Deutschland-Stack: Open-Source Alliance warns of "Sovereignty Washing"

The Federal Ministry for Digital and Modernization of the State (BMDS) has big plans for German administrative IT. The Deutschland-Stack is intended to create a national, sovereign technology platform that bundles software products and framework conditions for the federal government, states, and municipalities. This is intended to strengthen the state's digital capabilities and promote the domestic economy in order to efficiently provide modern services for citizens. However, despite corrections already having been made, criticism from the open-source community regarding its implementation persists.

In its statement on the second consultation round, the Open Source Business Alliance (OSBA) warns that the prestige project continues to fall short of its own ambitions. While the revised draft stipulates that open-source solutions or products from European sovereign providers should be prioritized and that in-house development components must be open source, the association criticizes the lack of binding commitment in crucial areas. It misses a consistent strategy that mandates the use of open-source licenses in all areas, without exception.

Lack of Binding Commitment

The OSBA also criticizes a linguistic dilution in the selection of providers. The phrasing that "solutions from European sovereign providers" stand on equal footing with open-source offerings, according to the association, opens the door to proprietary software. There is a danger of "sovereignty washing": even the closed code of a company based in Europe cannot be independently verified. Digital sovereignty arises primarily from design freedom and vendor independence, which can only be technically guaranteed through open standards and source code.

In the event of an acquisition by non-European corporations or insolvency, closed source poses an incalculable risk for the operation of state infrastructure. The OSBA sees a further setback in the evaluation criteria. While the first version of the D-Stack included a maturity model, the BMDS is now postponing the further development of this model in favor of faster implementation. Without these measurable stages, the association lacks the ability to make informed comparisons of digital offerings based on their actual degree of sovereignty.

Risk of Lock-in Effects

This cements existing lock-in effects and leaves loopholes for non-European hyperscalers, criticizes the OSBA. The latter already dominate the digital infrastructure of public administration. Those capable of shutting down the D-Stack could paralyze all of Germany in an emergency. There also appears to be a need for discussion within the federal government regarding the definition of the core concept of "digital sovereignty." The association is concerned about BMDS efforts to define sovereignty merely as a backup plan.

Such an understanding is insufficient to consistently reduce existing dependencies. Instead, the state must orient itself towards the established definition of the IT Planning Council, which considers interchangeability and design capability as central pillars. OSBA Chairman Peter Ganten emphasizes that only the consistent implementation of the coalition agreement can bring about the desired success. Only in this way will the D-Stack also create jobs in the European IT industry.

(wpl)