“Let’s stop shipping software that just works! Let’s focus on quality and technical debt”. Software Engineers have been historically sharing this cry for help with their organizations’ management. I should know as I am old enough to have both expressed it (as a developer) and received it (as middle manager) in the software as a service industry for both start-up and bootstrap companies. Most of the time it doesn’t end well: “We need to ship fast and deal with consequences later”.

And just like that, life goes on… until the system fails irreversibly!

For decades, the software engineering world has been obsessed with robustness, which is defined at literature as the ability of a system to cope with errors and erroneous inputs. But what happens when the stressor doesn’t “live” in the code, but in a global supply chain collapse or a geopolitical crisis? Or if the erroneous input doesn’t come from an “unluckily” uncaught bad input of a user or from a smart hacker, but from an advanced AI system that is designed to assist cyber warfare or exploit vulnerabilities?

In such cases, being able to cope with crises as soon as possible, is important. Owning the code base but also have control of the infrastructure, is important.

In European Commission’s Communication on European Tech Sovereignty, accompanied by an EU Open Source Strategy (2026), we read that the EU currently relies on non-EU providers for over 80% of its digital products, services, and infrastructure. In a world where geopolitical fragmentation is deepening and supply chains are increasingly weaponized, this excessive dependency is a massive strategic liability.

In this newsletter we have discussed how Software Antifragility isn’t about surviving a crisis but about actively learning, self-correcting, and gaining strength from volatility and stressors. Resilience, as the “first level of defense”, is about navigating a crisis without losing ourselves; antifragility, on the other hand, is the ability to emerge wiser and better equipped for the next crisis.

But how is the Commission planning to tackle the aforementioned risks? Here are my personal observations, reading the Communication on European Tech Sovereignty, accompanied by an EU Open Source Strategy (2026).

Embracing the “Bazaar” for Collective Intelligence

The EU, chooses to lean hard into the “bazaar” model (the open source way), which thrives on transparency, constant iteration, and open exchange. The Commission puts Open Source in the heart of its strategy. This way although the end goal is technical sovereignty, the output of the initiative is still available to the global community, including non-EU stakeholders. By launching a comprehensive EU Open Source Strategy, the Commission aims to leverage Europe’s vibrant community of over 3 million open-source contributors. By promoting open digital ecosystems, the EU aims to lower market entry barriers, reduce vendor lock-in, and foster collaborative innovation.

Governance as an Adaptive Immune System

We’ve discussed before how governance in open source acts as an adaptive immune system, capturing lessons from past crises and encoding them into policy, process, and culture.

The EU Communication mirrors this philosophy perfectly. The Commission intends to support open source steward organizations, such as foundations, that provide legal, financial, and organizational support for critical projects. By creating a special regime and providing a “stewardship toolkit,” EU wants to ensure these communities have the structured governance needed to make projects viable over the long term. Good governance has indeed the power to turn individual chaos into collective intelligence.

Paying Down the Continent’s Technical Debt

As we saw in the beginning of this article, in the startup world, a fatal mistake is confusing a deliberate, managed compromise (strategic technical debt) with an uncontrolled, reckless mess. The EU has recognized that relying on volunteer-driven open-source projects for critical infrastructure, without providing stable funding, is potentially enabling technical debt continent-wide.

To mitigate this risk, the EU is introducing an “Open Source Maintenance Instrument”. This initiative aims to fund the security upkeep and maintenance of essential software components, effectively treating internal code quality not as a luxury, but as the fuel that enables adaptability. Moreover EU is backing a strategic contingency program to mirror and build capabilities for the most critical dependencies, ensuring banking, healthcare, and government systems don’t collapse if or when a foreign vendor changes their terms.

“Antifragility comes from feedback loops, from actively confronting what went wrong and iterating forward with intention.”

The EU is treating recent semiconductor shortages and cloud dependencies as critical feedback. If we achieve blending the disciplined structure of an organization as the Commission with the agile, open collaboration of the open source philosophy, it is highly possible that a better, high quality, antifragile tech future will emerge for the EU.