Comments on the SHARE IT Act

2025-01-14
Logiciel libre Open Source

The US House of Representatives recently passed the "Source code Harmonization And Reuse in Information Technology Act," or SHARE IT Act, a significant piece of legislation mandating government-wide sharing and reuse of custom-developed software code. This Act, while primarily focused on fostering "Inner Source" practices – applying open source methodologies within organizations – has broader implications for the global open source ecosystem and the pursuit of digital sovereignty.

As Europe has long been a champion of open source and is actively pursuing strategies to enhance its digital sovereignty, it becomes crucial to analyze the SHARE IT Act within this broader context, examining its potential impact, comparing it with existing European initiatives, and identifying what further steps Europe needs to take to advance its own vision of a values-driven digital future. This analysis will explore the key provisions of the SHARE IT Act, assess its strengths and limitations, consider its potential influence on global trends, and ultimately, argue that Europe must continue to forge its own path, doubling down on its commitment to open source as a cornerstone of a more transparent, collaborative, and citizen-centric digital ecosystem, while taking into account the importance of inner-source as a first step.

1. Is this a victory for Inner Source practices in the public sector?

Absolutely, yes. The SHARE IT Act is a major victory for Inner Source practices within the US public sector. Here's why:

  • Mandates Code Sharing and Reuse: The Act explicitly mandates the sharing and reuse of custom-developed code across federal agencies. This is the core principle of Inner Source – applying open source methodologies within an organization.
  • Establishes Agency-Wide Policies: It requires agencies to develop policies for managing the sharing and discovery of source code, including procedures for using repositories and version control systems, as well as standardized reporting practices. This is widely considered as Inner Source best practices.
  • Creates Accountability Mechanisms: The Act requires agency CIOs to develop policies, the Federal CIO to establish a review framework, and the GAO to produce reports. This ensures accountability.
  • Focus on Collaboration: The Act emphasizes the need for collaboration among developers and agencies.
  • Promotes Transparency: By requiring the publication of metadata and, where appropriate, the source code itself, the Act fosters transparency, a core value of both Inner Source and open source.

2. Will it also strengthen open source?

Potentially, yes, but the direct impact on open source is less clear-cut than on Inner Source. Here's a nuanced view:

  • Indirect Benefits:

    • Increased Familiarity with OSS Practices: By mandating Inner Source practices, the Act will expose a large number of government developers and agencies to open source development methodologies, tools, and workflows. This will lead to a greater appreciation for and understanding of open source, potentially increasing future contributions to external open source projects.
    • Potential for Code Release: While the Act doesn't mandate the release of code as open source, it creates a framework where agencies are more prepared to do so. The requirement for public repositories and the emphasis on transparency will lower the barriers to releasing code publicly under open source licenses in the future.
    • Improved Code Quality: The focus on code sharing, reuse, and security auditing will lead to higher quality code within the government. This higher quality code could be more suitable for release as open source.
    • Alignment with Existing Initiatives: The Act builds upon existing initiatives like Memorandum M-16-21 and Code.gov, which have already encouraged open source adoption within the government.
    • Validation of OSS Values and Principles: The Act's emphasis on transparency, collaboration, and efficiency validates many of the core principles of open source, even if it doesn't explicitly mandate open source licensing.

  • Limitations and Considerations:

    • Focus on Internal Sharing: The primary focus of the Act is on code sharing within the government, not necessarily with the public.
    • Exemptions: The Act includes exemptions for classified code and code related to national security, as well as other broad exemptions (similar to France's Loi République Numérique). This means a significant portion of government-developed code will not be shared, even internally, let alone released as open source.
    • No Mandate for Open Source Licensing: The Act does not require agencies to use open source licenses, even when code is made public. Agencies could choose to release code under custom licenses that restrict reuse or modification, limiting the benefits to the broader open source community.
    • Dependence on Implementation: The Act's impact on open source will heavily depend on how it is implemented by agencies and the guidance provided by the Federal CIO.

3. What are the expected outcomes?

The Act's preamble and purpose section outline the following desired outcomes:

  • Reduced Duplication: Less redundant development efforts across agencies, saving taxpayer money and improving efficiency. The Act directly addresses this by mandating code sharing and reuse.
  • Cost Savings: Lower costs for software development, licensing, and maintenance. This puts the spotlight on the economic benefits of software reuse.
  • Increased Interoperability: More consistent technology choices and greater data exchange between agencies, facilitating seamless system integration.
  • Faster Adoption of Best Practices: Quicker diffusion of engineering best practices and innovations across agencies. The Act promotes this through its focus on collaboration and the sharing of lessons learned.
  • Improved Security: Enhanced security through collective auditing and the identification and remediation of vulnerabilities.
  • Greater Transparency and Accountability: Increased public scrutiny of government-funded software.
  • Innovation: The Act's emphasis on collaboration and code reuse can be expected to foster innovation within the government, as developers can build upon existing work and adapt solutions to new challenges.

4. Could it inspire legislation outside the US?

Yes, very likely. The US is a major player in the global software landscape, and this Act could serve as a model for other countries seeking to improve efficiency, reduce costs, and enhance digital sovereignty.

  • Example-Setting: While, as discussed below, several initiatives predate the SHARE IT Act, the Act's mandatory nature and government-wide scope make it a noteworthy development in government IT policy that could be replicated elsewhere.
  • Alignment with Global Trends: The Act aligns with global trends towards open government, open data, and open source. It resonates with the principles of digital sovereignty and the strategic use of open source and open standards.
  • Potential for International Collaboration: The Act could even pave the way for international collaboration on government software development, as countries with similar policies could potentially share code and best practices.
  • Influence on International Organizations: The Act could influence the policies and recommendations of international organizations, such as the OECD and the UN, regarding digital government and open source.

However, the re-election of President Trump casts a significant shadow over the international prospects of the SHARE IT Act and the broader open source movement. His administration's demonstrated hostility towards multilateralism and preference for proprietary American technology, coupled with potential policy reversals, suggest that the Act's potential to inspire global change and foster international collaboration on open source is now severely limited. A renewed Trump presidency likely prioritizes US tech interests, potentially hindering alliances, disrupting collaborative projects, and weakening international norms related to open data and interoperability. This makes it even more critical for the EU and other nations to independently champion open source and digital sovereignty, forging their own path regardless of the US's direction.

5. Are there any precedents in other parts of the World?

While the SHARE IT Act is a significant development, it's important to acknowledge that it is not entirely precedent-setting. Many countries, particularly in Europe, have already implemented or adopted strategies and legislation promoting open source and, to a lesser extent, inner source principles within their public sectors.

European Initiatives:

  • France: The Loi pour une République numérique (2016) encourages the use of free software and open standards in public administration. Also, DINUM's BlueHats initiative fosters internal collaboration and open source contribution.
  • Germany: The Sovereign Tech Fund (STF) project and the Center for Digital Sovereignty (ZenDiS) demonstrate a commitment to open source at both the infrastructure and policy levels.
  • European Union: The EU's Open Source Observatory (OSOR) and the EU's Open Source Software Strategy 2020-2023 promote open source adoption and best practices. The European Interoperability Framework (EIF) v1.0, although weakened in later versions, provided a strong definition of open standards.
  • Other European Countries: Italy, Spain, the Netherlands, Estonia, Sweden, and the United Kingdom have all taken steps to promote open source and code reuse in their public sectors, through legislation, policies, or specific initiatives.

Beyond Europe:

  • Brazil, South Africa, Mexico, and India have also implemented policies and initiatives to promote open source in government, often with a focus on digital inclusion and e-government.

Key Differences and Nuances:

  • Mandatory Nature: The Act's mandatory requirement for code sharing across agencies is stronger than the "encouragement" or "preference" found in many European policies.
  • Focus on Custom-Developed Code: The Act specifically targets custom-developed code, which is a significant portion of government IT spending.
  • Government-Wide Scope: The Act applies to all federal agencies, creating a unified framework for code sharing across the entire US government.
  • Accountability: The Act includes specific accountability mechanisms, such as reporting requirements and the involvement of the GAO.

6. What Remains to Be Done? (in Europe)

While Europe has been a leader in promoting open source principles and digital sovereignty, significant work remains to be done to fully realize the potential of open source and inner source within the public sector. The SHARE IT Act, despite not being entirely precedent-setting, highlights areas where Europe could strengthen its approach and further advance its digital agenda.

1. Moving Beyond Encouragement to Stronger Policies:

  • Strengthening Existing Legislation: While several European countries have laws encouraging open source adoption (e.g., France's Loi pour une République numérique), these often lack the mandatory force of the SHARE IT Act's code-sharing provisions. Europe should consider strengthening existing legislation to establish clearer mandates and stronger incentives for public administrations to adopt open source and inner source practices. Since 2017, the CNLL has been advocating for a better enforcement of article 16 of the Loi pour une République Numérique. The European strategy could draw inspiration from the SHARE IT Act by:
    • Establishing "Open Source First" or "Inner Source First" Policies: Mandating that public administrations prioritize open source solutions in procurement and development, requiring strong justifications for choosing proprietary alternatives, except for duly justified cases.
    • Mandating Code Reuse: Implementing policies that require agencies to share and reuse code internally, similar to the SHARE IT Act, to reduce duplication and improve efficiency.
    • Enforcing Open Standards: Strengthening the implementation of the European Interoperability Framework (EIF) and enforcing the use of truly open standards (as defined in EIF v1.0) in public IT systems to prevent vendor lock-in and promote interoperability.
  • Developing a European "Digital Sovereignty Act": The EU could consider developing a comprehensive "Digital Sovereignty Act" that codifies the principles of digital sovereignty, promotes open source as a strategic asset, and establishes clear guidelines for public procurement, data governance, and technology choices.

2. Fostering a More Unified and Cohesive Ecosystem:

  • Strengthening European OSS Organizations: Europe needs to further strengthen organizations like APELL, OW2, and others that promote open source and digital sovereignty. This could involve increased funding, greater policy support, and a more prominent role in shaping the EU's digital agenda.
  • Creating a European Open Source Coordination Body: Establishing a central EU-level body dedicated to open source policy, coordination, and expertise could significantly enhance the effectiveness of open source initiatives across Member States. This body could play a similar role to the proposed US Federal CIO's role under the SHARE IT Act in providing guidance, setting standards, and monitoring progress.
  • Building a Network of OSPOs: Europe should accelerate the establishment of Open Source Program Offices (OSPOs) within public administrations across all Member States. A coordinated network of OSPOs, supported by the proposed European Open Source Coordination Body, could facilitate knowledge sharing, collaboration, and the development of common standards and best practices.

3. Addressing the Skills Gap and Promoting OSS Education:

  • Targeted Training Programs: Europe needs to significantly scale up its efforts in open source education and training. This includes developing specialized training programs for public sector IT professionals, integrating open source principles and tools into university curricula, and developing and promoting recognized open source certifications.
  • Promoting "Inner Source" Training: Specific training programs on "inner source" methodologies and best practices should be developed and offered to public administrations to facilitate the adoption of collaborative development models within and across agencies.
  • Fostering a Culture of Contribution: Europe should actively encourage public sector developers to contribute to open source projects, recognizing this as a valuable form of professional development and a contribution to the broader digital ecosystem. The French DINUM's "BlueHats" initiative provides a good model for fostering such a culture.

4. Enhancing Funding and Investment:

  • Creating a European Sovereign Tech Fund: Establishing a dedicated European fund to support the development and maintenance of critical open source infrastructure and projects is essential. This fund should prioritize projects that contribute to digital sovereignty and address key technological challenges.
  • Targeting Funding for SMEs and Startups: Europe needs to ensure that funding mechanisms are accessible to smaller open source companies, which are often at the forefront of innovation. This could involve dedicated funding programs for SMEs (including "cascade funding" schemes à la NGI), simplified application procedures, and support for participation in public procurement (including a "Small Business Act").

5. Strengthening International Collaboration:

  • Sharing Best Practices: Europe should actively share its experiences and best practices in open source adoption with other countries, promoting a global movement towards open and transparent digital government.
  • Building Alliances: The EU should build alliances with like-minded countries to promote open source, open standards, and interoperability on the global stage, countering the dominance of proprietary models and advocating for a more democratic and inclusive digital future.
  • Engaging in International Forums: Europe should take a leading role in international organizations and forums, such as the OECD and the UN, to advocate for policies that support open source and digital sovereignty.

Conclusion and call to action

The SHARE IT Act, while focused on the US context, offers a valuable lesson for Europe and the world: mandating code sharing and reuse within the public sector can unlock significant benefits. It's a testament to the power of openness, collaboration, and transparency – values that are at the heart of both Inner Source and open source. However, the Act's potential limitations, particularly under a potentially less cooperative US administration, underscore the urgent need for Europe to champion its own vision of a value-driven digital future.

Europe's commitment to digital sovereignty, public service, and citizen empowerment demands a proactive and strategic embrace of open source principles, to transform how public administrations operate, embracing a culture of openness, collaboration, sharing, and reuse. It requires moving beyond mere encouragement to establishing clear mandates and robust policies that prioritize interoperability, security, and user-centricity in all digital initiatives.

This transformation must be guided by the core values outlined in the European Commission's Open Source Software Strategy: thinking open, transforming through shared innovation, ensuring security, and staying in control by promoting open standards. These principles, coupled with a commitment to transparency, accountability, inclusivity, and sustainability, should form the bedrock of a new European "Digital Deal" – one that empowers citizens, strengthens the European open source ecosystem, and positions Europe as a global leader in the development and deployment of ethical, citizen-centric digital public services.

Back to Blog