Open Source and Procurement Strategy

P0 - Agenda

  • 🤗 P1 - Hi, I’m Boris!
  • ⚡️ P2 - RTE in a nutshell
  • 🌍 P3 - Worldwide perspectives
  • 🇪🇺 P4 - European considerations
  • 🎯 P5 - How to benefit from Europe dynamics
  • 🧠 P6 - Procurement strategy
  • 🤔 P7 - Q&A

::: box This slide deck has been made with help of :

  • Plain text files (MarkDown)
  • Prezo TUI (Abilian)
  • AI - Le Chat (Mistral) :::

P1 - Boris DOLLEY, OSPO Lead at RTE

::: center Professional Journey :::

::: columns
::: column

1997 – 2003

Software Developer on Linux (x86)

  • ASM / C / C++
  • SQL
  • GTK
  • CVS

2004 – 2012

IT Project Manager

  • Control & Command
  • EAI (Solaris 10)
  • Mobility Architecture

:::

::: column

2013 – 2017

Procurement Manager

  • Team Manager
    • 20 buyers
    • 350 M€/year

2018 – 2022

Manager of Developers (up to 36)

  • Power System Solutions
  • Open Source Project Leader (OpFab)
  • TSC and TAC Member at LF Energy

:::

::: column

Current Role (2023 – Present)

  • R&D Direction Team member
  • OSPO Lead at RTE
  • LF Energy TAC Member
  • Software Heritage Ambassador (onboarding)

Focus Areas

  • Open Source Strategy
  • Community Engagement
  • Digital Sovereignty
  • Sustainable IT (quitting)

Contact

  • LinkedIn PMs

::: :::

P2 - RTE (1/2)

RTE stands for Réseau de Transport d’Électricité

  • The French Transmission System Operator (a natural monopoly)
  • Europe’s largest electricity transmission network operator
  • Manages high (63kV) and extra-high (400kV) voltage grid in mainland France
  • https://rte-france.com

Our Mission

RTE guarantees the supply of electricity across France

  • Operate and develop the transmission grid
    • Ensure security and quality of supply for all territories
  • Optimize the Grid
    • Accelerate energy transition: renewables, decarbonation, new uses (EV, hydrogen)
  • Enlight public and politics
    • Energy Pathways 2050

Our Clients and stakeholders

Connected to our network:

  • Generators: 500+ sites (nuclear, hydro, wind, solar)
  • Industrials: ~600 direct connections
  • Distributors: 25+ (Enedis 95%, ELD)
  • Traders, balance responsible parties
  • Other TSOs through Tie lines

P2 - RTE (2/2)

Key Figures

Latest annual results highlight our scale: 2025

Indicator2025 ValueChange
Consumption (corrected)451 TWhStable (+0.4% vs 2024)
Production547.5 TWh+1.5% vs 2024
Decarbonized electricity>95%Record level
Net exports92.3 TWhRecord (+3.3 TWh vs 2024)
Revenue€6.658 Bn+20% vs 2024
Investments€3.346 Bn+29% vs 2024
Net result€554 Mx3 vs 2024 (€171 M)
Network106,440 kmStable
Employees10,781+540 apprentices

Open Source Strategy

RTE embraces open source for energy transition.

P3 - Worldwide perspectives (1/3): Sustainable Development Goals (SDGs)

Definition:

The 17 SDGs are a universal call to action to end poverty, protect the planet, and ensure peace and prosperity for all by 2030.

Key SDGs for Open Source:

  • SDG 9 (Industry, Innovation, and Infrastructure): Open source fosters innovation and accessible technology.
  • SDG 17 (Partnerships for the Goals): Collaboration through open source communities accelerates global progress.

Impact:

  • Open source software enables affordable, scalable solutions for education, healthcare, and climate action.
  • Promotes transparency, inclusivity, and shared knowledge.

::: box 🫵 European regulations and procurement rules are primed to embrace the SDGs, accelerating sustainable development across the continent. :::

P3 - Worldwide perspectives (2/3): UN Open Source Software Principles

Definition:

A set of 8 principles endorsed by the UN to guide the use and development of open source software in public sector digital transformation.

Core Principles:

  1. Open by Default: Software should be open source unless there is a compelling reason not to.
  2. Transparency: Code and processes must be visible and auditable.
  3. Collaboration: Encourage shared development and reuse across organizations.
  4. Inclusivity: Ensure accessibility and participation for all, regardless of resources.
  5. Sustainability: Support long-term maintenance and community engagement.
  6. Security: Prioritize secure development practices and audits.
  7. Interoperability: Design systems to work seamlessly with others.
  8. Public Good: Align with the public interest and global development goals.

Adoption:

  • Endorsed by organizations like RTE and Eclipse + OSPO Alliance to align open source strategies with UN values.
  • See https://opensource.un.org

::: box 🫵 What if your instution endorsed it! :::

P3 - Worldwide perspectives (3/3): Digital Public Goods (DPGs)

Definition:

Digital Public Goods are open-source software, open data, open AI models, open standards, and open content that adhere to privacy and other applicable laws, and do no harm.

Criteria:

  • Open License: Permissive licensing (e.g., MIT, Apache 2.0).
  • Clear Ownership: Documented and legally sound.
  • Platform Independence: Works across diverse environments.
  • Documentation: Comprehensive and accessible.
  • Data Privacy: Compliant with GDPR and other regulations.

Examples:

Role in Society:

  • Reduce digital divides by providing free, high-quality tools.
  • Support government digital transformation and public services.
  • Foster innovation in low-resource settings.

::: box 🫵 What if your OSS products were formally assessed? :::

P4 - European considerations (1/12)

::: box 0. Summary ::: European digital sovereignty relies on four interconnected pillars:

  • Regulation: Legal frameworks to ensure fairness, security, and autonomy.
  • Industrial Policy: Strategic investments in critical technologies.
  • Funding: Financial support for innovation and infrastructure.
  • Standards: Harmonized technical and operational norms.

Overarching Objectives:

  • Strengthen technological autonomy (reduce dependency on non-EU actors).
  • Ensure control over data and infrastructure (e.g., cloud, semiconductors).
  • Promote European values (privacy, transparency, inclusivity).
  • Foster European Digital Champions (scale-ups, SMEs, and industrial leaders).

P4 - European considerations (2/12)

::: box

  1. Regulatory Frameworks :::

1.1 Data Governance Act (DGA)

  • Adopted: November 2020, Applicable from: September 2023.
  • Scope:
    • Creates trustworthy data ecosystems (e.g., data spaces for health, energy, manufacturing).
    • Introduces data intermediaries as neutral third parties to facilitate data sharing.
    • Establishes data altruism mechanisms (voluntary data sharing for public good).
  • Key Provisions:
    • Data sharing obligations for public sector bodies (with exceptions for sensitive data).
    • Interoperability requirements for data services.
    • Portability rights for users switching between data processing services.

1.2 Data Act

  • Proposed: February 2022, Expected adoption: 2024.
  • Scope:
    • Grants users (citizens and businesses) rights to access and reuse machine-generated data (e.g., IoT, industrial equipment).
    • Obligations for manufacturers to design devices to allow data access (e.g., via APIs).
    • Fair data value distribution: Prevents contractual imbalances in data access.
  • Complementarity with DGA:
    • DGA focuses on data sharing ecosystems; Data Act focuses on rights to access data.

P4 - European considerations (3/12)

::: box

  1. Regulatory Frameworks :::

1.3 AI Act

  • Proposed: April 2021, Expected adoption: 2024.
  • Scope:
    • Risk-based approach:
      • Unacceptable risk: Banned (e.g., social scoring, predictive policing).
      • High risk: Strict obligations (e.g., AI in critical infrastructure, healthcare).
      • Limited risk: Transparency requirements (e.g., chatbots, deepfakes).
      • Minimal risk: No legal obligations (e.g., spam filters).
    • Obligations for providers:
      • Risk assessments, data governance, human oversight.
    • Sandboxes for SMEs to test AI systems.

1.4 Digital Services Act (DSA)

  • Adopted: October 2022, Applicable from: November 2024 (for most provisions).
  • Scope:
    • Online intermediaries (e.g., social networks, marketplaces, search engines).
    • Obligations:
      • Transparency in algorithms and content moderation.
      • Accountability for illegal content (e.g., hate speech, counterfeit goods).
      • User empowerment (e.g., right to contest platform decisions).
    • Very Large Online Platforms (VLOPs): Stricter rules for platforms with >45M users in the EU.

P4 - European considerations (4/12)

::: box

  1. Regulatory Frameworks :::

1.5 Digital Markets Act (DMA)

  • Adopted: July 2022, Applicable from: May 2023.
  • Scope:
    • Targets gatekeepers (platforms with significant market power, e.g., Google, Apple, Meta).
    • Obligations:
      • Interoperability (e.g., messaging services must interoperate with competitors).
      • Fair access to app stores and data.
      • Prohibition of self-preferencing (e.g., favoring own services in search results).
    • Enforcement: Fines up to 10% of global turnover for non-compliance.

1.6 NIS2 Directive (Network and Information Security)

  • Adopted: January 2023, Transposition deadline: October 2024.
  • Scope:
    • Expands cybersecurity obligations to more sectors (e.g., energy, transport, healthcare, digital infrastructure).
    • Key provisions:
      • Incident reporting within 24 hours (initial notification) and 72 hours (detailed report).
      • Risk management measures (e.g., encryption, multi-factor authentication).
      • Supervision by national authorities with sanction powers.

P4 - European considerations (5/12)

::: box

  1. Regulatory Frameworks :::

1.7 eIDAS Regulation (Electronic Identification, Authentication and Trust Services)

  • Original eIDAS: Adopted 2014, Revised (eIDAS 2.0): Proposed June 2021, Expected adoption: 2024-2025.
  • Scope:
    • European Digital Identity:
      • Universal digital wallet for all EU citizens and residents.
      • Cross-border authentication (e.g., for public services, banking, healthcare).
      • Qualified electronic signatures (legally binding).
    • New features in eIDAS 2.0:
      • Self-sovereign identity: Users control their identity attributes (e.g., age, qualifications).
      • Attestation of attributes (e.g., university degrees, professional licenses).
      • Legal framework for decentralized identifiers (DIDs).
    • Obligations for Member States:
      • Provide at least one digital identity wallet to citizens by [date, e.g., 2026].
      • Ensure interoperability with other Member States’ systems.

P4 - European considerations (6/12)

::: box 2. Industrial Policy :::

2.1 European Chips Act

  • Proposed: February 2022, Adopted: July 2023.
  • Objectives:
    • Double the EU’s global semiconductor market share to 20% by 2030.
    • €43 billion in public and private investments.
  • Key Measures:
    • Research and Innovation:
      • €11 billion for R&D (e.g., next-gen chips, quantum computing).
      • Chips Joint Undertaking (public-private partnership).
    • Manufacturing:
      • €32 billion to build new fabs (e.g., Intel in Germany, STMicroelectronics in Italy).
      • Support for SMEs in the semiconductor supply chain.
    • Resilience:
      • Monitoring of semiconductor supply chains.
      • Emergency measures in case of shortages.

2.2 European Cloud Initiative

  • Launched: 2016, Ongoing (e.g., European Data Spaces, GAIA-X).
  • Objectives:
    • Reduce dependency on non-EU cloud providers (e.g., AWS, Azure, Google Cloud).
    • Ensure data sovereignty (data stored and processed in the EU).
  • Key Projects:
    • GAIA-X: Federated cloud infrastructure (€1.5 billion in funding).
    • European Data Spaces (e.g., for health, energy, manufacturing):
      • €2 billion allocated under Digital Europe Programme.
      • Common data models and interoperability standards.

P4 - European considerations (7/12)

::: box 2. Industrial Policy :::

2.3 Alliance for Industrial Data, Edge and Cloud

  • Launched: 2021.
  • Objectives:
    • Accelerate adoption of edge and cloud computing in industry.
    • Foster collaboration between industry, SMEs, and public sector.
  • Key Actions:
    • Testbeds for industrial data sharing.
    • Guidelines for data spaces and edge computing.

P4 - European considerations (8/12)

::: box 3. Funding :::

3.1 Digital Europe Programme (2021-2027)

  • Budget: €7.5 billion.
  • Focus Areas:
    • High-Performance Computing (HPC): €2.2 billion (e.g., EuroHPC supercomputers).
    • AI: €2.1 billion (e.g., AI testing facilities, SME support).
    • Cybersecurity: €1.6 billion (e.g., cybersecurity competency centers).
    • Digital Skills: €580 million (e.g., training for SMEs, public administration).
    • Deployment of Digital Capacities: €2.1 billion (e.g., cloud, data spaces).

3.2 Horizon Europe (2021-2027)

  • Budget: €95.5 billion (total), with €15 billion for Digital, Industry and Space.
  • Key Clusters:
    • Cluster 4 (Digital, Industry and Space):
      • €13.5 billion for digital technologies (e.g., AI, robotics, 6G).
      • €1.5 billion for European Innovation Council (EIC) (startups and scale-ups).
    • European Innovation Council (EIC) Fund:
      • €3.7 billion in equity investments for high-risk, high-potential innovations.

P4 - European considerations (9/12)

::: box 3. Funding :::

3.3 Recovery and Resilience Facility (RRF)

  • Budget: €723.8 billion (grants and loans), with 20% minimum for digital transition.
  • Digital Investments:
    • €127 billion allocated to digital projects (e.g., connectivity, digital public administration).
    • Examples:
      • Italy: €49.2 billion for digitalization (e.g., cloud, cybersecurity).
      • France: €30 billion for France 2030 (e.g., semiconductors, AI, quantum).
      • Germany: €25 billion for digital infrastructure and SME digitalization.

3.4 Connecting Europe Facility (CEF) Digital

  • Budget: €2 billion (2021-2027).
  • Focus:
    • 5G corridors for transport and logistics.
    • Digital public services (e.g., eHealth, eJustice).

P4 - European considerations (10/12)

::: box 4. Standards :::

4.1 European Standards for Digital Technologies

  • Role of CEN, CENELEC, ETSI:
    • Develop harmonized standards for emerging technologies (e.g., AI, IoT, 6G).
    • Ensure interoperability across borders and sectors.
  • Key Initiatives:
    • AI Standards: Alignment with AI Act (e.g., risk management, transparency).
    • Cloud Standards: Open standards for cloud services (e.g., GAIA-X compliance).
    • Data Standards: Common formats for data spaces (e.g., IDSA’s International Data Spaces Association).

4.2 European Cybersecurity Certification Scheme

  • Framework: Established under the Cybersecurity Act (2019).
  • Scope:
    • Certification schemes for ICT products, services, and processes.
    • Three assurance levels: Basic, Substantial, High.
  • Examples:
    • Cloud services: Certification for sovereign cloud providers.
    • IoT devices: Security requirements for connected devices.

P4 - European considerations (11/12)

::: box 5. Cross-Cutting Initiatives :::

5.1 EDIC Digital Europe (France)

Digital Commons EDIC - European Digital Infrastructure Consortium launched - 2025 by France, Germany, Netherlands, and Italy.

  • Mission: Build sovereign digital infrastructure (cloud, AI, cybersecurity, open source commons) with shared governance.

  • France leads: Paris headquarters + driving role in European digital commons.

  • No fixed public budget announced yet for Digital Commons EDIC.

  • Funding model:

  • Member States contributions (France, Germany, Netherlands, Italy + observers)

  • EU grants from Digital Europe Programme (€8.1B total 2021-2027)

  • National subsidies

  • Private partnerships for specific projects

  • Similar EDICs: €10-20M grants for 4-year pilots (50% co-funding).

5.2 European Data Spaces

  • Objective: Create sector-specific data spaces (e.g., health, energy, manufacturing).
  • Funding: €2 billion (Digital Europe Programme).
  • Key Data Spaces:
    • European Health Data Space (EHDS): Access to electronic health records across the EU.
    • Green Deal Data Space: Data for climate monitoring and sustainability.
    • Manufacturing Data Space: Data sharing for Industry 4.0.

P4 - European considerations (12/12)

::: box 6. Challenges and Next Steps :::

  • Challenges:
    • Fragmentation: Align national strategies with EU-wide objectives.
    • Competition: Balance open markets with strategic autonomy.
    • Skills gap: Upskill workforce for digital technologies.
  • Next Steps:
    • Monitor implementation of regulatory frameworks (e.g., Data Act, AI Act).
    • Scale up funding for critical technologies (e.g., semiconductors, quantum).
    • Strengthen public-private partnerships (e.g., IPCEI-CIS for microelectronics).
    • EU Public Procurement Reform: The European public procurement reform, launched in 2023 via the “Public Procurement Package”, modernizes 2014 directives. Key motivations:
    • Simplify complex procedures (40% of tenders too complicated)
    • Boost SME access (only 23% currently win contracts)
    • Accelerate green/digital transitions (mandatory sustainability criteria)
    • Fight corruption through transparency & digitalization €2 trillion annual market impact of public procurement! (<20% global procurement)

P5 - How to benefit from european dynamic (1/3)

PMPC

Procurement

  • Public Code, Public money is Good
    • Very good catch phrase
      • EC adopted it
        • From FSF EU :;)
    • It’s not enough
      • We need
        • More Digital Service Providers
          • Doing Upstream effort
            • On behalf of their clients (for SLA)
          • Not only integration in Downstream
        • Less OSS vendors
          • Selling a single OSS Product without a diversified Community
        • Coordination among us
          • Same industry vertical
          • Different verticals
        • A powerful catalogue (see https://interoperable-europe.ec.europa.eu/eu-oss-catalogue)
          • OSS Products
          • OSS Providers in front of products
          • An OSS-matrix
        • Coordination at public and private procurement (ex. tosit.fr)

P5 - How to benefit from european dynamic (2/3)

Matrix for “common pumbling”

Matrix

P5 - How to benefit from european dynamic (3/3)

Integral of the value (TOTEX)

Curves

P6 - Procurement strategy (1/3)

Are we emptying the ocean with a teaspoon

Public Procurement Scale

Total volume:
🇪🇺 €2T/year across Europe
🇫🇷 €240-260B/year in France
(10-15% of GDP)

Digital spend:
🇪🇺 €264B US (next 10 years)
🇫🇷 €40-50B France
(public + private procurement)

IT Investment Scale (25 years)

Hardware investments (Minerals, Manufacturing/Assembly, …):
Several trillions

Key Software investments (Cloud, Virtualization, Federation, Office, …):
Several hundreds of billions

::: box ❌ Hardware supply chain ✅ Software supply chain influence :::

P6 - Procurement strategy (2/3)

Decision tree

Tree

P6 - Procurement strategy (3/3)

Closing the loop

::: box 🫵 What if you go for a “Make Together” procurement strategy in you institution? :::

::: box 🫵 What if your institution go for a more sovereign ICT procurement strategy? :::

::: spacer ::: center 💥 Did you know you can specify a named open-source solution in public procurement? :::

::: box 🫵 What if we all capitalize thank to a “Make Together” procurement strategy? :::

::: box 🫵 What if you all draw this kind of matrix (Tosit.fr did it for general IT)? :::

P7 - Time for Q&A / Debate

::: center

🧐 🤔 🤗 :::