Your Expert for Questions
Marcel Scholze
Director Open Source Software Services & IT Sourcing, PwC Germany
Tel.: +49 151 16157049
E-Mail
Open Source for Digital Sovereignty and Regulation
In times of geopolitical tensions, uncertain supply chains, and increasing cyber risks, digital sovereignty for the state has become a strategic objective. Whether—and to what extent—companies should pursue this objective is a key question of business strategy. Open Source Software (OSS)—software whose source code is freely and openly accessible—plays a central role: it reduces dependencies, creates transparency, and provides the foundation for technological self-reliance. This view is widely shared among respondents, and groups such as the Sovereign Tech Agency support these efforts.
The trend goes hand in hand with overall growth in OSS adoption. While 69% of German companies were using OSS in 2023, the figure has risen to 73% in 2025. OSS also remains firmly anchored in public administration: 63% of surveyed organizations actively rely on OSS, and among federal administrations the figure is as high as 86%.
These findings come from the fourth edition of the Open Source Monitor, published by the digital association Bitkom together with PwC Germany and other partners.
Study Highlights
Attitudes toward OSS are predominantly positive, though not entirely free of reservations. 61% of companies are positively disposed toward OSS, while 18% are somewhat or strongly opposed. The biggest advantages cited include cost savings (26%), access to source code (19%), and strengthening digital sovereignty (8%). From the perspective of public administration, the ability to adapt software to their own needs (11%) is one of OSS’s main benefits. The greatest drawbacks—particularly in connection with digital sovereignty—are a shortage of skilled professionals, cited by 20% in the private sector and even 33% in public administration. Additional concerns include unclear warranties (15%) and legal uncertainties around licensing (13%).
OSS as a Vehicle for Digital Sovereignty
To fully realize the potential of OSS, a clear strategic foundation is required. However, only 37% of companies report having a formal OSS strategy. Although this share has risen by 12 percentage points in the private sector over the past four years, a clear strategic alignment remains necessary. In large organizations, about three out of five have defined an OSS strategy. In industries facing strong regulatory pressures—such as banking and insurance—strategic OSS planning is lacking: only 49% have an OSS strategy.
Public administration, by contrast, has seen growth in OSS strategies, though not as strong as in industry: 30% of authorities had a strategy in 2021, rising to 37% in 2025. However, this statistic masks uneven distribution across authorities: more than 70% of federal administrations have a strategy, state administrations are roughly average, and municipal administrations lag significantly behind. This strategic orientation within federal administrations is also evident in the establishment of Open Source Program Offices (OSPOs), which consolidate expertise and help connect strategic and regulatory requirements. The private sector as well as state and municipal administrations also lag the federal level in implementing OSPOs. 67% of federal administrations report having implemented an OSPO—a clear signal of strengthening digital sovereignty.
Regulation as a Driver of Open Source Software
- Limited budgets for compliance
- More personnel for OSS management
Limited budgets for compliance
Alongside rising adoption, OSS is increasingly subject to regulation within the EU. The EU Cyber Resilience Act (CRA), the EU Digital Operational Resilience Act (DORA), the EU Critical Entities Resilience (CER), and the EU Product Liability Directive (PLD) are markedly changing the framework conditions—not only in the EU, but globally. In the United States, for example, the delivery of SBOMs has already been made mandatory in certain areas.
The survey shows that regulations are decisive for the implementation of compliance processes, with CRA and CER leading the way. Nearly 60% of companies stated that CRA is decisive for their own compliance, particularly in the financial and logistics sectors. These figures are likely to rise further. In the ICT and automotive industries, more than 70% expect an increase in OSS adoption due to CRA; in the financial sector, the figure is 61%. Regulation is thus becoming a driver not only of compliance, but also of OSS expansion itself.
Nevertheless, implementation is sluggish. 36% of companies have an OSS policy, and 44% have a formal compliance process. Here, too, there is considerable variance: roughly two-thirds of larger firms have established OSS policies and processes. Standards such as ISO 5230 (37%), ISO 18974 (32%), and SBOMs (32%) are so far only sporadically in place. Those who fail to catch up risk not only insufficient regulatory safeguards but also competitive disadvantages and restricted market access.
All the more problematic is the fact that a quarter of companies have no dedicated budget for OSS compliance, and only 20% plan to allocate more budget.
More personnel for OSS management
However, the decline in the private sector is not uniform. In 2025, companies employ an average of 1.9 full-time equivalents (FTEs) for open source management—an increase over 2021 (1.5 FTEs). The number of FTEs dedicated to OSS management is significantly higher at larger companies with 2,000 or more employees—here, an average of 11.6 FTEs are assigned to OSS management, whereas smaller firms have only one to two people. The figure of 11.6 FTEs for OSS management is high not only compared to smaller firms (1.3 FTEs), but also relative to firms with more than 2,000 employees in 2023, when they employed an average of 6.7 FTEs. Across industries, particularly strong growth was observed among banks and insurers as well as in the ICT sector, which may be attributable to the EU DORA regulation.
By contrast, if we look at participation in OSS projects—that is, for example, actively contributing to projects within the ecosystem—we see a slight decline in the private sector. In 2025, 47% of companies were actively involved in the OSS ecosystem, compared with 51% in 2023 and 55% in 2021.
PwC supports Organizations
PwC’s Open Source Software Management team provides comprehensive support to companies and public authorities on open source software and digital sovereignty—ranging from OSS strategy and enablement, the establishment of OSPOs, and compliance or security processes including tooling, through certification of OSS management under ISO 5230 and ISO 18974, all the way to managed services such as code scanning, SBOM creation, supplier compliance audits, and employee training.
Download now
Bitkom Open-Source-Monitor 2025
Interested?
Contact our experts
The Methodology
The Open Source Monitor – Study Report 2025 is the fourth open source software study for Germany. For the new edition of this representative study, the digital association Bitkom surveyed more than 1,150 companies with at least 20 employees and more than 100 public administration organizations. In addition to current developments, the study report provides insights into trends and changes relating to open source since the last representative study in 2019.
The companies and public authorities were asked about their attitudes and use of open source, the advantages and disadvantages of its use, and their involvement in and further development of OSS. In addition, the study participants were asked to evaluate compliance issues and international standards for open source license compliance (ISO 5230), open source security, and SBOM implementation.
Follow us
Contact us
Director Open Source, Digitale Souveränität, IT-Sourcing, PwC Germany
Tel: +49 151 16157049
