Switzerland mandates software source code disclosure for public sector: A legal milestone

Typical Swiss countryside view with rolling green hills and tall green trees. To the right in the near foreground stands a vertical piece of rock, with a Swiss flag mounted on top of it.

The EMBAG law stipulates that all public bodies must disclose the source code of software developed by or for them, unless precluded by third-party rights or security concerns. This mandate aims to ensure greater transparency, security, and efficiency in government operations by promoting the use of OSS, which allows for public scrutiny and contribution to the software code​​.

One of the critical aspects of this law is encapsulated in Article 9, which not only mandates the disclosure of source code but also allows public bodies to offer additional services related to support, integration, or IT security, provided these services align with public tasks and are offered at a cost-covering remuneration. This provision ensures that while fostering OSS, the government can also maintain a competitive balance and avoid market distortion​​.

The crux of it really comes down to public money being used for these services. An added benefit of course is that the software could be supported if the supplier goes out of business. Vendor lock-in is a major risk in public sector IT and this helps break that perception / reality. As for security it must be remembered that this is the operational code, and not user data, encryption keys, API keys, etc which always remain private.

See https://joinup.ec.europa.eu/collection/open-source-observatory-osor/news/new-open-source-law-switzerland

Comments