Open source software is no longer just about shared code, but also about AI and sovereignty. This was evident at the Open Source Summit 2025 in Amsterdam.
During the Open Source Summit 2025 in Amsterdam, it became clear that open source has reached a tipping point. While it used to be mainly about collaborating on large software projects, this year three other pillars emerged: AI, European regulations, and digital sovereignty.
Jim Zemlin: “Open Source is Worth 9 Trillion Dollars”
Jim Zemlin, CEO of The Linux Foundation, appeared determined during his keynote. “What once started as creating common projects has now grown into the foundation of much business IT; from databases to security standards.” He referred to a study that estimated the economic value of open source at nine trillion dollars. The author of the study now works for him as an economist and will further determine the real contribution of open source in the business world.
There isn’t a single conference that doesn’t mention it at least once, so the focus quickly shifted to AI. “Open source is crucial for building AI applications. It seems we’re already far along because our lives have changed and everyone is investing in it. In my opinion, that technology race has only just begun,” says Zemlin.
According to Zemlin, the start of that ‘race’ is the launch of DeepSeek: an open model that delivers similar performance to closed models from large companies. “Everyone saw the power of open source because we innovate together. We have now entered the agentive era,” says Zemlin, “and open source is important in this too.” Open standards and practices make AI agents widely applicable.
read also
Open Source in 2025: Mature, European, and Ready for the Future
Work to be Done
The second common thread of this event is European regulations, especially the Cyber Resilience Act (CRA). The European law will come into effect in December 2027 and should ensure that both hardware and software are secure by design by default.
Christopher “CRob” Robinson from OpenSSF went into more detail. “The CRA includes 21 cybersecurity measures, ranging from secure software development to managing vulnerabilities. Manufacturers must comply with these requirements to obtain a CE marking. Only then can these products be sold on the European market.”
That deadline is not insignificant. “Large companies normally already comply with most requirements for years. They will only need to adjust where necessary. It’s the small businesses and startups that have an incredible amount of work ahead of them.” A report from The Linux Foundation shows that 62 percent of surveyed manufacturers had never heard of CRA.
Securing Machine Learning without Silos
The challenges of AI development should not be forgotten, even though they are often not mentioned in order to highlight popular success stories. “AI development is software development,” says Robinson. In reality, AI teams often work alone instead of collaborating with developers or security experts. Working in silos causes problems to accumulate without anyone having an overview.
Robinson therefore believes that these silos need to be broken down, and especially that security belongs in the entire machine learning cycle. “Security risks must be continuously monitored instead of being solved afterwards.”
lees ook
Red Hat warns: ‘AI without insight into data is a problem’
Curl: a One-Man Company for almost Thirty Years
Open source projects have been lacking funds and financing for years. A good example of such a project is Curl. Curl is a tool by developer Daniel Stenberg that powers billions of devices, including 47 car brands such as Rolls Royce and Tesla. This technology is maintained by only one full-time person, Stenberg himself. None of those big brands bother to invest in Curl, even though they are heavily dependent on the technology.
Logical questions quickly arose: “How is it possible that a project so many parties rely on depends on one person? And where is the funding?” Companies blindly trust open source technology that is freely available but do not invest in the people who make it possible.
That’s why the open source community has long been advocating for a European tech fund. This fund would not only serve to set up new projects but also to support existing technology that has become fundamental to much software.
Five Years ahead: Still Need for Open Source Foundations?
Does open source still have a chance in this era where AI can write code? Zemlin thinks aloud: “Will we be sitting here soon with hyper-productive developers or an empty hall and AI assistants working for us?”
AI tools can indeed write code, but it often still needs refinement without human input. That code needs to be structured, otherwise the open source aspect is completely redundant and confusion arises. That’s what the foundations are for, non-profit organizations that support and protect projects.
According to Zemlin, their role is now only becoming more important: “The question is not whether developers will be replaced by AI, but whether our structures, values, security, and collaboration are strong enough to survive. Without foundations, that won’t succeed.”
lees ook
Everyone an AI Expert? New Technology Creates New Expectations
Conclusion
For every opportunity open source gets, a challenge emerges. There are regulations like the CRA and a recognized importance of digital sovereignty. At the same time, important and widely used open source software lacks budgets, and small companies are totally unaware of what the CRA expects from them.
Europe can play a major role in the development of open source software. Digital sovereignty doesn’t just mean supporting projects from European soil, but also recognizing them and providing sufficient budget. For now, it remains to be seen whether the CRA will cause fragmentation or give Europe an advantage to finish first in the race.