How Open Source Coordinates: A Guide for Policy Makers
Understanding horizontal governance in the FOSS ecosystem

Author:

Mirko Boehm, Senior Director for Community Development, Linux Foundation Europe

Free and open source software underpins critical infrastructure worldwide, yet policy makers struggle to engage effectively with this ecosystem. The challenge is that FOSS coordinates through horizontal networks of self-governing communities, not through central authority or hierarchical control. This article explains how coordination typically works in the FOSS ecosystem: through upstream-downstream dependencies, open governance processes, and self-organizing communities. Understanding these mechanisms reveals both powerful policy opportunities (technology transfer, standards enforcement, industrial policy) and fundamental constraints (reduced control, borderless collaboration, global investment impacts). Effective policy requires working with horizontal coordination structures, not against them.

Introduction

The Infrastructure Reality and Why It Matters

Free and open source software (FOSS) now powers critical infrastructure worldwide. From smartphones to satellites, from government systems to financial services, FOSS underpins the digital economy. The numbers tell part of the story: open source contributes between

€65 billion and €95 billion to the European Union (EU) economy annually (Blind et al., 2021). But the significance runs deeper. This is a public good developed predominantly by private actors like individuals and companies through transparent, open processes, yet sustaining systems that billions depend upon daily.

The benefits to economies and societies are considerable. Open source reduces costs, increases competition, and prevents vendor lock-in. It enables technology transfer without licensing barriers, allowing innovations to flow freely across borders and sectors. The transparency of inspectable code supports skill development and accelerates innovation. Perhaps most importantly, it creates shared infrastructure for collaboration at local, regional, and global scales. It is a digital commons built through horizontal coordination of autonomous peers rather than hierarchical control.

Yet policy makers struggle to engage effectively with this ecosystem. Traditional regulatory approaches, designed for corporations with clear hierarchies and accountable executives, don’t map cleanly onto self-governing communities coordinating through technical dependen- cies. The missing piece is understanding how the ecosystem coordinates: how hundreds of independent projects and foundations relate to each other, make collective decisions, and manage shared challenges without central authority.

The Coordination Puzzle

Unlike traditional infrastructure, FOSS has no central authority. Hundreds of independent foundations exist: the Linux Foundation, Apache Software Foundation, KDE e.V., Python Software Foundation, and many others. Each has distinct governance models, decision-making processes, and membership structures. Beyond these, thousands of smaller communities operate with varying degrees of formal organization. There is no “CEO of open source,” no headquarters to visit, no single entity that speaks for the whole.

This creates a coordination puzzle. How do these self-governing entities relate to each other? Horizontal collaboration exists but is informal and inconsistent. Dependencies flow upstream and downstream across organizational boundaries. Projects rely on each other’s code, yet no coordinating mechanism exists for ecosystem-wide concerns. Individual community autonomy must coexist with collective challenges.

Understanding this structure is key to effective policy. Traditional regulatory targets like corporations and standards bodies don’t map cleanly onto this landscape. Each foundation is simultaneously independent and interdependent. The “whole” emerges from bottom- up collaboration, not top-down coordination. Current policy approaches, designed for hierarchical organizations, risk disrupting what works by trying to impose vertical control on horizontal structures.

What Understanding Coordination Reveals for Policy

Understanding how FOSS coordinates reveals both powerful opportunities and fundamental constraints. On the opportunity side, the coordination structure enables policy objectives that would be difficult to achieve through traditional means. Technology transfer operates at ecosystem scale through dependencies. Standards enforcement happens organically through interoperability needs. Industrial policy can leverage participation in horizontal networks to build domestic capability on global commons.

But the same structure creates constraints. Once code is open, access cannot be controlled. National borders cannot be enforced on global collaboration. Decentralized coordination cannot be directed from the top. These are not bugs to be fixed but features of the system. Attempting to override them risks breaking what works.

The path forward requires working with horizontal coordination, not against it. This means recognizing foundations as legitimate governance bodies, as the EU’s Cyber Resilience Act (CRA) first did. The CRA introduced the concept of “open source software stewards,” a regulatory category closely modeled after open source foundations. This recognition marks a significant shift in how policy engages with horizontal coordination structures. Beyond this, it means creating coordination forums without imposing centralization and facilitating ecosystem-wide collaboration rather than directing it.

Governance Models in the FOSS Ecosystem

The Ecosystem Structure: Beyond “Free Software”

The hobbyist stereotype no longer fits. Today, 86% of contributions to major open source projects come from employed developers (Boysel et al., 2024). Companies from startups to technology giants invest heavily in open source development, employing thousands of developers to contribute to shared projects. This corporate participation doesn’t replace community coordination but operates alongside it, creating a unique hybrid structure.

The scale is striking. Open source forms the foundation for the digital economy. Critical infrastructure like the Linux kernel, Apache web server, and Kubernetes container orches- tration system handle billions of transactions daily. This is professional, mission-critical software development, not weekend hobby projects.

Yet it remains fundamentally different from traditional software development. The difference lies not in who writes the code, but in how decisions get made and how coordination happens. Companies contribute code but don’t control the projects. Individual developers hold influence through technical merit, not corporate hierarchy. Communities govern themselves through open processes, not executive decree. This horizontal coordination structure creates both opportunities and challenges for policy makers seeking to engage with the ecosystem.

Three Key Governance Models Coexist

Three distinct governance models have emerged within this structure. Each reflects a different balance between formality and flexibility, between corporate sponsorship and community control.

Foundations provide formal legal structures for major projects. The Linux Foundation, Apache Software Foundation, KDE e.V., Python Software Foundation, and Cloud Native Computing Foundation are examples. These organizations have membership structures, elected boards, and trademark ownership. They serve as neutral homes for collaboration across competing organizations. Each has distinct governance models and decision-making processes. The Linux Foundation provides membership-funded infrastructure while projects maintain independent technical governance. The Apache Software Foundation emphasizes meritocracy. KDE e.V. maintains community-driven governance.

Maintainer-led projects rely on organic, merit-based leadership. Decision-making power belongs to those who do the work. Reputation and contribution history determine influence. Typically, no formal hierarchy exists, but clear informal structures emerge. Leadership comes through sustained contribution, not appointment.

Corporate-backed projects involve company-sponsored development. These use single- vendor models or corporate steering committees. They must balance company interests with community participation. Many transition to foundations as adoption grows beyond the single sponsor.

How Decisions Get Made

Open source culture emphasizes consensus-seeking with meritocratic elements. Technical merit carries heavy weight; politics enters reluctantly. The principle of “rough consensus and running code,” borrowed from the Internet Engineering Task Force (IETF), guides many projects. Forking serves as a safety valve to governance failure: dissent produces an alternative rather than deadlock.

Community leadership relies on voluntary contributions. Top-down dictates don’t work because contributors can simply leave or fork. Community management must keep activities aligned with contributor interests. This alignment is essential. Without it, contributors withdraw and projects stagnate. This creates another boundary for policy influence: policies that misalign with contributor interests will fail to benefit from the FOSS ecosystem.

Decision-making is distributed across the ecosystem. Each project and foundation governs itself. No hierarchy exists between projects. The Linux Foundation doesn’t govern Apache projects. Coordination happens horizontally, not vertically.

This creates a coordination puzzle for policy makers. Who speaks for “the open source community”? No one. Who can implement ecosystem-wide decisions? No single entity. How do collective challenges get addressed? Through mechanisms we’ll explore below.

Why Traditional Regulatory Approaches Don’t Fit

Regulations seek centralized accountability. However, the question “Who is in charge?” has no simple answer. Responsibility is distributed among maintainers, foundations, users, and contributors. There is no CEO to summon, no headquarters to visit. The ecosystem exists everywhere and nowhere.

Organic, distributed development defies territorial control. Contributors span jurisdictions, time zones, and legal systems. Collaboration ignores national borders. Dependencies create global supply chains without contracts. Community relationships don’t map to trade agreements or international security interests.

The fundamental mismatch is clear. Traditional policy targets corporations with clear hierar- chies. FOSS consists of self-governing communities coordinating horizontally. Understanding horizontal coordination is key to effective policy. The question shifts from “who controls?” to “how do they coordinate?”

How Open Source Communities Coordinate

Open Governance: The Foundational Principle

“Open governance” is distinct from “open source code.” It means not just transparent code, but transparent decision-making. Public discussions, documented processes, and accessible leadership characterize this approach. The meritocracy ideal holds that influence flows through contribution, not position or payment.

Governance openness varies across projects. Some formalize it through explicit models like the Apache Way or the Document Foundation’s statutes. Others practice it informally through maintainer-led models with community input, or through distinctive approaches like Debian’s social contract. Open governance enables trust across organizational boundaries, making collaboration between competitors possible.

Self-Governing and Inherently Global

Communities govern themselves without external authority. They set their own rules, elect their own leaders, and manage their own conflicts. Legitimacy flows from participation, not legal charter. No parent organization supervises. Even projects hosted by foundations are typically not controlled by them; the foundation provides a home, not direction. No external body oversees.

These communities are global by default, not by design. Contributors from dozens of countries work on single projects. Time zones become a coordination challenge, not nationality. Decisions happen in public forums accessible worldwide. Language, usually English, serves as a practical coordination mechanism, not a policy choice.

The Upstream-Downstream Network: Dependencies Without Hierarchy

Projects relate to each other through technical dependencies. Upstream refers to projects you depend on: libraries, frameworks, and tools. Downstream refers to projects that depend on you: other FOSS projects, distributions, or commercial products. These relationships form through technical dependency, not contracts.

This creates a coordination paradox. Millions of dependency relationships span the ecosystem. No central registry exists. No coordinating authority directs the network. No master plan guides development. The network emerges organically from technical needs. Each node, whether project or foundation, is autonomous yet interdependent.

That this works at all is remarkable. Yet this mechanism has proven effective for three decades. Self-organization without central planning produces robust, scalable infrastructure. This resilience supports policy goals of digital sovereignty by eliminating dependence on single vendors or central authorities. The absence of hierarchy is a feature, not a bug.

Information flows through the network. New releases with features and bugfixes flow downstream, sometimes introducing vulnerabilities or new issues. Feature requests, bug reports and cybersecurity vulnerability disclosures bubble upstream. Standards emerge from repeated patterns, not central design.

What Foundations Do (And Don’t Do)

The operational reality of FOSS foundations differs sharply from conventional corporations. Foundations provide a legal home, hold trademarks, and facilitate governance for FOSS communities. They organize events, manage infrastructure, and handle money. They represent projects in policy and standards discussions.

But foundations do not operate consumer-facing services. There is no “Apache search engine” for consumers. They typically do not employ developers to write code; contributors work for many employers. They do not control who can use the software. The software is free for any purpose, available to everyone.

The neutrality principle matters. Foundations enable collaboration between competitors. Open governance serves as a safeguard for this pro-competitive nature of FOSS collaboration. The software remains available to all, not just members. Membership fees fund infrastructure, and while members may gain influence, open governance ensures development collaboration remains open to all contributors regardless of membership.

When Coordination Becomes Necessary: The Horizontal Challenge

Most development happens without explicit coordination. Projects solve their own problems independently. Network effects create alignment without central planning. This works well for technical development.

But specific cases require horizontal coordination across the ecosystem. The CRA exemplifies this need. The first draft published by the European Commission (EC) in 2022 threatened to undermine the fabric of open source collaboration. This triggered collaborative engagement by a coalition of FOSS foundations with EU policymakers, leading to significant changes that resolved most concerns.

Policy representation poses a fundamental challenge. Who speaks for “open source” to governments? There is no CEO to testify, no trade association membership list. Individual foundations can and should speak only for the communities and projects they host. There is no one open source community. Anyone claiming to speak for “the” open source community likely represents a more limited constituency than their rhetoric suggests. The ecosystem needs mechanisms for collective voice without imposing hierarchy. The Open Source Congress model offers one approach to this challenge (Williams, 2023).

Standards development requires coordinating technical interoperability. The World Wide Web Consortium (W3C), IETF, and International Organization for Standardization (ISO) serve as neutral forums. Foundations participate in standards bodies. Tension exists between organic innovation and formal standardization (Blind et al., 2022).

Security response demands ecosystem-wide vulnerability coordination. No central Common Vulnerabilities and Exposures (CVE) authority exists for all open source. Foundations coordinate within their own ecosystems, and initiatives like the Open Source Security Foundation attempt to bridge gaps. Yet cross-foundation coordination remains largely informal, relying on personal networks and ad-hoc communication channels.

License compliance and legal questions require interpreting licenses across projects. Software Package Data Exchange (SPDX) provides standardized license identifiers. The Legal Network hosted by the Free Software Foundation Europe connects legal experts across jurisdictions. Foundation legal committees propagate best practices across their projects and communities.

Maintainer sustainability presents a growing coordination challenge. Critical projects often depend on a handful of volunteers. Burnout and abandonment can leave widely-used infrastructure unmaintained, creating security and reliability risks. Foundations help by channeling fundraising to their hosted projects, but many critical dependencies fall outside foundation structures. No ecosystem-wide mechanism ensures that essential projects receive adequate support. This sustainability gap directly affects policy goals around security and digital infrastructure resilience.

Yet a coordination gap remains. As regulators turn their attention to open source software, these coordination needs multiply. Compliance obligations require consistent responses across projects; liability rules demand clear points of contact; security mandates call for coordinated disclosure. The informal mechanisms that serve technical collaboration well, such as mailing lists, conferences, and personal relationships, struggle to meet regulatory demands for accountability and consistency. The open source community faces a dilemma: how to coordinate effectively across thousands of independent projects without creating the centralized authority that would contradict its foundational principles.

Policy Options Facilitated by FOSS

The horizontal coordination mechanisms described above (upstream-downstream dependen- cies, open governance processes, self-organizing communities) create unique opportunities for policy makers. These coordination structures enable policy objectives that would be difficult or impossible with traditional centralized approaches.

Technology Transfer Without Friction

Open source functions as an inherent technology transfer mechanism. When researchers release code under an open source license, they bypass the lengthy negotiations and institu- tional overhead that typically accompany technology transfer. There are no licensing fees to negotiate, no technology transfer offices to navigate, no bilateral agreements to draft. Innovations flow freely across borders, shrinking the gap between research and application from years to days. The Linux kernel illustrates this dynamic: a security improvement developed by an engineer in Helsinki can run on servers in São Paulo within weeks of its release.

The advantages over traditional technology transfer are clear. Open source delivers immediate availability rather than years of negotiations, zero licensing fees rather than complex and costly intellectual property rights (IPR) policies, inspectable implementations rather than black boxes. Code can be modified for local needs.

The policy implications are significant. Public research funding can mandate open source release, maximizing return on public investment through broad adoption. This approach enables developing countries to access cutting-edge technology and creates a level playing field for innovation building on publicly-funded research.

Academia Spinoffs and Commercialization

Open source enables new commercialization models. Research code becomes the foundation for startups, as Red Hat demonstrated before its acquisition by IBM. Services and support can be built around open core products with commercial extensions. Academic innovations reach market faster through open release.

This approach reduces the “valley of death” between research and market. Community adoption validates research before commercial investment arrives, while open source projects attract contributors who improve the technology. This visible community engagement and proven adoption lower risk for investors.

Successful examples abound. The NumPy and SciPy ecosystem transformed scientific computing. TensorFlow and PyTorch moved from artificial intelligence (AI) research to industry standard. PostgreSQL evolved from university research to enterprise database.

Several policy levers can support this approach. University intellectual property policies can encourage open source release, while startup funding programs can recognize open source as a valid commercialization path. Research impact metrics can shift to measure adoption alongside traditional citations.

Enforcement of Technical Standards

Open source serves as both standards implementation and enforcement mechanism. Reference implementations ensure interoperability, while standards bodies increasingly require open source implementations to accelerate market adoption of standards through free implementa- tion.

Standards development and open source increasingly converge. The W3C requires royalty- free licensing for web standards, while IETF protocols get implemented in open source projects like OpenSSL and BIND. Even ISO standards increasingly reference open source implementations as proof of concept and validation (Blind et al., 2022).

For policy makers, the advantages are considerable. Open source ensures vendor neutrality, preventing any single company from controlling the standard. Compliance can be inde- pendently verified, while lower barriers accelerate standard implementation. The market naturally selects interoperable implementations, providing organic enforcement.

These characteristics have direct competition policy implications. Open standards combined with open source produce effective competition, reducing dominance through proprietary lock- in and enabling small and medium-sized enterprise (SME) participation in standards-based markets.

Industrial Policy and Strategic Autonomy

Open source serves as a powerful tool for domestic capability building. Governments can build on global commons without starting from zero, developing local expertise through participation while contributing improvements that serve national interests.

The strategic advantages for governments are significant. Open source enhances digital sovereignty not by granting control over software, but by guaranteeing access to it. Govern- ments can inspect the code running their critical infrastructure, audit it for backdoors or vulnerabilities, and if necessary fork it to maintain independently. This transparency extends through the supply chain, revealing dependencies that would remain hidden in proprietary systems. The result is reduced exposure to single-vendor lock-in and greater resilience against supply disruptions.

National open source strategies demonstrate this approach in practice. At the time of this writing, the EU has called for evidence on developing a strategy around open source digital ecosystems, while China invests heavily in domestic open source ecosystems and India pushes for open source adoption in government systems.

The participation imperative matters here. Merely consuming open source is not enough. Governments must contribute to influence direction, recognizing that investment in maintain- ers translates directly into influence in governance. They can do so directly, by employing developers who contribute from the public sector, or indirectly, by structuring procurement to require vendors to perform upstream work on the open source projects they deploy.

Policy Difficulties and Trade-offs

The same horizontal coordination structures that enable powerful policy opportunities also create fundamental constraints on traditional policy levers. These are not bugs to be fixed but inherent features of how FOSS coordinates without central authority. Understanding these trade-offs is essential for effective policy.

Reduced Control Over Technology Access

The fundamental trade-off is openness versus control. Once released as open source, access cannot be restricted. Export controls on source code face constitutional challenges (First Amendment issues in the US). Adversaries and allies have equal access to the same code.

Strategic technology concerns arise immediately. Civilian open source finds military applica- tions. Dual-use technologies like AI, cryptography, and networking tools cannot be contained. No mechanism exists to prevent any actor from forking and modifying the code for their own purposes.

This creates discomfort for policy makers. Traditional national security tools rely on controlling technology through licensing and export controls. Open source invalidates these approaches. The tension between promoting innovation and maintaining strategic advantage becomes acute.

Yet a paradox emerges. Restricting open source restricts domestic innovators as much as foreign competitors. Adversaries will develop alternatives or work around restrictions. Security through obscurity fails repeatedly, while security through transparency may prove more effective.

Increased Competition Levels the Playing Field

Open source dramatically reduces barriers to entry. Startups can compete with incumbents using the same infrastructure. SMEs access enterprise-grade technology at zero licensing cost. Developers worldwide compete on equal technical footing, regardless of geography or national wealth.

The implications for industrial champions are significant. Dominance becomes harder to maintain through proprietary technology alone. Traditional “national champion” strategies lose effectiveness. Competitive advantage must now come from services, expertise, and integration rather than from controlling the underlying code.

This creates policy tension. Governments want both innovation (which requires competition) and champions (which require protection). Open source favors the former over the latter. Promoting open source while simultaneously protecting incumbents from the competition it enables proves impossible.

The adjustment required is fundamental. Policy must shift from protecting products to developing capabilities. Competitive advantage flows through human capital, not code ownership. Value creation happens through ecosystem participation, not gatekeeping.

Borders Fail to Constrain Open Source

Open source development transcends jurisdiction. Contributors from dozens of countries work on every major project. Regulating “foreign” contributors to “domestic” projects is not feasible. Projects are hosted on global platforms like GitHub and GitLab, not national infrastructure. Yet even this platform dependency is limited: Git, the underlying distributed version control technology, enables projects to move between platforms with minimal friction. China’s strategic promotion of Gitee demonstrates this dynamic in practice.

Regulatory arbitrage challenges arise constantly. Projects can relocate to friendly jurisdictions, with foundations moving between the EU, US, and Switzerland. Contributors can participate from anywhere. National laws cannot be enforced on global collaboration.

Jurisdictional conflicts demonstrate these limits. In 2024, the removal of Russian maintainers from the Linux kernel due to sanctions requirements sparked controversy within the developer community. General Data Protection Regulation (GDPR) compliance requirements affect globally-developed software. Export control laws clash with international collaboration imperatives.

This reveals the limits of digital sovereignty claims. National internet borders don’t apply to open source. Attempting territorial control fragments the ecosystem without achieving the desired control. Local regulations have limited effect on global projects.

Investments Have Global, Not Local, Impacts

Public funding creates global public goods. Government grants to open source projects benefit everyone, not just domestic stakeholders. Ensuring that taxpayer money serves national interests exclusively becomes difficult. Return on investment is diffuse, not concentrated locally.

The free rider problem emerges at national scale. Other countries benefit from your open source investments without contributing. Why should one country fund infrastructure used globally? The tragedy of the commons applies: all benefit, none want to pay.

This requires measuring return on investment differently. Direct economic impact is global, not local. Indirect benefits include a skilled workforce, ecosystem participation, and influence in governance. Strategic benefits like security, transparency, and vendor independence matter more than direct returns. Governments must justify spending on non-rival, non-excludable goods.

The coordination challenge remains unsolved. International cost-sharing is needed for global public goods, but no mechanism exists for coordinated funding across nations. Bilateral aid and research partnerships don’t map well to open source collaboration.

The Policy Maker’s Dilemma

Traditional policy tools don’t work well in this environment. Access cannot be restricted, development cannot be directed, the ecosystem cannot be controlled. What works is supporting projects, participating in communities, and influencing through contribution. This requires humility and acceptance of limits.

The shift required is profound. Policy must move from command-and-control to facilitation, from protecting existing players to enabling new entrants, from national approaches to cooperative international engagement. The horizontal coordination structure of open source demands fundamentally different policy thinking.

Conclusions: Navigating the Policy Paradox

The Central Insight: Horizontal Coordination Changes Everything

Understanding how FOSS coordinates is the key to effective policy. This article has shown that diverse governance models operate without central authority, that horizontal coordi- nation works through dependencies, open governance, and self-organization, and that this coordination structure both enables opportunities and creates constraints.

The upstream-downstream network is the overarching governance structure. Autonomous nodes (projects and foundations) connect through technical dependencies. Information flows organically through the network rather than through central coordination. Legitimacy comes from participation and technical merit, not legal authority. This differs fundamentally from corporations or standards bodies.

Policy makers must work with horizontal coordination, not against it. Vertical control cannot be imposed on horizontal structures; facilitation works where direction fails. Success requires respecting the balance between autonomy and interdependence.

The Policy Opportunity: What Open Source Enables

The coordination structure provides powerful tools for achieving policy objectives. Technology transfer happens instantly and without friction, distributing innovations globally. Academic commercialization follows validated pathways from research to market. Standards enforcement works through reference implementations that ensure interoperability. Industrial policy can build domestic capability on global commons.

Open source functions as public good infrastructure. It maximizes return on public research investment, enables participation without massive upfront investment, creates a level playing field for innovation, and supports strategic autonomy through transparency and control.

The Policy Challenge: Trade-offs and Limitations

Yet these same structures constrain traditional policy levers. Access cannot be restricted once code is released as open source. Increased competition makes protecting incumbent champions harder. Borders fail to limit development, and local regulations have limited reach. Public funding creates global benefits, not just local returns.

These constraints are features, not bugs. They reflect the structure that makes open source valuable. Attempting to override them risks breaking what works. Success requires accepting reduced control in exchange for other benefits.

The Way Forward: New Mental Models for Policy

Policy must shift from command-and-control to facilitation. The ecosystem resists direc- tion but responds to facilitation. Picking winners proves futile; supporting public goods infrastructure does not. Restricting access fails; investing in participation succeeds.

Think in terms of ecosystem health, not individual projects. Strengthen horizontal coordina- tion mechanisms rather than replacing them with hierarchical oversight. Support systemic resilience, not protection of specific entities. Enable global cooperation rather than imposing national control.

Address the coordination gap identified earlier. Existing informal mechanisms (dependencies, open governance) work well for development but don’t scale to policy representation and regulatory compliance. The ecosystem needs structures for collective voice that preserve horizontal coordination. The Open Source Congress model offers one example for policy representation (Williams, 2023). Creating coordination forums while preserving project and foundation autonomy remains the challenge.

The Stakes: Getting This Right Matters

Open source underpins critical digital infrastructure. It contributes between €65 billion and

€95 billion to EU GDP alone (Blind et al., 2021). It provides the foundation for innovation, competition, and security. Knowledge transfer and capability building happen inherently through its structure.

Poor policy risks fragmenting the global commons. National forks reduce interoperability. Overregulation drives consolidation or abandonment. Treating open source like corporations breaks organic coordination.

Yet the opportunity is significant. Open source offers a model for 21st-century governance: distributed coordination without centralization, global cooperation on shared infrastructure, balancing autonomy with collective action. It demonstrates new forms of international collaboration for digital public goods.

The Bottom Line for Policy Makers

The key insight is this: horizontal coordination is how FOSS governs itself. This governance operates not through central authority, but through upstream-downstream dependencies that create organic alignment. It functions not through hierarchical control, but through open governance and self-organization that emerge from voluntary participation. It relies not on contracts, but on technical merit and sustained contribution as the basis for influence and legitimacy.

This coordination structure offers powerful policy opportunities. It enables technology transfer, standards enforcement, academic commercialization, and industrial policy in ways that traditional centralized approaches cannot match. Yet the same structure creates fundamental constraints on control, borders, and national champions. These constraints are inherent to the system, not bugs to be fixed.

Effective policy must work with horizontal coordination, not against it. This means facilitating coordination mechanisms rather than imposing hierarchical oversight. It means strengthening ecosystem-wide forums while preserving the autonomy of individual projects and foundations. It means investing in participation and capability building, not in control and restriction mechanisms that will fail or backfire.

Policy impact comes from understanding and engaging with these coordination structures on their own terms. Success does not come from trying to centralize what is fundamentally decentralized, nor from applying corporate regulatory models to community coordination. It comes from working with the grain of how FOSS functions, respecting the balance between autonomy and interdependence that makes horizontal coordination work.

References

Blind, K., Böhm, M., and Thumm, N. 2022. Open source software in standard setting: The role of intellectual property right regimes, in Open source law, policy and practice, Oxford University Press
Blind, K., Pätsch, S., Muto, S., Böhm, M., Schubert, T., Grzegorzewska, P., Katz, Andrew, and European Commission and Directorate-General for Communications Networks, Content and Technology. 2021. The impact of open source software and hardware on technological independence, competitiveness and innovation in the EU economy – final study report, Publications Office
Boysel, S., Nagle, F., Carter, H., Hermansen, A., Crosby, K., Luszcz, J., Lincoln, S., Yue, D., Hoffmann, M., and Staub, A. 2024. 2024 open source software funding report, https://opensourcefundingsurvey2024.com/ (date last accessed 13 January 2026)
Williams, A. 2023. Standing together on shared challenges: Report on the 2023 open source congress: The Linux Foundation