"We disrupted how re-use was done"

Checking in on the implementation of the Italian open source procurement and reuse law.

Published on: 20/08/2021
Last update: 23/08/2021
News

Italy’s law favouring open source software in public procurement and sharing of code is generally considered to be a good example of primary law. Yet, the law is also thought to have had little real-life effect. To address this, the Italian government adopted guidelines in May 2019 to help with the implementation. Two years later, it’s “slowly but firmly going in the right direction”, says Leonardo Favario, Open Source Project Leader at the Italian Department for the Digital Transformation.

Italy’s “Codice dell’Amministrazione Digitale” (CAD) was enacted in 2005 and a preference for open source software and re-use through open source was introduced in 2012 through the addition of Articles 68 and 69. The Italian lawmakers were seemingly motivated to find the optimal wording, as the articles were adapted four times since their introduction. Yet, the impact of the law is seen to be low. 

In his 2019 investigation of the (successful) French public procurement law favouring open source Harvard Business School professor Frank Nagle used Italy as a control case – thus a case where there is no impact from a policy intervention. When asked why the law had so little impact, Favario said “it was very hard to put into place. Turn the primary law into facts”. The law itself was “high level” and would only provide a broad frame of what procurement officers should do - perform a comparative assessment of the available solutions - but not give clear instructions how to implement this.

The CAD gives the AgID, the Agency for Digital Italy, the option to develop practical implementation guidelines on all its articles. For the “Guidelines on the acquisition and reuse of software for public administrations” they partnered in late 2017 with the Digital Transformation Team. The process included internal consultations, an open consultation on GitHub and discussions with the European Commission. The resulting guidelines were published roughly 1½ years later and give public procurement officers “a soft landing, without level for interpretation”, providing clarity for the implementation.

After the publication, the authors were aware it would be an uphill battle to disseminate the guidelines to all relevant public procurement. “You need to reach all levels”, Favario is convinced. To increase the reach, media, social media and events were employed. The team could rely on a network of “responsible for digital transformation” officers at the public administrations, that they used as a lever to spread the word. This was seen as very important, as especially smaller public administrations on the local level struggle with the intricacies of software procurement, while the law requires a complex comparative assessment of available software options. 

The guidelines also helped the shift toward sharing and reuse of software in the public administration. They replaced an outdated framework from 2013 that foresaw the need to obtain permission of the public administration that has first developed a specific piece of software and required this public administration to provide support, “that was not sustainable” remarked Favario, referring to the cost within the public administration. With the new rules “reuse equals free and open source software. This was a new era.” Transaction costs between public administrations were reduced to near zero for reuse. As the software is freely available, every public administration can easily reuse it. In addition, the warranty exclusion in the licenses mean public administrations do not need to worry about being liable. Both measures have spurred publicly available code.

Did the guidelines help the implementation of Articles 68 and 69? Favario thinks so. “Right now, we have 212 solutions in the catalogue that have been re-used over 2000 times. Good solutions are being reused more and more. We are quite happy with the result.” The team is also providing additional services, such as checks for security vulnerabilities, which can be provided because the code is open source and thus increases the security of the software for all. 

Of course, there was also much feedback over the last years that public official promises are being turned into action. “Dealing with software as a service (SaaS)” is something the team wants to improve with a possible new version, “it is not yet clearly explained in the guidelines”. When asked what they had learned from the process, Favario highlighted two aspects: “People and tools: You need to build an ecosystem of people going in the same direction. You need people able to express, explain and support. And you also need tools that help in that way”.