Have you ever sat down at your computer one evening to book a medical appointment through your region’s portal, or to pay your municipality’s waste tax? You enter your personal details, provide sensitive information about your health or assets, and click “submit”. But have you ever wondered where that data physically ends up? Who owns the servers where it’s stored? And above all, who wrote the code that manages such delicate information?
These questions are no longer mere speculations for industry insiders, but represent the core of a fundamental debate for our future. On January 29, 2026, the city of Brussels hosted the first edition of Drupal4Gov EU. This event, organized during the Open Source Week by the European Commission’s Drupal Community of Practice and the EUIBAs, proved to be a crucial moment for defining the guidelines for tomorrow’s public services.
During the conference, an unequivocal truth emerged. Digital sovereignty is not an abstract concept or a bureaucratic whim, but a practical and urgent necessity. European governments and institutions are addressing this challenge through the strategic adoption of open technologies. In this scenario of profound transformation, open source platforms like Drupal are at the forefront, offering the necessary tools to build a secure, transparent, and truly independent public infrastructure.
What is digital sovereignty and why does it concern all of us?
Digital sovereignty is the ability of a State or institution to exercise full control over its technological infrastructure, citizens’ data, and the software used. Without this autonomy, government bodies depend on external providers, losing decision-making power over essential public services.
To understand this concept, we can use a metaphor very close to everyday life: the difference between renting and owning a home. An institution that does not control its technology is exactly like a tenant. It can use the apartment, but it doesn’t have the keys to change the lock, it can’t decide to renovate the rooms, and, even worse, the landlord might decide to drastically increase the rent or evict them with little notice. Building services for citizens on closed, proprietary platforms effectively means handing over the keys to the public house to private entities.
To ensure true independence, control must be articulated on three fundamental levels:
- Control over data: This concerns the physical location where information is saved. Citizens’ health, tax, and personal data must reside on servers subject to European regulations, protected from interference or surveillance by third-party nations.
- Control over operations: This defines who physically manages the systems day-to-day. Administrations must be guaranteed that critical infrastructures are not interrupted or altered by corporate decisions made on the other side of the world.
- Control over technology: This concerns who writes, inspects, and modifies the source code. Only by having access to the internal mechanisms of the software is it possible to verify the absence of hidden vulnerabilities and adapt the tools to the real needs of the community.
The impact of all this on citizens is direct and tangible. Privacy protection cannot exist without mathematical certainty of how data is processed. National security requires government systems to withstand technological blackmail or cyberattacks. Finally, the continuity of essential public services must be guaranteed at all times, ensuring that a hospital, a court, or a municipality can always operate without depending on the commercial fate of a single software provider.
How does open source ensure the digital sovereignty of Public Administration?
Open source ensures the digital sovereignty of Public Administration by eliminating vendor lock-in, which is the forced dependence on a single technological provider. By adopting open code, governments retain the freedom to inspect, modify, and transfer their systems without being subject to commercial constraints or external technical limitations.
The concept of vendor lock-in is one of the most serious risks for a public body. When an administration purchases closed software, whose internal mechanisms are secret, it becomes inextricably linked to the company that produces it. If that company decides to double license prices, discontinue technical support, or change product features, the entity has no alternatives. Migrating to a new system would cost too much time and money, forcing the government to accept unfavorable conditions paid with taxpayers’ money. Open code breaks this chain, restoring total freedom of choice and maneuver to institutions.
During the event in Brussels, an extremely effective analogy was used to explain this dynamic: the aqueduct analogy. A government has an absolute duty to ensure that the drinking water reaching citizens’ homes is safe, clean, and free of pathogens. To do this, it cannot merely trust the word of a private supplier; it must be able to inspect the pipes, analyze the sources, and check the filters.
The exact same principle applies to technology. A government must independently know and verify the software on which citizen services are based. If the code is secret, inspection is impossible. And it’s also a matter of responsibility: a government is also responsible for knowing which open source software projects are safe and reliable to use. And the only real way to do that is to be directly involved in how these projects are created and maintained.
This requires a profound cultural and financial paradigm shift on the part of institutions, similar to the accelerated digital transformation during the pandemic. It is no longer enough to purchase licenses as one buys stationery. As a company strongly committed to the development and promotion of the open source ecosystem, we are well aware of this dynamic.
As our CTO Paolo Mainardi precisely highlighted during the reflections arising from the conference: “Open Source is a public good that must be supported and funded in a new, modern way: like public infrastructure”. Free software must be treated, funded, and maintained exactly as highways, bridges, or, indeed, public aqueducts are.
Drupal4GovEU: Digital sovereignty lessons from the heart of Europe
The first edition of Drupal4GovEU demonstrated that to achieve true digital sovereignty, European institutions must stop being mere consumers of software and become active contributors. Participating in the open source ecosystem is the only way to ensure the security and continuous evolution of public services.
Our direct observations from the conference confirm an unequivocal trend. Administrations that merely download and use open code gain only a partial benefit. To truly govern technology, it is necessary to sit at the decision-making tables of communities, propose changes, and invest resources in shared development. For those who wish to delve deeper into the individual presentations, the official event playlist on YouTube is available, a valuable resource for understanding the direction of European public innovation.
The active role of governments and local artificial intelligence
The shift from passive users to active creators was the focus of Sachiko Muto’s keynote, titled “Unlocking Public Sector Contributions to Open Source”. Her speech clarified how governments must structure themselves to be effectively involved in open source projects.
Being directly involved, funding development, and allowing their internal developers to write code for open projects is the only way to fully understand how these high-public-interest projects (really) work. Only by contributing directly can institutions ensure that the software precisely meets the complex needs of the public administrative machine.
“Public institutions should take part in open-source projects not only by providing funding, but also by actively contributing to them.”
This need for control becomes even more pressing when it comes to new technologies. Josef Kruckenberg illustrated an illuminating practical case in his presentation “How AI is Supporting End Users and Editors at the Canton of Basel-Stadt”. The Canton of Basel has implemented an AI-based chatbot to help citizens handle bureaucratic procedures quickly and intuitively. The true innovation, however, lies in the system’s architecture.
To keep sensitive data secure and ensure digital sovereignty, the entire artificial intelligence model is hosted in Swiss data centers, such as those provided by Infomaniak. This approach demonstrates that it is possible to combine the most advanced technological innovation with rigorous protection of local data, without ceding information to overseas providers.
Accessibility and scalability for European citizens
Beyond security, public platforms must handle immense traffic volumes while maintaining structural consistency and accessibility. Sandro d’Orazio and Massimiliano Molinari recounted the European Commission’s successful journey in creating a centralized solution for the Europa.eu domain. Using a Drupal-based architecture, they managed to consolidate hundreds of fragmented websites into a coherent ecosystem, drastically improving security, scalability, and user experience for millions of European citizens.
But a scalable service is useless if it’s not usable by everyone. Mike Gifford’s talk addressed accessibility not as a mere technical requirement, but as a fundamental right. Gifford explained the practical impact of the Web Accessibility Directive (WAD) and the European Accessibility Act (EAA).
Building an accessible government website, which allows people with visual, motor, or cognitive disabilities to navigate without obstacles, is not just an obligation to avoid legal penalties. It is an essential civic duty. Open platforms allow communities to develop modules and themes already compliant with these directives, facilitating the work of administrations in ensuring total digital inclusion.
Why is Drupal the engine of innovation for complex institutions and highly regulated industries?
Drupal has established itself as the engine of innovation for complex institutions thanks to its flexible architecture, highest security standards, and the support of a vast global community. This open source platform allows managing enormous volumes of data while ensuring total adherence to regulations.
During the Brussels sessions, it became clear that this CMS (Content Management System) is no longer considered just one option among many, but the platform of choice for high-level government portals. A concrete example of this excellence is the official European Union portal, Europa.eu, which manages vital information for millions of citizens in dozens of different languages.
Drupal’s strength lies in its ability to model extremely complex information architectures, typical of ministries or large public agencies. Furthermore, the open nature of the code allows thousands of developers worldwide to identify and resolve potential vulnerabilities with a speed that proprietary software cannot match.
Security and regulatory compliance are non-negotiable pillars for the public sector. An architecture based on open technologies greatly facilitates adherence to stringent regulations. As we analyzed in our in-depth look at the impact of NIS2 and DORA on cybersecurity in Cloud Native, institutions must ensure proactive resilience against cyberattacks. Drupal integrates perfectly into modern cloud ecosystems, allowing the application of rigorous security policies and maintaining full control over who accesses critical information.
Our team’s direct experience confirms these potentials. At SparkFabrik, we design and develop solutions for organizations that cannot afford the slightest margin of error. We have carried out complex projects in areas where security and stability are vital, providing digital solutions for financial services. We are talking about critical platforms for clients of the caliber of London Stock Exchange and Borsa Italiana/Euronext that are based on robust architectures requiring levels of reliability comparable, if not superior, to those of governments.
Similarly, we manage large-scale modernizations in the education sector, as demonstrated by our work for La Scuola, where we implemented a secure and scalable infrastructure based on Drupal 10. These experiences demonstrate that open technologies are ready to support the most critical and challenging workloads.
Conclusion
The first edition of Drupal4GovEU has drawn a clear line for the future of European digital services. Digital sovereignty, uncompromising accessibility, and the strategic adoption of open source are no longer theoretical concepts, but the three pillars on which to build a modern, efficient, and truly citizen-centric Public Administration. We have seen how control over data and code is the only effective shield against vendor lock-in and how active participation in development communities is vital for national security.
This paradigm shift requires courage and vision. Public decision-makers, project managers, and innovation leaders within complex organizations must prioritize the adoption of open and secure technologies for their institutional portals.
But the transition to technological independence is a journey that should not be undertaken alone. SparkFabrik positions itself as a key technological partner in this transition, thanks to our proven experience in open source contribution, the development of secure Cloud Native architectures, and deep technical and strategic expertise in Drupal.
Contact us for a personalized consultation: it’s the first step to transforming regulatory challenges into extraordinary innovation opportunities.
