Germany's Deutschland-Stack faces open-source backlash over tech rules

Germany's D-Stack project sparks open-source debate over digital sovereignty

Germany's Digital Ministry Faces Criticism Over National IT Platform Plans

The Federal Ministry for Digital and Transport (BMDS) has ambitious plans for Germany's public administration IT. With the Deutschland-Stack (D-Stack), the government aims to create a national, sovereign technology platform that consolidates software solutions and frameworks for federal, state, and local authorities. The goal is to bolster the state's digital capabilities, support domestic businesses, and efficiently deliver modern services to citizens. Yet despite revisions, the project continues to draw sharp criticism from the open-source community.

In its response to the second round of consultations, the Open Source Business Alliance (OSBA) warns that the flagship initiative still falls short of its own aspirations. While the revised draft stipulates that open-source solutions or products from European providers should take priority—and that any in-house developments must be open-source—the alliance argues that key provisions lack binding force. It calls for a comprehensive strategy mandating open-source licensing across all areas without exceptions.

The OSBA also slams what it sees as watered-down language in vendor selection. The phrasing that "solutions from European sovereign providers" should stand on equal footing with open-source offerings opens the door to proprietary software, the group contends. There is a risk of "sovereignty washing": even closed-source code from a Europe-based company cannot be independently verified. True digital sovereignty, the alliance insists, depends on design freedom and vendor independence—guaranteed only by open standards and source code.

Should a non-European corporation take over a provider or if insolvency strikes, closed-source systems could pose an incalculable risk to critical government infrastructure. The OSBA identifies another setback in the evaluation criteria: while the D-Stack's initial version included a maturity model, the ministry has now shelved its further development in favor of faster implementation. Without measurable benchmarks, the alliance argues, there is no way to objectively assess digital offerings based on their actual degree of sovereignty.

This, it warns, entrenches vendor lock-in and leaves loopholes for non-European hyperscalers—companies that already dominate much of the public sector's digital infrastructure. Whoever controls the D-Stack, the OSBA cautions, could potentially paralyze Germany in a crisis. Even the core concept of "digital sovereignty" appears to lack consensus within the federal government. The alliance expresses concern over signals from the BMDS that sovereignty might be treated as a fallback option rather than a priority.

Such an approach, it argues, is insufficient to systematically reduce existing dependencies. Instead, the state should align with the IT Planning Council's established definition, which emphasizes the ability to switch providers and shape technology as fundamental pillars. OSBA Chairman Peter Ganten stresses that only strict adherence to the coalition agreement's commitments can ensure the D-Stack's success—and with it, the creation of jobs in Europe's IT industry.