EU’s Sovereign Tech Fund: Securing Open‑Source Sustainability and Why It Matters

The European Union is gearing up to strengthen its digital infrastructure by investing in the open-source software (OSS) that underpins it. A recent proposal calls for an EU-wide “Sovereign Tech Fund,” a public fund dedicated to open-source software's long-term sustainability and security​. The idea, championed by open-source advocates like OpenForum Europe, is modeled on Germany’s successful Sovereign Tech Fund (recently elevated to a full agency). Instead of funding only shiny new tech, this fund would direct resources toward maintaining and securing the open-source projects we already rely on.

What are the fund’s goals? In a nutshell, it aims to fill critical funding gaps in the OSS ecosystem​. Today, small teams or volunteers run many essential open-source tools and struggle to get the resources needed for upkeep. The EU’s proposed fund would ensure that:

• Key OSS projects are proactively secured – finding and fixing vulnerabilities before they turn into disasters​. (Think of preventing the next Heartbleed or Log4Shell before it happens.)
  
  
• Widely used software components receive long-term support – so that software millions depend on doesn’t suddenly become a security risk when maintainers move on.
  
  
• Europe gains digital sovereignty – by investing in its own open tech stack, the EU can reduce reliance on foreign tech and have more control over critical digital infrastructure​.
  
  

This proposal comes at a time when EU policymakers are laser-focused on “digital sovereignty.” The new European Commission and Parliament have signaled that Europe needs independent, trusted tech solutions​. Open-source software – transparent and collaborative by nature – is seen as a strategic asset in this vision​. In fact, Germany’s Sovereign Tech Fund has argued that “no digital sovereignty can exist without a robust open source ecosystem.”​ By funding OSS maintenance, Europe not only shores up security but also boosts its competitiveness and autonomy in the digital realm.

Why This Matters for the Global Open-Source Ecosystem

Open Source Is a Global Commons

Open source knows no borders. Improvements made to an open-source project anywhere in the world benefit everyone:

• The EU’s Sovereign Tech Fund could elevate global OSS standards.
  
  
• Security fixes to foundational projects like Node.js or Linux don’t just help Europe—they help the entire world.
  
  
• This initiative could act as a rising tide, lifting the security and stability of the global software ecosystem.
  
  

The Scale: Open Source Is Everywhere

Open source isn’t niche—it’s the backbone of modern software:

• An estimated 70–90% of any given software codebase is made up of open-source components.
  
  
• One analysis found that 96% of applications contain at least one open-source element.
  
  
• Critical systems in finance, healthcare, and even aerospace rely on OSS.
  Case in point: the International Space Station uses open-source software.
  
  

The Risk: Underinvestment Is a Time Bomb

The world learned the hard way in late 2021 with the Log4Shell vulnerability in Apache Log4j:

• A trivial bug in a volunteer-maintained project exposed millions of systems overnight.
  
  
• The incident proved that relying on crisis-response models is not sustainable.
  
  
• Open source needs proactive investment—not just emergency triage.
  
  

The Solution: Proactive Public Investment

The EU’s Sovereign Tech Fund takes a forward-looking approach:

• It funds maintenance and security audits before things break.
  
  
• It treats open source like a public utility—deserving of government funding and infrastructure-grade support.
  
  
• Germany’s STF (Sovereign Tech Fund) led the way in 2022, investing €875,000 into the OpenJS Foundation in 2023. That was the largest one-time government investment in a Linux Foundation project to date.
  
  

The Precedent: A Global Shift

This isn’t just a European win—it’s a global signal:

• The German STF investment helped improve JavaScript frameworks and guided the responsible sunsetting of older OSS projects.
  
  
• These upgrades benefit developers around the world, not just in Germany.
  
  
• As more governments follow suit, the global OSS ecosystem becomes more secure, sustainable, and resilient.
  
  

When governments treat open source like critical infrastructure, everyone benefits. The EU's leadership could trigger a global shift—where OSS is no longer just a free resource, but a shared responsibility.

‍

HeroDevs’ Mission: Sustaining Legacy Open Source Software

This focus on long-term OSS support strikes a familiar chord for us at HeroDevs. HeroDevs is a company whose mission is to support and extend the life of deprecated open-source software. In other words, we live and breathe exactly the challenge the EU fund is tackling: keeping critical software alive and secure after official support has ended.

Why is this mission so important? Take a look at some of the widely used OSS projects that recently hit end-of-life:

• AngularJS – Google’s pioneering web framework, used by countless applications, officially stopped receiving updates in January 2022​. Yet AngularJS is still in wide use today​, since migrating an entire codebase to its successor (Angular) is a massive undertaking. Without continued updates, those apps risk security vulnerabilities or incompatibility with modern browsers.
  
  
• Node.js 18 – A popular Long-Term Support runtime for server-side JavaScript, reached its end-of-life in April 2025​. Many enterprise systems were built on Node 12 and cannot upgrade overnight, meaning they would miss out on security patches.
  
  
• Vue 2 – A hugely popular front-end framework, released in 2016, which hit end-of-life in December 2023​. When Evan You announced they would focus on Vue 3 going forward, leaving Vue 2 users without future fixes, we partnered up and started providing NES.
  
  
• Bootstrap 3 – A CSS framework that powered a generation of websites, officially ended support in 2019 (Bootstrap 4 followed in early 2023)​. There are still tons of sites running on these older versions of Bootstrap​, even as Bootstrap 5 gains popularity.
  
  

Each of the above projects has something in common: they didn’t suddenly become irrelevant when official support ended. On the contrary, they continue to run vital systems across industries. Yet, without someone stepping in, those systems would be stuck with unpatched bugs and security holes. This is the “open-source support gap” – a gap HeroDevs was created to fill.

HeroDevs provides what we call “Never-Ending Support” for such projects. Practically, that means our engineers partner with the original open-source authors or contributors to continue releasing updates, patches, and compatibility fixes for end-of-life versions​. 

For example, our team has forked AngularJS and is providing extended long-term support for it, with plans to keep it secure at least until 2026​. We’ve done the same for Node.js 12 and 14, Vue 2, Bootstrap 3 and 4, and many more. The goal is to keep these legacy frameworks running smoothly, securely, and in compliance long after their official end-of-life, giving companies the breathing room to migrate on their own schedule instead of in panic mode.
‍

The Bigger Picture: A New Era of OSS Support

If governments begin systematically funding long-term OSS support, we could be entering a new era for open source. The implications are far-reaching:

• Greater Security and Resilience: Constant funding means critical software will be audited and updated regularly, making everyone’s systems safer. We could avoid the scramble of emergency patches because issues would be caught earlier. Over time, a well-maintained OSS ecosystem raises the security baseline of the entire digital world – a win for businesses, governments, and users alike.
  
  
• Sustainability as the Norm: Maintainers of open-source projects might no longer have to choose between burnout and abandoning their work. With funding, maintaining an open-source library could become a viable long-term career, not just a volunteer effort. This helps retain talent in the community and preserves institutional knowledge within projects.
  
  
• Public Good, Public Support: When open source is treated as a public good, it changes the narrative from “free software we take for granted” to “shared infrastructure we all must care for.” We invest in roads and bridges to keep society running; investing in software infrastructure is a logical next step. This could lead to more public-private collaborations, where companies, nonprofits, and governments pool efforts to support the software that everyone uses but no single entity owns.
  
  
• Less Tech Fragmentation: In the long run, strategic funding can ensure important projects don’t fork unnecessarily or die off. A project with stable support is less likely to splinter or be replaced purely due to lack of maintenance. This means developers and companies can rely on technologies with confidence that they’ll be supported for the long haul (either by a vendor, community, or public fund). It could also encourage better planning for deprecation and migration. For example, with funding, an old framework can have a well-communicated sunset plan with extended support (just as OpenJS is now creating “responsible sunset” protocols), rather than simply being abandoned.
  
  

Conclusion

The EU’s proposed Sovereign Tech Fund represents a significant shift in how governments think about technology. It acknowledges that open-source software is the backbone of our digital world, and that backbone needs care and investment to stay strong. For the global open-source ecosystem, this could mean more secure software, empowered maintainers, and a recognition that collaboration and funding must go hand in hand.

For HeroDevs, the initiative is a validation of the work we’ve been doing all along: supporting legacy open-source projects to keep the wheels of commerce and innovation turning. Our mission aligns with the fund’s goals, and we’re excited about the possibilities of collaborating across public and private sectors to ensure that no critical software is left behind. The bottom line is clear – whether through government programs like the Sovereign Tech Fund or private efforts like HeroDevs’ Never-Ending Support, investing in open-source sustainability is an investment in everyone’s future.
‍

References

Cailean, O. (2023, May 10). Sovereign Tech Fund invests EUR 875,000 in the OpenJS Foundation to improve open source infrastructure and security. Linux Foundation Europe. https://linuxfoundation.eu

De Simone, S. (2022, January 19). AngularJS officially reached end of life. InfoQ. https://www.infoq.com

Gates, N. (2025, April 23). Investing in open source sustainability and security: OFE’s proposal for an EU Sovereign Tech Fund. OpenForum Europe. https://openforumeurope.org

Vue.js Core Team. (2023, December 31). Vue 2 has reached end of life. Vue.js Official Blog. https://v2.vuejs.org

Whiting, J. (2023, May 5). End of life status: Bootstrap 4. getbootstrap.com. https://getbootstrap.com

‍