Calls for Europe to develop open-source cloud services as an alternative to the dominance of American tech giants are becoming more frequent. But how exactly does ‘open source’ differ from big tech?
Mark de Reuver, professor digital platforms at TPM. (Photo: Thijs van Reeuwijk)
At the end of January, the Trump administration dismissed several Democrat members from the PCLOB (Privacy and Civil Liberties Oversight Board), which monitors the data of European users in American cloud services. The expectation is that the PCLOB will now take a more lenient approach, giving cloud providers and governments greater freedom to look into their clients’ data. This decision has once again raised concerns about data security in American clouds.
The European NextCloud company recently gave a presentation on open-source platforms and how they respect data ownership. But how to stimulate this development? When asked how the development of open-source software could be encouraged, founder Frank Karlitschek said: “Make it mandatory for half of the critical infrastructure (electricity, roads, locks, railways, water companies, etc.) to run on open-source software. That would trigger a huge investment in open-source development.”
Is this the way to go? And is an open source cloud always better? Delta asked Professor Mark de Reuver, an expert in digital platforms at the Faculty of Technology, Policy, and Management, for his perspective.
Frank Karlitschek argued that mandating critical infrastructure to run on open-source software would significantly boost its development. What is your view on this?
“I think it’s good to develop alternatives to the closed, big-tech-style platforms we have today. That’s partly due to their negative effects, such as market dominance and privacy issues, and now there’s also a geopolitical dimension.”
‘The question is under what conditions open-source software can be secure’
Is open-source software secure enough for critical infrastructures?
“Not necessarily, no. Research has been conducted on this, but the results were inconclusive. Open-source software can be inspected for vulnerabilities, which is an advantage. But on the other hand, those vulnerabilities are also visible to bad actors. The question isn’t whether open-source software is secure, but under what conditions it can be secure.”
Shifting half of critical infrastructure to open source would trigger significant investment. Does that really work that way?
“In recent years, we’ve seen a wave of European regulations targeting digital platforms like Google, Amazon, and Microsoft. But now, there also seems to be a counter-movement, with more focus on strengthening Europe’s own economy. The Draghi report touches on this as well. I think the real question is: what is our digital sovereignty worth to us?”
What do you mean?
“The potential benefits of open-source software and reduced dependence on foreign providers might justify some additional costs. The question is: how much, and who will pay for it?”
Karlitschek believes companies will invest. He trusts the market.
“That’s possible.”
You seem less convinced. An open source alternative also costs public money?
“Yes, especially when it comes to cloud services, where scale is crucial. It takes big investments to set up and maintain a cloud service. It can only work out if you have a lot of subscribers. That is why there are only a few players who dominate the entire market. Many organisations, including governments and universities, have moved to cloud services because of the advantages of scale. That’s why only a few players dominate the entire market. So, if we want to develop a European alternative and scale it up, it might be slightly less efficient, less innovative, a bit more expensive, or slower. But maybe that’s the price we need to pay for greater sovereignty and autonomy.”
How long would it take to develop a European alternative? And do we have the necessary expertise?
“There is expertise in open source. The companies that have that knowledge are there as well. Karlitschek is right about that. But beyond just developing open-source software, we also need to think about implementation, management, and oversight. Right now, we mostly consume cloud services with automatic updates. With open source, you have to handle this yourself or hire a company to do it. Open source demands a more active role from the user.”
What does that entail?
“Well, you need to configure build own system from the available parts, ensure it stays updated, apply security patches, and manage expansions. And ideally, not in an ad hoc way, but with a clear architectural vision.”
Would that be the responsibility of an IT department?
“It falls somewhere between IT and business operations. It requires IT architects who can manage it at a high level, and they are in short supply. Alternatively, you could outsource it to open-source software companies. They don’t make money from the software itself but from customising it to suit your needs, providing advice, or managing it. Just as you hire a company to create a website based on WordPress, which is also open source software. That’s their business model, and that costs money. Open source isn’t necessarily free.”
Will a European open source revival come from below or from above?
“Raising awareness is crucial for digital autonomy. Legislation plays a driving role, but European regulations don’t dictate how solutions should be implemented. That requires a bottom-up approach—collaborating with organisations that build alternative platforms or provide complementary platform services. A lot of this involves design-based research, where we co-develop new platform models or business models.”
Can you give an example?
“Not exactly from open source, but in the broader context of openness and platforms. My favourite example is a platform for hospitality businesses that uses sales data. It provides insights into how busy it was, how much staff will be needed next week, etc. The same data is valuable for suppliers as well. So, the more open it is, the more value it creates for everyone.
But openness also carries risks—one café can see what another café is selling, or suppliers might misuse the information. So even if you’re working in an open and bottom-up way, you still need to be mindful of market dominance and privacy concerns – the same issues we criticise big tech for today.”
So, open source isn’t automatically open and fair?
“Good intentions alone aren’t enough. I firmly believe that the tension between openness and control will always resurface. It’s a recurring theme in my field of digital platforms. Even with open source and decentralisation, my area of expertise, these dilemmas never truly go away.”
Mark de Reuver will deliver his inaugural lecture Digital Platforms Beyond Big Tech: Towards a New Platform Model on 28 March 2025. In it, he will explore how to design a platform ecosystem for the data economy. Visit the registration website.
Mark de Reuver (1982) studied systems engineering at the Faculty of Technology, Policy and Management (2000 – 2005) and then obtained his PhD on mobile service innovation in 2009. At the same faculty, he became assistant professor (2010), associate professor (2016) and then professor in 2024. He will deliver his inaugural address on 28 March 2025.
Science editor
Jos Wassink
Do you have a question or comment about this article?
j.w.wassink@tudelft.nl
Comments are closed.