Following a call for expressions of interest launched in April, the Ministry of the Economy of the Grand Duchy launched on 8 June 2021 a call for projects for economic operators wishing to participate in the development of next-generation Cloud infrastructures and services, within the framework of an Important Project of Common European Interest (IPCEI). The call is aimed at economic actors operating within the Cloud infrastructure and services value chain.
It is worth noting that the core of the project is to design and implement an open source ledger and related APIs to document in real time cloud resources, availability, traffic, access rights and all related protocols / agreements. Aims are to improve cyber security, to provide instant incident response and, when needed, evidences that could be used in court.
Open source is identified as providing the best security assurance. Individuals and organizations are getting hacked every day because of the lack of trust in code ownership, the centralized source of software providers, their dependencies, and its delivery. This leads to millions of computers compromised and millions of euro loss. The fast pace of technology innovation (Cloud, IOT, Fog Network, Serverless … ) of software development and continuous delivery isn’t suited anymore with the traditional security model, that is not – at the opposite of open source - secured by design.
In this sensitive area, the ministry has clearly opted for distribution under a copyleft/reciprocal licence, as the call for projects defines “Open source” as: “created and published under a copy left license like EUPL or GPL.”
The advantage of a reciprocal licence is that if someone, other than the original author, distributes a derivative work based on the licensed software (a modification, a combination where the licensed software is merged), this person or enterprise must also publish the modified source code under the same original licence. This provides assurance of transparency and sharing.
The selection of the EUPL looks the most appropriate because, at the contrary of the GPL, the licence covers on-line distribution or communication “as a service”, which is the principle of cloud services; therefore, the fans of the GPL should prefer the AGPL because it covers SaaS as well. However, the EUPL, which is valid in 23 languages and refers explicitly to the EU law, presents a better compatibility and interoperability with other software.
Details for the call for projects, including context, eligibility criteria and requirements are available here:
Applications are to be submitted to the following email address, which also serves as a point of contact: IPCEI-CIS@eco.etat.lu. Deadline for submission is 15th of July 2021.