OFA Symposium 2025: Open Technology Impact in Uncertain Times

Speakers and attendees will be welcomed to the OFA Symposium 2025 during this time, during which coffee and light refreshments will be provided and participants can get settled in to the event.

Opening remarks for the day will be provided by OpenForum Europe (OFE) and the team at FGV Rio. Participants will be welcomed to the event and the events of the next day will be previewed in some depth.

Keynote remarks will be provided by a luminary in the field of open source and/or open technologies. The speaker will be announced in the coming weeks.

Geopolitical competition over technologies and their underlying infrastructures has intensified in recent years, yet its impact on international collaboration in open technology ecosystems remains under-examined. As governments increasingly frame technological capabilities as matters of digital sovereignty, do geopolitical tensions strengthen or fragment participation in such ecosystems as governments and/or enterprises seek alternatives to proprietary systems controlled by geopolitical rivals? This article examines this question through an exploratory case study on RISC-V, a royalty-free Instruction Set Architecture (ISA) that emerged as an academic project at UC Berkeley focused on building an alternative to proprietary processor designs. Now hosted by the RISC-V Foundation under the Linux Foundation, RISC-V has become a strategically significant open standard for governments and industry alike, as demand grows for specialized processors in AI, IoT, and high-performance computing. Both China and the EU are investing in RISC-V architectures as part of their industrial strategies, while US Congress members have raised concerns over Chinese involvement in RISC-V. Using a multilevel framework, this article investigates whether and how key geopolitical events and tensions have affected RISC-V's governance structures (meso level) and contributors’ incentives and behaviors (micro level). It employs a mixed-methods approach, combining (1) desk research of governance changes; (2) a quantitative analysis of the relationship between contribution patterns and both governance and geopolitical developments; and (3) semi-structured interviews with RISC-V Foundation staff and contributors from the US, China, and the EU. This analysis makes both empirical and practical contributions to discussions about the strategic significance of open standards in an era of intensifying geopolitical competition in technologies and their underlying infrastructures. Initial findings suggest that polycentric governance strategies – such as RISC-V's relocation to Switzerland – may buffer against politicization and restrictions on technological cooperation.

Today, a timely and critical debate is emerging on Governments’ role in governing free and open-source software (FOSS) cybersecurity. Often, they have centred FOSS as a tool for ‘digital sovereignty,’ driving competition, innovation and interoperability. Budgets, policies and regulations are shifting, whether mainstreaming FOSS or institutional experimentation. China has embedded FOSS within its Five-Year Plan. The EU’s Cyber Resilience Act introduces the novel category of ‘FOSS stewards.’ Highlighting the successes of Germany’s Sovereign Tech Agency, advocates seek an EU-wide fund for FOSS maintenance.

The political, economic and social case for public investment in FOSS maintenance, including for cybersecurity reasons, is obvious. FOSS is ubiquitous and, unsurprisingly, the world’s most widespread and serious cybersecurity incidents have arisen from its vulnerabilities (e.g. Log4j, HeartBleed). Without action, a ‘tragedy of the digital commons’ persists.

Instead, what attracts more controversy are legal and policy regulations beyond fiscal support, where different restrictions and requirements are potentially imposed upon FOSS contributors. FOSS’ open and collaborative nature means that divergent domestic and regional approaches may risk its fragmentation and, thereby, even prove counterproductive for the pursuit of (perceived) sovereign interest.

Encouraging an evidence-based approach for policy development and digital diplomacy, this article undertakes a ‘big picture’ comparative analysis of FOSS cybersecurity policy and regulation from the EU, China and USA. Firstly, it charts motivating principles and rhetoric behind their embrace (or lack thereof) of FOSS cybersecurity, encompassing their respective approaches as rights and consumer protection driven, State controlled and market-based. Secondly, it compares key structures, features and tools of those major powers’ cybersecurity policies and regulations involving FOSS, to evaluate compatibility. Finally, it offers reflections, for the FOSS community and policymakers alike, on different avenues for building bridges between regulatory islands as they navigate these uncertain times.

This is a research project curried out by CSIL under the RFP 2024 Digital Infrastructure Insights Fund. It explores the emerging approaches to the tripartite governance of open technology initiatives, which are the result of more structural and strategic forms of state involvement, driven by the growing infrastructural centrality of FOSS, the maturity and widespread adoption of this model of technological innovation, coupled with the broader crisis of neoliberalism and the resurgence of state activism in response to intensifying geopolitical and economic competition. This strategic involvement of governments signals a a new stage of development for open technology initiatives and a transition toward novel governance configurations.
This presentation will provide a significant sample of the ongoing projects and initiatives in which these forms of tripartite governance of ODI are taking their first steps and a structured, case-based taxonomy of the characteristics, tensions and innovations that are emerging in these hybrid governance arrangements.

Digital Public Infrastructure (DPI) will become essential to the delivery of public goods and economic prosperity. How DPI is governed will determine whether that prosperity is shared; DPI should be governed as a commons.

Commons-based governance principles for DPIs are crucial to ensure collaboration between government or public entities and improving relations between public actors and the communities that DPIs serve. Governing DPIs as commons enables community co-ownership, collective control, and co-creation. Effective commons governance also upholds the human rights of participants (including digital rights and online decision), requiring that digital public infrastructure is open to enable population-wide entrepreneurship, not only democratising access to public services but catalysing active economic and social participation.

In our paper, we will draw from empirical evidence of digital commons initiatives that provision infrastructure from our respective geographies (France, India, South Africa, Guatemala). We will provide an actionable framework to guide commons-based governance of DPIs, while also illustrating the social as well as economic benefits of commons-governed DPIs.

We will elaborate on 6 commons governance principles for DPIs:
1. Open systems: DPIs must be constituted by open technologies including open source software, open APIs, open models and weights in the case of AI models;
2. Community data sovereignty, to ensure data protection while also respecting evolving community preferences for data, information and knowledge sharing;
3. Interoperability and respect of technical open standards;
4. Transparent and accountable procurement processes for public infrastructure and public-private partnerships;
5. Regular and transparent audits and assessments for data governance as well as environmental sustainability; and
6. Participative design and implementation processes.

This research paper explores the geopolitical dimensions of digital public infrastructure (DPI) through the lens of “stack curation” — the intentional assembly and export of open-source digital components by nation states which reflect and project their governing philosophies. Moving beyond technological determinism or mere functional use cases, we argue that these 'national' stacks(i.e,. India Stack, Deutschland Stack, etc) are increasingly curated as expressions of techno-nationalist strategy. These curated stacks are not neutral: even when they are built from ostensibly open technologies, their composition, deployment, and framing are tightly linked to national influence, compatibility agendas, and diplomatic alignment(Digital Sovereignty being one of the most contentious topics).

This phenomenon represents a new layer of soft—and arguably hard—power, where open-source projects become a tool of export. Our research asks: How are open-source digital infrastructural components curated to advance national, geopolitical and security agendas, and what implications exist for digital sovereignty and global cooperation? How (if at all) do open source communities perceive such tension?

Drawing on emerging examples from India, China, and the EU, we examine how “stack diplomacy” operates through the selection, orchestration, and global promotion of digital systems, and interrogate its consequences for global digital governance, including risks of dependency, fragmentation, and co-optation of open source ideals and way of working.

This proposal examines the growing geopolitical potential of open-source and digital public infrastructure (DPI) in advancing climate resilience and environmental governance. It draws on ongoing research conducted through my current fellowship at ITS Rio and supported by ECDPM, where I lead the centre’s work on Brazil in the context of digital sovereignty and international partnerships.
The study builds on my prior contributions to ECDPM’s work on sovereign digital infrastructure, including the report From India Stack to EuroStack, and my role as co-designer and moderator of the 2024 Paris event “How Do We Stack Up?” (Sciences Po / ECDPM / Bertelsmann Stiftung), which convened leading voices on democratic models of digital infrastructure.

Just as India has helped shape the global conversation around DPI for financial inclusion, and Europe is advancing debates on technological sovereignty through initiatives like EuroStack, Brazil is well placed to lead the emerging agenda on DPI for climate, particularly through its space-earth observation capacities. From platforms like the Cadastro Ambiental Rural (CAR), INPE’s DETER deforestation alerts, and MapBiomas’s collaborative open-data initiative, Brazil’s digital public goods showcase how sovereign, transparent infrastructures can support environmental action at scale.

This research highlights significant potential for international partnerships, especially between Brazil and the European Union. Synergies with the EU’s Copernicus programme (Europe’s flagship earth observation initiative) offer a concrete pathway to align open digital cooperation with climate monitoring, biodiversity protection, and green transition goals. In parallel, Brazil’s leadership could underpin broader alliances with democratic partners such as India, South Africa, and others committed to a multipolar, open, and climate-oriented digital future. In the lead-up to COP30, this moment offers an opening to reimagine climate leadership through shared digital infrastructures.

This Q&A panel will allow attendees the chance to engage in conversation with the paper presenters and to dive into some of the key questions behind the research they have presented as part of the Open Source and Geopolitics track.

The Open Knowledge Foundation will present a proposal for a comprehensive update to the Open Definition, originally developed in 2005 to define openness in relation to data and content. In light of profound changes in the technological landscape—including the rise of artificial intelligence, consolidation of cloud power, proliferation of Digital Public Infrastructure efforts, launch of regional and national Stack efforts, and the increasing politicisation of technology, the Foundation is seeking to relaunch the Open Definition Council and initiate a global, inclusive process to develop Version 3 of the definition. While AI is a major focus, the updated definition will apply more broadly to a range of sociotechnical systems.. The goal would be to ensure that openness continues to serve the public interest across domains where power, access, and control are increasingly contested. The effort will involve research, global dialogue, and consensus-building to ensure the new definition is technically sound, socially grounded, and resistant to misuse, thereby combating the pervasive phenomenon of openwashing. The effort aims at restoring clarity and purpose of openness as an effective framework for guiding technology policy and practice across countries and disciplines.

Open technologies are crucial for transparency, resilience, and accountability, particularly in the face of rapid technological advancements and institutional vulnerabilities. This significance intensifies in politically and economically uncertain contexts. Focusing regionally on Latin America, this study emphasizes Brazil’s judiciary as a regional leader in integrating artificial intelligence (AI).
In Brazil, key AI initiatives, including CNJ Resolution No. 332/2020, mandate transparency, fairness, explainability, and the preservation of human oversight. National platforms such as Sinapses and Codex/DataJud exemplify collaborative and standardized approaches. However, proprietary solutions like the Supreme Federal Court’s VICTOR underscore ongoing challenges concerning opacity, limited auditability, and due process.
A comparative analysis of other Latin American countries reveals varying transparency levels and governance frameworks. Argentina’s Prometea and AymurAI platforms are open-source, emphasizing rights-based frameworks. In contrast, Colombia’s mixed approach with tools like Copilot and ChatGPT reflects varying transparency standards, while Mexico’s JulIA initiative indicates limited accountability.
Identified challenges across these contexts include algorithmic biases, inadequate oversight mechanisms, and regulatory gaps in data protection, particularly within Brazil’s General Data Protection Law (LGPD) and Mexico’s LFPDPPP.
The study proposes solutions to enhance AI governance: mandating open-source development for publicly funded AI projects, implementing independent algorithmic audits, ensuring explainability through comprehensive documentation, and offering AI ethics education specifically tailored for judicial personnel. Additionally, fostering cross-border judicial data sharing and aligning practices with international standards, such as the OECD AI Principles and UNESCO AI Ethics recommendations, can significantly enhance democratic governance and legal accountability in the region.

The release of DeepSeek V3 and its open-source inference model R1 marks a consequential inflection point in the global political economy of artificial intelligence. Achieving near-frontier performance at an order of magnitude lower cost and compute intensity than its U.S. and European counterparts, DeepSeek disrupts prevailing assumptions about the institutional prerequisites and technical economies of advanced model development, provoking challenges and criticisms such as model distillation. DeepSeek is not merely a technical episode — it is a prompt. Its trajectory invites a fundamental reconsideration of how openness, sovereignty, and interoperability operate under conditions of structural inequality, and how cost-efficient, legally navigable AI systems may establish new normative baselines for global technological ordering post DeepSeek.

This paper situates the “DeepSeek moment” within a broader reconfiguration of AI sovereignty, emerging from jurisdictions across the Global Majority — states in Asia, Africa, Latin America, and the Middle East—whose infrastructural agency and normative priorities remain peripheral within dominant transatlantic AI governance regimes. Employing a structural-institutionalist methodology, the paper analyzes how regulatory arbitrage, compute localization, and algorithmic adaptation converge in AI’s developmental arc. The model’s reliance on PTX-layer optimization, rather than full architectural overhaul, exemplifies an engineering strategy shaped less by maximalist innovation than by material constraint and jurisdictional heterogeneity. In doing so, it reframes openness not as a liberal universal but as a governance modality responsive to asymmetrical power. The paper explores five axes along which DeepSeek rearticulates global AI governance: (1) open versus proprietary development; (2) scale versus sufficiency; (3) data intensity versus energy efficiency; (4) vertical integration versus modular design; and (5) innovation versus precaution. Across these axes, DeepSeek displaces binary frameworks entrenched in geopolitics-driven regulatory imaginaries and signals the rise of institutional pluralism in AI normativity and infrastructure.

Over the past few decades, open artifacts have flourished across distinct yet interrelated domains: OSS, open data, open standards, and now open AI models. Each developed within its own set of cultures and communities, producing divergent governance approaches. Technical and business factors are increasingly melding these areas into partly-fused communities of practice. These artifacts now coexist within layered digital infrastructures, where each element reinforces and depends on the others: OSS powers data pipelines; open datasets train AI models; open models store/produce data and shape software development. Innovations and vulnerabilities propagate across these layers; interventions in one domain ripple through others. This paper examines how regulatory framings and legal requirements are consolidating these recursive infrastructures and drawing these domains under a shared governance optic. Regulatory pressure comes from both public and private actors. State-led interventions—often driven by national security and geopolitical priorities—are expanding the reach of cybersecurity, liability, and transparency obligations across software, data, and AI systems. Examples include the EU’s CRA and AI Act, and the U.S. NCS. Institutional and private-sector initiatives are reshaping legal architectures: the World Bank’s licensing framework for OSS formalizes software release as part of broader data governance; the OSI’s OSAI definition seeks to stabilize what “openness” means when applied to models. The paper argues these developments are not merely cumulative, but indicative of a deeper reconfiguration in how open artifacts are articulated. Communities once grounded in distinct rationales for openness now confront shared compliance environments and overlapping regulatory demands. Should they embrace this trajectory or preserve differentiation? Responses so far have been piecemeal. We argue this flux calls for a collective and systematic rethinking of how openness is defined and contested. Silo-specific governance mechanisms may prove unsuitable for managing cross-domain claims and interdependencies.

As generative artificial intelligence (AI) models become increasingly prevalent and released under various forms of open and permissive licenses, there is a critical need to understand how they are built and who contributes to this process. Currently, there is limited research that maps open collaboration practices across different stages of the development or reuse of models and their constituent artifacts (e.g. training datasets, software, model weights, evaluation benchmarks). Our research, therefore, aims to map and characterize open collaboration (specifically, the “collaboration on-ramps”) at different stages in the development and reuse lifecycle of open generative AI models, with a focus on open large language models (LLMs). Through qualitative interviews with 12 open LLM developers (i.e. Allen Institute for AI, EleutherAI, Cohere Labs, Hugging Face, Meta, Alibaba, the BigScience Workshop, AI Singapore, SpeakLeash, SCB 10X, Fraunhofer IAIS, and the National Library of Norway), this study presents a comprehensive cartography of collaboration practices throughout the lifecycle of open LLMs across diverse organizational contexts, from grassroots initiatives to large technology companies, and world regions. This study provides researchers, developers, business leaders, policymakers, and the wider community with empirical insights into collaboration practices, including motivations, opportunities and challenges, in the emerging open source AI community as well as practical recommendations for participation in or promotion of open source AI collaboration.

In recent years, large language models have come to rely almost entirely on massive amounts of unlicensed, web-scraped text, raising questions about intellectual property, consent, and fairness. Estimates suggest that compensating content creators even minimally would cost billions. Faced with mounting lawsuits and competition, most AI companies have not only stopped sharing their training datasets, but some also claimed that training competitive models without copyrighted material is “impossible.” This argument has helped justify growing opacity, even as the open web steadily closes in response to extractive AI practices. We are seeing the consequences: opaque systems we can’t audit, models we can’t reproduce, biases we can’t trace, and communities that feel exploited.

A global community of open LLM developers set out to demonstrate that performant models can be trained on responsibly sourced, openly licensed data.

In 2024, Mozilla and EleutherAI convened over 30 builders of open AI datasets to document what’s working, identify shared obstacles, and exchange strategies. The result was a collaborative paper, Towards Best Practices for Open Datasets for LLM Training, offering a practical guide to responsibly sourcing, curating, and releasing large-scale open datasets. It draws from real-world experience, tested tools, and persistent challenges.

The paper outlines strategies for addressing key technical and policy issues: unreliable metadata and “data laundering,” locked-in data, digitization costs, jurisdictional uncertainty, and the need for cross-domain collaboration. It also proposes a tiered model of openness, reflecting the reality that transparency in AI is inseparable from the data it’s built on.

Building performant, ethical, and openly licensed LLMs is hard work, but it’s possible and necessary. In times of data enclosure and declining trust, openness and consent must be the foundations of AI that serves the public good.

This Q&A panel will allow attendees the chance to engage in conversation with the paper presenters and to dive into some of the key questions behind the research they have presented as part of the Open Source and AI track.

Speakers and attendees will be welcomed to the OFA Symposium 2025 during this time, during which coffee and light refreshments will be provided and participants can get settled in to the event.

Keynote remarks will be provided by a luminary in the field of open source and/or open technologies. The speaker will be announced in the coming weeks.

Open source software along with open data, open hardware and open standards are foundational to today's global digital economy. Latest estimates show that over 90% of software in active commercial stacks have open source dependencies. In a world of geopolitical friction we see increased focus on regulation and a sovereign stack which is only possible with the inclusion of open source software. As shared digital infrastructure, open source software technologies function as digital public goods.

Despite the importance of open source software, its economic contribution has consistently been underrepresented in traditional policy frameworks, national accounts, and innovation metrics. There have been very limited moves to assess the value and a lack of adequate tools for valuation and policy alignment. Our initial findings point to a gap in current economic accounting practices. This obscures the widespread use and impact of open ecosystems.

This paper will assess the options in measuring the economic value of open source software and its contribution to our global economies.

Drawing on macroeconomic modelling, international adoption metrics, and studies from the OECD, Stanford, and Harvard, we outline how open technologies generate cost efficiencies, enhance productivity, and catalyse innovation across public and private sectors. To date only Harvard and OpenUK have identified the value of open source software.

The paper gives attention to the challenge of valuing open source software.It also considers the need to create a model that values AI that is distributed openly such as open weights, open models, and open training data. We argue that defining and measuring these assets is a prerequisite for responsible regulation, funding, and standards development. By contributing to a more nuanced and evidence-based economic narrative, this work supports the case for policy interventions such as strategic procurement, targeted investment, and cross-border collaboration.

How can we measure the total benefit that open technological solutions afford a society? As part of a larger study into countries’ adoption of Digital Public Goods (DPGs) in their digital public infrastructure, we are developing a framework that seeks to capture the total value of DPGs relative to proprietary solutions. Drawing on existing approaches to conceptualize the economic impact of Open, the framework would combine Total Cost of Ownership, which captures the direct and indirect monetary costs of a technology, with an analysis of Broader Ecosystem Value, the harder-to-quantify gains in innovation, strategic autonomy, and social benefit that come from open technological solutions. The goal is to create a comprehensive, rigorous, and sound way to assess how open technologies benefit a society. We would present the components of this framework, along with emerging evidence gathered from empirical work, and then discuss open questions and ways to develop and test our framework further.

In Brazil, large incumbent Internet Service Providers (ISPs) often neglect remote or economically marginalized regions, leaving millions without affordable or reliable internet access. In response, an ecosystem of over 11,000 small, community-focused ISPs has emerged to fill this gap. These providers play a critical role in bridging the digital divide but continue to face significant challenges, particularly around financial sustainability and operational efficiency. One key strategy some of these ISPs employ is the use of Free and Open Source Software (FOSS) to reduce network deployment and maintenance costs. However, widespread adoption remains limited due to barriers such as technical knowledge gaps, lack of user-friendly interfaces, and insufficient ongoing support from software communities. This paper explores the extent to which community-focused ISPs in Brazil are currently leveraging FOSS technologies and identifies the steps needed to encourage broader adoption. By examining both the opportunities and the constraints, the research highlights how targeted support for open technologies could strengthen the sustainability of small ISPs and expand affordable internet access to underserved regions. The findings contribute to ongoing policy and industry discussions about fostering inclusive, community-driven approaches to connectivity.

The climate crisis poses a severe threat to the natural systems that support modern civilization, disrupting essential cycles that provide freshwater, fertile soils, and stable weather patterns. These disruptions are projected to lead to widespread biodiversity loss and to upset local and global economies. To ensure that the scientific basis of these projections is transparent and credible, researchers globally are increasingly making climate data and models openly available. This openness supports informed decision-making and helps safeguard sustainable development from being compromised by short-term political or economic agendas.

Despite this progress in open science, the broader application of open source software and open data in climate and sustainability-related technologies remains limited. National governments, international organizations, academia, industry, and civil society have all played roles in both contributing to the crisis and proposing solutions. However, fragmented, proprietary approaches persist. Open source offers a powerful alternative—lowering costs, enhancing verifiability, and enabling collaboration across disciplines and sectors.

In this paper, we introduce OpenSustain.tech, the most comprehensive dataset of over 2,500 open source projects directly addressing the climate crisis. We detail the transparent methodology used to curate this collection, including human expert review across multiple fields. We further analyze the network of transitive dependencies among these projects, extending previous work in mapping the climate-focused open source ecosystem.

Finally, we discuss the strategic importance of open source in advancing climate solutions, including its potential economic and societal value. By building shared digital infrastructure, we argue that open source can play a foundational role in climate mitigation, adaptation, and sustainable development.

This presentation introduces ThingData, an open protocol and database building a "material commons" of structured data essential for physical goods, their repair, and reuse. We argue that open access to this standardized data functions as a crucial digital public good, directly enabling the circular economy and the Right to Repair movement, and significantly contributing to Sustainable Development Goals (SDGs) like responsible consumption, innovation, and economic growth. The talk will detail the tangible economic impacts of this open data infrastructure. These include stimulating the creation of new repair and reuse businesses by providing necessary information, reducing waste disposal costs through better material recovery, fostering innovation in product design for longevity and new service models, and establishing more transparent and efficient secondary markets for used goods and components. ThingData serves as a compelling practical case study, illustrating how open data infrastructure, when treated as a digital public good, can generate substantial economic value within a vital sector while simultaneously advancing global sustainability targets. We will discuss the technical approach and the importance of open governance in realizing this economic and social potential.

Open science hardware (OSH) offers a powerful yet underutilized strategy for building local innovation capacity, strengthening supply chains, and enabling cost-effective, context-relevant research tools. In an era of rising geopolitical uncertainty and economic precarity, OSH provides more than just accessible instrumentation—it forms the foundation of resilient, community-driven technological ecosystems.

This presentation draws on new evidence from the Open Science Shop project, a global network of local open science hardware vendors and manufacturers. Through a combination of network analysis and case studies associated with the Open Science Shop, we explore how open hardware projects create economic value—not only through tool deployment, but through skills development, local supplier engagement, and innovative design practices that adapt to regional constraints and needs.

We aim to show pathways for OSH projects to become nodes for distributed production and innovation, while identifying the most relevant challenges in practice. We expect to make the case that OSH should be seen not only as a technical or scientific asset but as a strategic tool for economic resilience, especially in under-resourced or peripheral regions. We conclude by proposing practical pathways for enabling local innovation ecosystems based on OSH, drawing from the Open Science Shop’s framework for global-local collaboration.

As universities increasingly embrace open source software for knowledge dissemination and societal impact, technology transfer offices (TTOs) face a critical challenge: how to effectively measure and communicate the economic and social value of university-originated open source projects. Unlike traditional intellectual property metrics, open source initiatives require new frameworks that capture their unique pathways to impact, from community adoption to commercial spinouts.

This presentation reports on ongoing research to develop a standardized metrics framework specifically designed for academic tech transfer contexts, addressing the urgent need for consistent measurement approaches across institutions. Drawing from multi-institutional case studies and industry partnerships, we will present our current progress on developing a comprehensive set of quantitative and qualitative indicators that capture the impact of university open source projects.

The presentation will demonstrate how standardized metrics will enable TTOs to make data-driven decisions about resource allocation, identify high-potential projects for targeted support, and effectively communicate open source value to university leadership and external stakeholders. We will also discuss pathways for adoption of the standards across the academic tech transfer community.

By establishing common measurement standards, TTOs can collectively demonstrate the substantial economic impact of university open source initiatives, justify investment in open source support infrastructure, and position themselves as essential enablers in the evolving landscape of academic innovation and knowledge transfer.

This Q&A panel will allow attendees the chance to engage in conversation with the paper presenters and to dive into some of the key questions behind the research they have presented as part of the Economic Impact of Open track.

A year ago at this OFA, we presented an idea: a permanent endowment for open source software. This presentation is the follow-up. It’s a case study of turning that idea into a real, functioning organization and funded endowment.

The problem is well-known. Critical open source projects are often underfunded and maintained by a few volunteers. This creates fragility in our digital infrastructure, leading to security risks like Heartbleed and the XZ backdoor. Short-term grants and corporate budgets aren't enough to solve the deep, systemic issue.

Our solution is the Open Source Endowment (OSE). We use the endowment model, common in universities, to create a permanent, stable source of funding. Donations build a principal fund, and we only spend the investment income on grants. This approach is designed for the long run.

In the past year, we've moved from concept to reality. We incorporated as a US nonprofit, set up our financial infrastructure, and started building a community of founding donors. The response has shown us there is a significant appetite for this kind of support.

This talk will share a practical look at our first year. We'll cover:
- The steps we took to get started, from legal setup to finding our first donors.
- The challenges we faced and what we learned.
- Our approach to data-driven, community-led grant-making (we want feedback from the OFA community here!)
- What our early results tell us about the future of sustainable OSS funding.

Our goal is to be transparent about what it takes to build a new funding institution for open source, showing that a systemic approach is both possible and effective.

This feasibility study reveals deep pockets of political will and momentum for the establishment of an EU Sovereign Tech Fund (EU-STF). It draws on conversations with two dozen policymakers, technologists, and advocates, as well as extensive economic and legal analysis.

Chronic under-investment in open source technologies creates systemic risks – exposing Europe to (amongst other things) cybersecurity threats, supply chain vulnerabilities, and strategic dependencies on non-European technology providers. In order to maintain, secure, and improve existing open source technologies to meet the EU’s public and industrial goals, it requires policymakers to understand the logics underpinning failures in investing in the maintenance of open source technologies as open digital infrastructure, in order to prioritise the use of public policy towards the unlocking of financial and nonfinancial resources that support the open source ecosystem.

The EU-STF is envisioned as a scaled-up, pan-European, and mission-driven initiative with a proposed budget of at least EUR €350 million over seven years to invest in maintenance, security, and improvement of key open source components, as well as help identify and map dependencies and invest in ecosystem strengthening activities. It is vital that the EU-STF embodies some key principles (many of which have made the German successful): pooled financing, low bureaucracy, political independence, flexible funding, community focus, strategic alignment, and transparency. Two active budgetary scenarios are worth considering for the EU-STF: (1) a standalone and centralised fund (e.g. a new funding body created by legislation and set aside via the MFF negotiations), and (2) a hybrid/shared management structure (such as leveraging established EU institutional frameworks like the EDIC that allow for pooled contributions of Member States alongside EU funding, and even industry co-financing).

Cases like XZ Utils highlight the pressing need for better security in open source software. OS communities and concerned policymakers agree that more needs to be done to secure code from these supply chain attacks; however, there is still no significant agreement on how best to approach these challenges. The current debate about OS software security mirrors discussions around trade security that surfaced soon after 9/11. Industry argued then that regulations requiring importers to fully certify the security of their supply chains – as well as mandating “100% screening” of cargo containers – would result in the collapse of global trade. While policymakers and the security community understood these concerns, they also felt that industry’s approach up to that point was insufficient for countering threats to global security. Ultimately, the stakeholders were able to create a series of initiatives that balanced the needs of trade and security and provided effective incentives for “voluntary” compliance from industry. In this session, the presenters will provide the initial results of an on-going research project funded through the Digital Infrastructure Insights Fund that for the first time compares the historical example of supply chain security for tangible goods with the current challenges facing open source software supply chain security, focussing on the impact of governmental and industry trade security and the current outlook for OSS security, identifying overlaps and evaluating lessons learned from the historical case study.

Open source projects often measure success with stars, forks, and downloads. But these metrics don’t reflect the health of the community behind the code. This talk introduces the CHAOSS DEI Project Badging initiative as a way to rethink sustainability through the lens of inclusion, transparency, and contributor well-being. A simple badge earned through documenting efforts in access, leadership, communication, and newcomer experience can highlight a project’s commitment to a healthy and welcoming environment.

We’ll explore how DEI.md files guide self-reflection, help attract and retain contributors, and signal project resilience. By walking through the practical steps for applying for a CHAOSS badge, we’ll show how these small, community-focused signals can create big impacts in long-term sustainability and security.

This talk will challenge the way we view success in open source. Instead of just counting users or contributors, what if we also asked: Are people staying? Do they feel seen? Are new voices joining in? These are the questions that make a project resilient.

By shifting the focus from popularity to people, this session offers a fresh perspective on what makes open source sustainable. Not just from a technical standpoint, but from a human one.
Whether you’re a maintainer, contributor, or an organization supporting open source, you’ll leave with practical steps and a people-first lens on how to support vibrant, inclusive communities.

Collaboration on public sector Open Source Software (OSS) projects is steadily increasing along with demands for sovereign and interoperable technology stacks. Still, practice has yet to catch up compared to industry and the broader OSS ecosystem, whose ways of working need to be tailored to manage the many challenges falling on the public sector.

To help accelerate the public sector's use and development of OSS, we investigated six successful cases of public sector OSS projects from different countries and levels of government. In this talk, we will provide insights on how development is commonly concentrated and performed with the use of national and local service providers. We will talk about different funding models, either involving one or a few central actors, or a wider set through different setups of crowd-funding. We will further elaborate on sustainability challenges related to the various ways of working, and potential approaches to addressing these proactively.

Attendees will walk away with concrete and live examples to reference, as well as insights on how their organizations can start to engage and collaborate on new and existing public sector OSS projects.

Open source software (OSS) underpins modern digital infrastructure globally, yet its contributor base is strikingly homogeneous. OSS is dominated by White men from Europe and North America, with only 10% women and an underrepresentation of Black, Hispanic, Indigenous, and multiracial contributors. Furthermore, while younger contributors continue to join OSS, OSS contributors are skewing older, as fewer and fewer younger developers choose to join and remain in OSS –the percentage of maintainers under the age of 26 has dropped from 25% in 2021 to 10% in 2024 (Tidelift, 2024).
Younger developers aren’t advancing to maintainership roles, compounding concerns for the longevity of OSS, and thus for digital infrastructure writ large.. Diversity is critical for effective OSS, yet non-diverse projects risk exclusionary outcomes, sustainability issues, and neglect community health. The aging maintainer pool, coupled with a lack of diverse representation, threatens OSS sustainability. Understanding younger contributors is crucial—tracking their entry, engagement, and barriers to leadership could enhance diversity. This work seeks to develop a richer understanding of potential OSS newcomers, their concerns and experiences, and how their participation evolves over time through a survey study of undergraduate introductory programming students across the US. This work has implications for OSS sustainability and diversity, for the distribution of OSS benefits amongst different groups, and for encouraging broader participation in online communities.

This Q&A panel will allow attendees the chance to engage in conversation with the paper presenters and to dive into some of the key questions behind the research they have presented as part of the Sustainability and Security track.

Closing remarks for the day will be provided by OpenForum Europe (OFE) and the team at FGV Rio. Participants will host a discussion with some special speakers and guests to help conclude the event.