alt Hacker NewsCommentary (in French) from CNLL, the French Open Source Business Association: https://cnll.fr/news/strategie-open-source-europeenne-deux-r...
Here's a TL;DR in English:
CNLL communiqué on the adopted EU Tech Sovereignty Package (3 June 2026)
On 3 June 2026, the European Commission adopted the Tech Sovereignty Package — Communication, Cloud and AI Development Act (CADA) proposal, and EU Open Source Strategy. The CNLL confirms the essence of the historic shift it had welcomed in late May: open source is elevated to the rank of an instrument of European industrial policy. But the CNLL publicly regrets two significant setbacks introduced between the leaked draft and the adopted text:
- "Open source first" (CADA Article 41) — the title is ambitious, the body is weak. The verb is "encourage", word for word the verb used by France's Digital Republic Law since 2016, with broad derogations ("security, total cost, and any other duly justified objective criterion") and no documented or auditable assessment requirement. The phrase "open source first" appears only in the article's title, not in its body.
- "Public money, public code" (CADA Article 42) — reduced to a conditional cataloguing obligation: the article imposes nothing on the decision to release software, only on the mechanism when an entity discretionarily chooses to do so. The structural publication obligation that the European open source industry has defended for ten years is not in the CADA.
Two further lexical softenings in the Communication: "key lever" became "crucially contributes"; "sovereignty-washing" was removed. The draft promised to go beyond the limit France has known since 2016 — the adopted text reproduces it at European scale.
Confirmed acquis: the OSI definition is now anchored (incl. EUPL); APELL (the European Open Source Business Association) is named in the document; Open Source Maintenance Instrument with fork capability and security-mirroring programme are retained; envelope doubled from 1 to 2 B€ / 7 years (public + private); EuroStack cited in CADA IA study footnote.
The CADA is still a proposal. The CNLL calls for industry and MEP mobilisation over the next twelve months on four priorities: (1) transform Article 41 into an enforceable obligation in the trilogue, with documented/auditable assessment of derogations, in convergence with European OSS editors signatories of the 3 June open letter; (2) mobilise the existing national legal acquis (Article 16 Digital Republic, Article L. 123-4-1 Code de l'éducation, Italian Article 68, German IT-Planungsrat, Dutch frameworks), which becomes proportionally more important; (3) defend the licence-based legal definition of OSS; (4) neutralise the practice of sovereignty washing — push enforceable jurisdictional immunity criteria (no CLOUD Act / FISA exposure) at the highest CADA sovereignty levels.