GGI Activity: Open Source and Digital Sovereignty
Table of contents
Open source and digital sovereignty
Link to GitLab issue: https://gitlab.ow2.org/ggi/ggi-castalia/-/issues/35.
Digital sovereignty can be defined as the
“Ability and opportunity of individuals and institutions to execute their role(s) in the digital world independently, intentionally and safely.”
— Competence Centre for Public IT, Germany
In order to properly conduct its business, any entity has to rely on some other partners, services, products and tools. Reviewing the ties and constraints of these dependencies enable the organisation to assess and control its dependence towards external factors, thus improving its autonomy and resilience.
As an example, vendor lock-in is a strong factor of dependence that may impede the organisation’s processes and added value and as such, it should be avoided. Open source is one of the ways of out this lock. Open source plays a significant role in digital sovereignty, allowing a greater choice between solutions, providers and integrators, and greater control over IT roadmaps.
It should be noted that digital sovereignty is not a trust issue: we obviously need to trust our partners and providers, but the relationship gets even better when it’s based on mutual consent and recognition, rather than forced contracts and strains.
Here are some advantages of a better digital sovereignty:
- Improve the ability of the organisation to make its own choices without constraints.
- Improve the resilience of the company regarding external actors and factors.
- Improve negotiating position when dealing with partners and service providers.
- How difficult/expensive is it to move away from a solution?
- Could the solution providers impose unwanted conditions on their service (e.g. license change, contracts updates)?
- Could the solution providers unilaterally increase their prices, simply because we do not have a choice?
The following verification points demonstrate progress in this Activity:
- Identify key dependency risks from service providers and 3rd party entities.
- Maintain a list of open-source alternatives to critical services.
- Add a requirement when selecting new tools and services used within the entity, stating the need for digital sovereignty.