Adriana Groh: ‘The internet works thanks to a shared infrastructure that nobody owns, but that we must take care of’

All programmers, from hobbyists to those working at Microsoft or Google, use open-source software, which is present in between 70% and 90% of the computer applications we use today. No one starts a project from scratch; instead, they turn to libraries like GitHub or GitLab to download packages of code already written, reviewed, and improved by the community.

“Developers spend an average of two-thirds of their time adapting open-source software to their needs, and they build their application on top of that. That’s why if there is a security flaw in that code, everyone, from Apple or Meta to the German or Spanish government, has a problem,” explains Adriana Groh.

Groh, 35, is the director general of the German government’s Sovereign Tech Agency, a pioneering institution in Europe dedicated to maintaining the common digital infrastructure. In her view, the path to European technological sovereignty, which has gained momentum since Donald Trump’s return to the White House, hinges on ensuring a solid foundation for open-source software. She spoke with EL PAÍS in Madrid, where she participated in the Digital Resilience Forum, after taking part the day before at the 4D Conference in Barcelona organized by Xnet and Accent Obert.

Question. What do you do at the Sovereign Tech Agency?

Answer. We started three years ago with a fund, which was really successful. Now we’re working on a standards program, and in the future we’ll probably also launch programs to attract new talent. Our structure is quite unique: we’re a limited liability company owned by the German government, so we operate independently, but we do engage in public procurement. We also have an international focus: we try to provide a kind of blueprint to other governments to inspire them to take on the same mission as the German government.

Q. What is that mission?

A. In the 21st century, every government should understand that ensuring software sovereignty and security is part of its job, not only for themselves but also for businesses, society, and researchers. In the 21st century, software is the invisible infrastructure of our everyday life, like roads and bridges. Everything runs on software, and a significant portion of this is made possible by open source, which is maintained by people selflessly. If this open source breaks down, it’s as if a road or bridge collapses: everything else becomes much more complicated and dangerous.

Q. What type of projects have you promoted from the agency?

A. We’re still relatively small, although our budget has grown from about €10 million to about €20 million. With that money, we want to focus on where we have the most impact: we look at the software that developers need to develop new software. Most people have never heard of curl or pi [Python], or the other 60 technologies we work with. But if this software goes down, suddenly the payment systems stop working. If we see the shared digital infrastructure as a large building block structure, we need to invest in the foundation blocks so we can keep growing upwards. Otherwise, it’s like building castles on sand. Our mission is to look at that foundation of building blocks.

Q. So you focus on software, not hardware.

A. Exactly. We believe it’s best to do one thing very well. And, if you succeed at that, you can move on to the next. Of course, software alone isn’t enough. If we want to be more sovereign in Europe, we need to identify the problems and then design new, effective instruments for each one and ensure they are coordinated and aligned so that we have a real impact. You really need to understand how software developers work and how the open-source ecosystem works.

Q. Are there other countries doing something similar to what you’re doing?

A. We face a classic commons problem: everyone relies on open-source software as a foundation for building their own developments, but no one feels responsible for it. Why should I invest in open-source software if my competitor is also using it and not paying for it? That’s the problem we want to tackle. So we’re also getting a lot of interest from industry. If we can get them to collaborate, I think that will make us very strong. It’s a good time to push this message because everyone wants digital sovereignty. It’s not enough to replace one or two products; we need to think about the entire process: software, hardware, data, and who owns the means of production.

Q. To what extent is it possible to pursue European digital sovereignty without addressing the hardware aspect?

A. That aspect also needs to be addressed. But we have to start somewhere. We need strategic independence at different layers. I don’t think that means you have to do everything yourself, but you need to know where you’re strongest. We need data centers, we need computing power, we need chips.

Q. Should this process be addressed by the public sector?

A. We need a triangle to create a sustainable and secure ecosystem. On one side are the volunteers who have been working on open-source software forever. These are people who, when their day job is done, sit down at their laptops back home and maintain the software that the rest of the world uses. They do it because they truly believe in open source. We don’t want this to stop, but we do want to take some of the pressure off them. On the other side are the companies that rely on open source and use it in their daily operations. They need an open-source strategy and to consider how they can give back. On the third side, we believe the government should also be involved.

Q. Do you think there is enough awareness about the need to contribute to the maintenance of open-source software? Or is more education needed?

A. The internet works thanks to a shared infrastructure that nobody owns, but that we must take care of. Developers at Google, Microsoft, or Meta use Python as much as, or even more than, their colleagues at a small startup in Barcelona or Berlin. This kind of open-source software is a shared global resource; there’s no business incentive to own it because that would mean having to maintain it. That’s the challenge: everyone needs it, but nobody feels responsible for it. Besides the infrastructure, there are also open-source products, although that’s a different challenge that we don’t address. In any case, open-source products are becoming increasingly attractive. When WhatsApp was acquired by Meta, many of my friends switched to Signal, which is open source, because they weren’t comfortable with WhatsApp’s data protection policy. I think that citizens will increasingly make decisions like this: if two services are very similar, we prefer the more secure one.

Q. What does open source contribute to the debate on reducing the carbon footprint of technology?

A. Open-source software is reusable and can be adapted to each project. This prevents people from doing the same work multiple times. That’s why it’s so appealing to the industry: if you can save resources by using open-source software, why develop it from scratch, especially knowing that open source is already the best out there?

Q. Do you think the EU needs to regulate the use of open-source software in some way?

A. The answer varies for each side of the triangle I mentioned earlier. If you look at civil society, everyone chooses whether they want to use WhatsApp, Signal, or another app. However, companies should understand that using a free, shared resource without contributing back is not how it works. As for the government, instead of buying licenses for proprietary software, it should spend public money on open-source code, which is free for businesses and individuals to use. It’s more transparent, more secure because it’s reviewed and improved by the entire community, and reusable.

Sign up for our weekly newsletter to get more English-language news coverage from EL PAÍS USA Edition