Open Source as Europe’s Last Exit

Digital Sovereignty Reframed as an Architectural Emergency

This article is prompted by a concrete intervention. In early 2026, Orange EU Policy submitted a formal contribution to the European Commission’s call for evidence on Open Digital Ecosystems. On the surface, it reads like a policy position on open-source software. Read more carefully and it reveals something else: a large European telecom incumbent signalling that the old proprietary model no longer offers strategic shelter.

This is not an abstract debate. It is an institutional admission.

“Sovereignty discourse tends to be loudest where actual power is weakest.”
— Information Labs, Digital Power Briefing (2025)

Europe’s renewed emphasis on digital sovereignty does not emerge from confidence. It emerges from constraint. The fact that Orange now frames open source as a pillar of security, resilience and strategic autonomy is less a vision of the future than a diagnosis of the present.

From Ideology to Architecture

For years, open source was treated as an ideological alternative: openness versus control, community versus corporate dominance. That language has quietly lost relevance.

In Orange’s contribution, open source is no longer framed as a value system, but as an architectural necessity.

“Contribution to open-source communities must be recognized as a strategic matter for security, resilience and digital sovereignty for Europe. It provides real architectural and implementation optionality.”
— Orange EU Policy, Contribution to the EC Call for Evidence (2026)

The key word here is optionality. Not freedom. Not innovation. Optionality.

In an infrastructure landscape dominated by vertically integrated cloud platforms and hyperscalers, open source becomes a way to avoid irreversible lock-in. It does not restore control. It preserves the ability to adapt, fork or exit — at least in theory.

Europe is no longer competing to define the dominant platforms. It is competing to remain structurally relevant within platforms already defined elsewhere.

Telecom is where this abstraction turns operational.

Telecom as a Stress Test

Telecom exposes this shift more clearly than any other sector.

For decades, telecom networks represented stability: nationally rooted infrastructure, long investment horizons and tightly regulated vendor ecosystems. Proprietary systems were accepted because they appeared governable.

That assumption has collapsed.

Cloud-native architectures, virtualised network functions, edge computing and AI-driven optimisation have pushed telecom into the same dependency structures as the rest of the digital economy. Hyperscalers increasingly sit upstream of network intelligence itself.

“Organisations that genuinely seek autonomy cannot avoid open-source technologies. Anything less is a concession to dependency.”
— Marcel Timmer, Red Hat Netherlands (2025)

When an incumbent telecom operator like Orange positions open source as foundational across cloud, 5G/6G, virtualisation and edge, it is not making a technological preference. It is acknowledging that the proprietary model no longer provides strategic insulation.

Open source becomes the least constraining option available.

The Sovereignty Paradox

Yet this strategy carries a built-in contradiction.

Much of the open-source infrastructure Europe depends on is maintained, governed or directionally influenced by non-European actors — frequently engineers employed by U.S. technology firms. The code may be open. The ecosystems around it are not neutral.

Europe seeks sovereignty through systems it does not fully control.

This is not hypocrisy. It is realism.

Open source functions less as independence and more as dependence with visibility. You may not own the system, but you can inspect it. You can, in principle, fork it. Whether you can realistically sustain that fork is another matter entirely.

That capability depends on industrial capacity, maintainership and governance power — areas where Europe remains structurally underweight.

From “Open” to “Governable”

This tension explains the EU’s regulatory response.

Through frameworks such as the Cyber Resilience Act and NIS2, Europe is attempting to make open source institutionally legible: defining responsibility, assigning liability and introducing compliance and certification.

This is not a technical refinement. It is a political transformation.

Open source was never designed to carry continental-scale accountability. Europe now requires it to function as regulated infrastructure — secure, auditable and enforceable.

“In the global race for technological power, sovereignty is not about isolating ourselves. It is about Europe defending its strategic interests.”
— Thierry Breton, on Europe’s digital strategy

Whether this governance turn strengthens the open-source ecosystem or constrains it remains unresolved. What is clear is that open source is no longer treated as a voluntary commons. It is being recast as a managed layer of critical infrastructure.

Sovereignty, Without Illusions

Europe is not reclaiming technological dominance. It is attempting to retain agency inside architectures already shaped elsewhere.

Open source is not a path back to leadership. It is a form of damage control — a way to slow dependency, not eliminate it.

Which leads to the uncomfortable conclusion:

Open source may enable European agency, but it may also institutionalise Europe’s dependence — formalising it under the language of openness, compliance and sovereignty.

The decisive struggle is not over code.
It is over who governs the architectures that determine how code can be deployed, constrained and replaced.

That struggle is no longer ideological.
It is infrastructural — and already underway.