Articles

Open source software as a foundation for future digital standards

Developing open source software is not just a method for building software – it is a way to create shared digital infrastructure. For Björn Lundell, Professor at the University of Skövde, openness is a prerequisite for standards to work in practice and to drive innovation. He argues that we must look beyond documents and controlled processes, and instead let code, communities, and usability lead the way.

“Standards that cannot be used in real life risk becoming nothing more than paper products. We need code that proves they work.”

Photo: University of Skövde

Article in brief:

Open source software (OSS) is a cornerstone for building practical and future-proof digital standards. In this article, Professor Björn Lundell shares why OSS matters for innovation, trust, and digital sovereignty. Through reference implementations – working code that proves a standard can be implemented – clarity, transparency, and real value are achieved.

Lundell highlights the importance of the communities that form around open source projects, academia’s role, and how EU regulation affects open innovation. The article also explains why “Common Specifications” raise concern – and why collaboration is essential for making standardisation truly useful.

Read more about:

  • Why open source software is key to innovation and digital sovereignty
  • How reference implementations make standards understandable and usable
  • What an open source community is – and why it matters for society as a whole
  • Academia’s role in open and practical standardisation
  • CRA, Common Specifications and the need for open collaboration

Why is open source important?

For Björn Lundell, open source software is about more than technical solutions. It is also a model for collaboration, control, and long-term sustainability in the digital world. Because the code is open for review, reuse, and further development, it creates a shared foundation that can be adapted and improved as new needs emerge.

“When software projects make their code available under conditions that meet the definition of open source software, more people have the opportunity to understand, influence, and further develop it. For the public sector, this is a matter of democracy – but also a practical advantage that can stimulate innovation across society,” says Lundell.

In a landscape where many organisations struggle with vendor lock-in, dependencies, lack of transparency, and high switching costs, open source offers a path to greater freedom of action. Here, openness is not just a technical choice – it is strategic.

What is an open source community – and why does it matter?

A vital prerequisite for open source is the communities and projects that sustain it. An open source community typically consists of developers, researchers, companies, and users who together build, test, and improve code – without being tied to a specific vendor or product.

In many respects, this resembles the work within organisations such as ETSI – with the difference that the end product is software rather than a standard.

Read also: How ICT standardisation works – an introduction to the process, the key players, and opportunities to get involved.

“It’s easy to think that open source is only about technology, but without the community behind it, the entire model falls apart. That’s where creativity, review, and quality emerge.”

These communities do more than create code. They establish norms, solve problems together, and share knowledge across organisational boundaries.
For society, this means increased capacity for innovation, for companies, it offers the chance to build on the work of others, and for research, it provides a tangible way to make an impact.

Software development that produces and provides open source software shares several characteristics with standardisation – openness, transparency, and collaboration. Both are about creating shared solutions that many can understand, use, and further develop. When they work together, the result becomes more accessible and more sustainable.

When standards meet code –
the role of the reference implementation

One of Björn Lundell’s strongest positions is that a technical standard cannot be considered complete until someone has proven that it works in practice.That is where the reference implementation comes in – an open, working version of the standard in code form.

Reference implementations serve several purposes. They show that the standard is understandable and can be implemented in open source software. They provide a starting point for others. And they quickly reveal if something in the specification is unclear or unworkable.

“We don’t need more documents – we need working code.”

When reference implementations are developed in open source projects, they also create transparency and a shared understanding of what the standard means in practice.

EU regulation and the threat to openness

When the EU first presented the Cyber Resilience Act (CRA), it quickly became clear that the proposal risked having serious consequences for open source software. There was a danger that even non-commercial, volunteer-developed software would be subject to the same requirements as commercial products.

Although the EU’s intention with CRA was positive, the early drafts contained language based on misunderstandings of how modern software development works. For a long time, there was a real risk that open source software could not be used within the EU.

“Many of us pointed out that the rules, as written, would hit the development of free and open source software (FOSS) in Europe hard.”

The problem was fundamental uncertainty about what FOSS is, with contradictory language in the drafts. The final version has been greatly improved, but questions remain about how certain parts will be interpreted. For many organisations, the new law now means working under significant time pressure. With CRA come new requirements for many companies – for example, to ensure cybersecurity throughout the entire lifecycle, document risk management, report incidents, and meet formal certification demands.

This has been especially challenging for FOSS projects without a clear legal structure or funding, which now have to interpret their role under the new regulation.

After strong reactions from the research community, industry, and civil society, the text was revised.

Jochen Friedrich, standardisation expert at IBM, has in discussions with ITS emphasised the importance of designing digital regulations such as CRA in ways that encourage – rather than hinder – innovation and collaboration, especially in open source. According to Lundell, however, vigilance remains essential, particularly as the European Commission has signalled that it sometimes wants to bypass the traditional standardisation model through so-called Common Specifications. This is a way to more quickly produce technical specifications when harmonised standards from recognised standardisation bodies such as ETSI, CEN, or CENELEC are missing or delayed.

The aim is to ensure compliance with laws and regulations – but it raises questions about openness, transparency, and the ability of relevant stakeholders to have influence.

“We must safeguard open, inclusive processes. Otherwise, we risk losing both quality and trust.”

Read also: Jochen Friedrich on cybersequrity and digital innovation

Academia’s contribution and the need for collaboration

Despite having deep knowledge of both technology and societal benefit, academia is often absent from standardisation processes. According to Lundell, this is partly due to a lack of incentives and structural barriers.

“Contributing to standardisation earns no academic credits. But it’s an important way to influence the systems of the future.”

He sees increased collaboration as a key – between universities, standardisation bodies, public authorities, and companies.

Today, academic publications are valued more highly than concrete influence on socially beneficial standards – something Lundell believes discourages engagement.

At the same time, he notes that researchers can contribute in other ways.
By participating in projects that develop and provide open source software – especially when it comes to reference implementations – academia can add both depth and grounding.

“There is a lot of knowledge that risks staying in articles when it could be put to use in real systems”, he says. It is about building bridges between research and application – between code and rules.

An open future requires shared responsibility

For digitalisation to be sustainable, interoperable, and accessible, more is needed than new technical solutions. It requires open processes, working code, and effective collaboration.

“We must stop seeing standardisation only as the final document produced by the process. It is an ongoing practice where code, people, and societal benefit meet.”

And that, Björn Lundell argues, is the true value of open source software – not just that the technology is free, but that it is built on collaboration, understanding, and continuous improvement.

Want to know more about ITS and how we work? Read about or working groups here.

Relaterat innehåll

Gå till kunskap
Gå till kunskap

Newsfeed from ETSI

    Feed has no items.
Membership

Be part of shaping the communication of the future

Become a member of our network that brings together Swedish industry experts in IT and telecommunications to influence the development of standards.

Become a member