Allocate a documented fraction of our software revenue to funding the open source projects we depend on#
What this is, concretely#
This commitment is the provider-side counterpart to the user-organisation commitment user-006. It consists of allocating each year a documented fraction of your software revenue — a percentage of total revenue, or an absolute amount — to funding the open source projects your solution depends on. The available channels are many: direct sponsorship via GitHub Sponsors, Liberapay, Open Collective, or Tidelift; donations to the foundations that host key projects (Linux Foundation, Apache Software Foundation, Eclipse Foundation, Document Foundation, NLnet); paid contributions by your teams, with time explicitly allocated and tracked for contributions to projects you depend on; commercial support contracts with companies that pay maintainers.
The commitment includes an annual public report on the funds disbursed, with details of the recipients. This transparency is what distinguishes it from a one-off donation: it acts as a signal to your clients, your peers, and the ecosystem, and it makes the commitment verifiable.
Why this commitment matters#
For a provider, the dependency on open source bricks is typically deeper than for a user organisation. Your product or service rests on dozens of libraries and platforms that you would not have the means to rewrite — PostgreSQL, Linux, OpenSSL, Python, Node.js, Kubernetes, among hundreds of others. That dependency is an economic boon, but it comes with a responsibility that thesis 8 of the manifesto makes explicit: “without a critical mass of paid maintainers keeping the critical bricks alive, free software becomes a technical debt funded by people other than us.”
Providers are collectively the foremost economic beneficiaries of open source. As such, their participation in funding maintainers is the single most structuring element of support for the ecosystem. When a SaaS publisher charges its clients on the back of PostgreSQL and not a fraction of revenue flows back to PostgreSQL, the asymmetry is plain. Thesis 11 of the manifesto insists: “a serious European digital sovereignty policy is recognised by its investment in foundations, maintainers, and distribution infrastructures.”
The commitment strengthens your commercial credibility. European public and private buyers are starting to integrate these criteria into their evaluation. Documenting your contribution sets you apart from providers who simply use the commons without feeding them.
A concrete example#
A European B2B software publisher with 35 employees and software revenue reaching 4.2 million euros in 2025 takes this commitment in March 2026 with a 12-month horizon. The technical leadership proposes and management validates a target of 0.75% of software revenue, i.e. 31,500 euros annually. The breakdown is built from a map of the product’s key dependencies: 8,000 euros to PostgreSQL Europe (PostgreSQL being the main database), 6,000 euros to the Linux Foundation (Kubernetes and many dependencies), 4,000 euros via GitHub Sponsors to five identified maintainers of critical npm packages, 3,000 euros to NLnet Labs, 2,500 euros to the Document Foundation, 8,000 euros split between OpenStreetMap, Codeberg, and three other projects strategic for the publisher.
In addition, the publisher formalises a paid contribution programme: three engineers are entitled to 4 hours per month to contribute to an open source project the product depends on, on company time. The breakdown of payments and the contribution report are published in April 2027 on the publisher’s technical blog.
Anti-pattern to avoid#
A formulation along the lines of “we regularly give back to the open source community” without figures or named recipients does not fulfil the commitment. Total concentration on a single visible project, or symbolic sponsorship of a few hundred euros against revenue in the millions, does not reflect the reality of your dependency. The proportion between your software revenue and the contribution must be readable and public.
Success indicators#
By the 12-month horizon, you can reasonably consider this commitment fulfilled if you have set a numerical fraction of software revenue, made the contribution to at least three distinct recipients representative of your dependency chain, and published a named report on your website. The long-term commitment takes shape with annual renewal and adjustment as revenue grows.
→ Documented in the dossier#
JSON schema category: funding. Default horizon: 12 months. Applicable to: businesses.