The Swiss Don’t Miss on Open Source: How Switzerland's EMBAG Law is Evolving the OSS Landscape

If there’s a song lyric that captures the ethos of Switzerland, this one comes to mind from Fleetwood Mac: 

“You can go your own way…”

This classic was spinning on turntables and jukeboxes in the mid-1970s, but the Swiss have been rockin’ to the beat of their own drum for over 500 years – back when the country first established its venerated stance on neutrality. 

With a rich history of non-conformist geopolitical leanings, it’s not surprising that Switzerland is embracing open source software (OSS) with greater purpose and intention, while much of the West remains hesitant – particularly in government circles. 

Just how serious are the Swiss about OSS? 

Last year, the country passed what it calls the Federal Law on the Use of Electronic Means for the Fulfillment of Government Tasks (EMBAG for short), a law requiring public sector entities to provide their software as open source. This applies to any code or applications they’ve developed (or had developed by a third party) provided it doesn’t compromise any rights or create security issues. 

While many of the tenets are still being implemented, the Swiss government and its contractors must release their software code under an OSS license, promising an entirely new level of transparency around government practices. 

A year after the law’s final adoption, EMBAG continues to challenge existing perceptions of OSS across the EU, and might just be the model for the future. That may sound wildly ambitious to some – foolhardy to others – but it also makes perfect sense. Like the Swiss, OSS is steeped in a deep legacy of democratic and social idealism, embodying the spirit of freedom and community.

But in a world where trust can be easily exploited, is it a good idea for government agencies to be so open about their software?

I recently caught up with Mathias Bolt Lesniak, an open source evangelist at toujou (a SaaS website building platform based in Norway) and Project Ambassador at the TYPO3 Association. We’ve spoken previously about his involvement with the Open Web Alliance, a cabal of the world’s leading open source CMSs – Drupal, Joomla, TYPO3, and WordPress – which assembled in the wake of the EU’s Cyber Resilience Act. 

The Alliance perceived this emerging policy as a threat to free and open source software like content management systems, assigning responsibility for safety and security considerations regardless of how their CMS software is being utilized or customized. Their efforts culminated in an open letter to the EU about a myriad of issues – including the financial implications – and reinforced the benefits of open source. 

As an expert in OSS (or “FOSS” when it's free), Mathias had some thoughts on the evolution of Switzerland’s law and what it signals about the future. While other countries in the EU are also investing in the promise of open source, governments abroad are less bullish about the prospects. 

WordPress, the open source CMS goliath, continues to power over 43% of all websites on the planet. Despite this staggering reach, there’s much work to be done to advance OSS principles in all corners of the globe, particularly in the public sector. But EMBAG just moved the ball further down the field – and if the Swiss don't miss, it could change the game. 

The long road to open source

The adoption of EMBAG was certainly a legal milestone, and more than a decade in the making. 

Over that period, the Swiss government was embroiled in lengthy political and legal battles. There were numerous questions about existing agreements and the weight of international law. But in the end, the Swiss government achieved cooperation, applying radical changes to its e-government practices – specifically as it relates to the free reuse of its open source code.

Unlike other legislation efforts, EMBAG also breaks new ground by mandating the release of broader government data. While this precludes personal or highly secure information, its Open Government Data (OGD) model goes beyond transparency – easing the friction around reusing data for other applications and encouraging greater innovation and collaboration between government agencies. 

An alignment of democratic ideals

I asked Mathias about the promises and pitfalls of EMBAG, and where the potential of success – or failure – might exist. He had some strong observations on the role of governance in the equation, and how that could influence the overall trajectory. 

“My primary reaction, of course, is that this is great,” he said “I'm really looking forward to seeing the results of it, because this is a project that can go really well, or it can go not so well. I think it depends on the governance aspect of how it's actually implemented. Switzerland, of course, is one of these places that has a really strong democratic tradition – and democracy is what I usually point to when I talk about the positive things open source can bring into countries. It's a kind of ‘learning ground’ for democratic practices. And Switzerland, of course, has had this amazing, direct democracy for hundreds of years.”

As Mathias codified, one might say that the Swiss were “culturally prepared” for a shift towards OSS, making it an ideal stage for employing such a groundbreaking piece of legislation. Other countries like France have professed a predilection towards open source, but none have gone this far with their public sector standards. 

“Democracy is what I usually point to when I talk about the positive things open source can bring into countries.”

The cards might be stacked against any country willing to dive this deep with open source. According to Mathias, there are several things that might help ensure positive outcomes as Switzerland looks to successfully execute this policy.

“One of the things I'm looking forward to hopefully seeing is the Swiss building expertise around open source systems, as well as their small to medium supplier market,” he observed. “Open source has this ability, because it gives people the possibility to learn and use it outside of the originally intended use case.” 

Mathias also sees a runway for expanding the reuse of government software by other entities within Switzerland as well as outside the country. To his point, the Swiss have long cultivated a reputation for superior products and technologies (watches come to mind). As he sees it, there may be a heightened demand for Swiss OSS that far exceeds its current charter – perhaps even a “Swiss standard” for government software. 

To that end, Mathias sees the adoption of EMBAG as a clear signal that Switzerland recognizes the true potential of open source, widening the aperture well beyond its peers in the EU and abroad. 

The struggle with security

Despite the palpable pros, open source has wrestled with the central challenge of trust. And it makes sense: you open your code to the world, and the question of security naturally follows. 

Accountability is also a major point of friction, as any issues with code or functionality often belong to a community, which can present barriers to solving critical problems.

To be fair, all software is vulnerable – and we’re seeing just how vulnerable on a daily basis. Hacks and threats are becoming commonplace, and large open source systems like WordPress provide a much larger surface area for exploits. That said, proprietary software is target-rich and bountiful for likes of ransomware. Just take a quick peek at Microsoft’s security update guide and you’ll get a long and troubling list of vulnerabilities that have cropped up over time.

No software should ever be deemed completely secure. But relative to proprietary platforms, open source can hold its own – and in some instances, might even be considered a safer bet. One example: because OSS isn’t controlled by a single vendor, anyone can monitor, locate, and remediate vulnerabilities. This can be a force multiplier for security and governance.

At the end of the day, does this build enough trust for public sector agencies to open their code? Do the rewards outweigh the risks?

“I think it definitely builds trust,” Mathias said. “Any country that adopts open source so fully is really a sign that its government understands all of the good stuff that you can do with it.”

Why is the U.S. less bullish on open source?

The European market teetered on the brink of recession throughout 2023. There were certainly a few bright spots, but by in large, the entire continent struggled as the U.S. boomed, losing pace in the race for AI and suffering setbacks in areas like electric vehicles. 

According to a Wall Street Journal article published in January, there is one field where the EU still leads the world – and that’s regulation. This has been a benefit in areas like controlling carbon emissions and advancing data privacy. But its penchant for draconian rulemaking has also stymied its economic agility when competing with China and the U.S.

Of course, it’s not all about competition. There is this thing called humanity, and countries like Switzerland seem interested in policies that protect citizens and serve the public interest while promoting digital sovereignty and stoking innovation. 

Many would claim that doing good and driving economic growth aren’t mutually exclusive, but some EU companies are proving the opposite. A great example in the CMS world is Umbraco, which is investing deeply in sustainability and DEI strategies while activating growth (it also happens to be an open source platform).

We’ve already established that open source can overcome questions about its security and stability – and based on research from Frank Nagle at the Harvard Business School, 96% of commercial programs include some form of OSS in their mix – making it absolutely critical to the global economy. Now, the Swiss are advocating open source for government at the highest level.

So why has it been slow to catch on in the U.S. public sector?

Well, for starters, there’s certainly support for it. Just a few years ago, the U.S. Air Force began deploying applications on F-16s utilizing a hybrid cloud strategy via Kubernetes – an open source system for pushing, scaling, and managing containerized apps. The U.S. federal government also requires agencies to release a percentage of its custom code as OSS. 

That said, there are no mandates like the one Switzerland has introduced – and very little incentive for public sector agencies to invest heavily in open source. I asked Mathias about this marked difference between the U.S. and Europe, and what the underlying factors might be.

“I think there's a difference in tradition,” he said. “The U.S. and Europe have different ways of funding for open source projects, to be very black and white. Europe has much more of a government-centric funding model, where the public sector supports projects. The German Sovereign Tech Fund, for example, is a government construct for capitalizing open source projects. And in the U.S., it seems that it's much more reliant on private capital. I think both of those can work as funding solutions, but governments are going to be motivated by public service to a much larger degree than private funding.”

That said, the EU's well might be running dry on public funding for OSS. In July, the European Commission neglected to include any Next Generation Internet (NGI) programs in its budget for 2025. NGI has been fiercely committed to building a trustworthy internet by funding over a thousand open source projects through its NGI Zero Commons Fund. If this disappears, many OSS projects may come to a halt.

Opening up the open source promise 

While EMBAG is providing a template for other EU nations – and the world – it’s still early days. There are aspects of the policy that still need shaking out. But as Mathias observed, the news is sparking great interest around open source and its potential for continued growth.

There are clear benefits for the Swiss as they embark on this journey. Aside from the foundation of greater openness and transparency, OSS eliminates inhibitors like vendor lock-in and other compromises that come with selecting proprietary software. More importantly, it drives efficiency by enabling the reuse of code and improving productivity through collaboration. 

As Mathias sees it, open source can provide governments with greater choice and control –  the essential ingredients for accelerating time to mission and supporting the needs of citizens and communities. Being able to share and reuse OSS code can help activate the potential. 

“Selecting open source doesn't have to mean you select a single model or one open source piece of software to rule them all,” he explained. “You can also create and fund a collaboration between different projects so that they can reuse the same kind of code. And I think that's an opportunity that is much more relevant when the government is participating. We share information openly, and that’s something that can benefit existing platforms and the development of new platforms for things like government ID.”

Mathias is also predicting unexpected ways that open source might deliver greater impact and value.

“Governments have an opportunity to support some of areas that are often forgotten, or that receive little focus from open source developers, and one of those is UX,” he said. “For example, many open source systems have been built by developers who build them in a ‘developer way.’ The first thing they think about is functionality and not UX, and governments have the possibility to fund that missing layer of making open source so usable that everyone will adopt it. If that happens, we might see open source platforms that are being compared beyond their feature sets.”

We’ve had numerous discussions in the Boye & Company CMS Experts Group about Gartner’s persistent “overlooking” of open source platforms on its MQ reports. We know revenue is an obstacle (among other requirements), but there’s also a latent undercurrent of negative perception around OSS when it comes to enterprise software decisions.

As the Swiss swing for the fences and once again “go their own way,” perhaps more OSS solutions will attain a new level of respect in the minds of market watchers. Of course, that shift will require a deeper understanding of the true nature of open source:

It’s less about code – and more about culture. 

Upcoming conferences

CMS Connect 24 - SOLD OUT

August 6-7, 2024 – Montreal, Canada

We are delighted to present our first annual summer edition of our prestigious international conference dedicated to the global content management community. Join us this August in Montreal, Canada, for a vendor-neutral conference focused on CMS. Tired of impersonal and overwhelming gatherings? Picture this event as a unique blend of masterclasses, insightful talks, interactive discussions, impactful learning sessions, and authentic networking opportunities.

CMS Kickoff 25

January 14-15, 2025 – Tampa Bay Area, Florida

Join us next January in the Tampa Bay area of Florida for the third annual CMS Kickoff – the industry's premier global event. Similar to a traditional kickoff, we reflect on recent trends and share stories from the frontlines. Additionally, we will delve into the current happenings and shed light on the future. Prepare for an unparalleled in-person CMS conference experience that will equip you to move things forward. This is an exclusive event – space is limited, so secure your tickets today.