Germany’s flagship sovereign technology platform, the Deutschland-Stack, is supposed to give the public sector a digital infrastructure it actually controls. The ambition is real: a national platform for federal, state, and municipal IT, built on open standards, reducing dependency on US hyperscalers.

But the Open Source Business Alliance (OSBA) warns that the current draft opens a dangerous loophole. The revised specification states that “solutions from European sovereign providers” may be used alongside open-source offerings. That sounds reasonable — until you consider what it means in practice.

The problem with “European sovereign”

A company can be headquartered in Europe, employ European staff, and host data in European data centres — while shipping entirely proprietary, closed-source software. Under the Deutschland-Stack’s current wording, that qualifies as “sovereign.”

The OSBA calls this sovereignty washing: the appearance of independence without the substance. Closed-source code from a European company cannot be independently audited. If that company is acquired by a non-European entity, or goes bankrupt, the state has no fallback. It cannot fork the code, maintain the software, or switch providers without starting over.

This is not a theoretical risk. It is the same vendor lock-in problem that drives the entire sovereignty discussion — just wrapped in a European flag.

What the OSBA demands

The alliance’s position is clear: open-source licensing must be mandatory across all components, without exceptions. Specifically:

  • No “sovereign provider” escape clause. European headquarters alone do not guarantee sovereignty. Only open source — where the code can be inspected, forked, and maintained by anyone — provides that guarantee.
  • Restore the maturity model. The first Deutschland-Stack draft included a framework for measuring how sovereign a solution actually is. The revised draft dropped it in favour of faster implementation. Without measurable criteria, the label “sovereign” becomes meaningless marketing.
  • Follow the coalition agreement. The current German government committed to “Open Source first” in public procurement. The OSBA argues that the Deutschland-Stack should implement this commitment, not water it down.

Why this matters beyond Germany

The Deutschland-Stack is being watched across Europe. If Germany — the EU’s largest economy and a co-founder of GAIA-X — defines sovereignty in a way that permits proprietary lock-in, other countries will follow. The precedent would undermine the EU Parliament’s 471-to-68 vote for “Open Source first” in public procurement.

Sovereignty is not a label. It is a technical property — and it requires open code.

Sources