Tech Agency: Germany’s public fund for open digital infrastructure; annual budgets rising from ~€13 million (2022) to ~€22 million (2023), 42 funded projects listed as of April 2025 (per Wikipedia; the Agency’s own site does not publish a running aggregate total)
- NLnet Foundation / NGI0 Commons Fund: European public-interest grants for open digital infrastructure, managed through Next Generation Internet funding
- FAO Agris (2026), Trusted, public, and built to last: How OpenAgrar safeguards Germany’s agricultural knowledge: governance, funding through BMLEH, and scale of Germany’s open-access agricultural research repository
- Krempl, S. (2017). Endgültiges Aus für LiMux: Münchner Stadtrat setzt den Pinguin vor die Tür. Heise Online, 23 November. On Munich’s return to proprietary software following political change
Open-source AI in public sector agencies
- Robinson, N. (2026). Open to open-source AI? Navigating AI model choice in public sector agencies. Government Information Quarterly, 43(2026), 102133. DOI: 10.1016/j.giq.2026.102133. 31 interviews with decision-makers in Australian, Canadian, and German agencies; the source for the Microsoft default dynamic and German state-level contrast
Digital sovereignty and vendor lock-in
- Kamphorst, B.A., de Wilde de Ligny, S., Ferrari, F., & Schäfer, M.T. (2026). Opaque procurement: How transparency deficits compromise democratic digital sovereignty. Journal of Responsible Technology, 26, 100178: the epistemic access problem in public procurement, analysed in the Dutch context with direct Australian application
- CLOUD Act: the US legislative mechanism that governs cross-border data access for American cloud providers
Estonia’s approach
- e-Estonia, X-Road: the open-source data exchange layer connecting Estonian government databases
- Digital Sovereignty
- Eurocommons
- Open Source
- France
- Germany
- Australia
- Public Sector AI
- Commons Governance
- Vendor Lock-In
Comments
Be the first to comment! Reply to this post from your Mastodon/Fediverse or Bluesky account, or mention this post's URL in your reply. Your comment will appear here automatically via webmention.
Follow this blog on Mastodon at @gaggl.com@web.brid.gy or on Bluesky at @gaggl.com