OSPOlogyLive AMS – Shared Learnings Report

OSPOlogyLive Amsterdam hosted by the Dutch Employee Insurance Agency (UWV OSPO) brought together practitioners, researchers, and public sector professionals to tackle shared challenges in open source management. With a special focus on the public sector, academia, and industry, the event blended technical insights with governance strategy across topics like security, regulation, and collaborative development.

ospologyliveamsgroupphoto

IT Security & Regulations Tools Workshop

The IT Security & Regulations Tools Workshop provided participants with a hands-on approach to understanding the legal, technical, and organizational dimensions of responsible source code publication. Grounded in the requirements of the Dutch Open Government Act, the session emphasized the importance of designing projects with transparency in mind from the start, rather than retrofitting compliance at the end.

The visual guide introduced during the workshop offered a practical blueprint to assess a project’s readiness for publication, helping participants identify gaps in intellectual property management, licensing, version control, and stakeholder responsibilities. This guide contrasted what should be planned “by design” from the start versus what needs to be done “afterwards” if transparency wasn’t considered early on.

LegalTechnicalOrganizational
Ownership and transfer of Intellectual Property Rights (IPR)License and metadata documentation for all componentsStakeholder involvement in the publication process
Identifying exceptions under the Dutch Open Government Act (Woo)Identification of sensitive data and vulnerabilitiesDefined roles and responsibilities
Compliance with the Dutch Competition Act (Wet M&O)Code understandability and traceabilitySelection of platforms for publishing and communication
Appropriate licensing choices (“all rights reserved” vs. open source)Version control and design documentationTransparency on feedback loops and external collaboration

Alongside this framework, a series of proven tools were highlighted, including OSPO Scode Scanner, OpenSSF Scorecard and Baseline, RepoLinter, and the Compliance Assistant by the OpenRailAssociation. These tools play a vital role in automating and standardizing security, compliance, and best practices across the open source lifecycle.

Tools referenced

🔗 Related content: GitHub discussion notes / Workshop pad / License best practices guide

Build Better Together Roundtable

This roundtable explored the intersection of academia and research, industry, and government in Europe, focusing on how these sectors can better collaborate to drive open source innovation. Participants included representatives from research centers and universities, public administrations, and private industry, bringing diverse perspectives to a shared challenge.

The group examined real-world scenarios where these connections occur and raised key questions such as:

Key challenges included

The group emphasized that true cross-sector collaboration requires more than alignment on values: it demands mutual investment, streamlined risk management, and structured models for long-term co-creation.

🔗 Related content: GitHub discussion notes

Collaboration Marketplace

In this experimental session, participants had the opportunity to explore practical demos and tooling during the Collaboration Marketplace, switching between rooms every 15 minutes.

Speaker Presentations

Speakers from organizations such as Zentrum Digitale Souveränität (ZenDiS), UWV, DOSBA, SURF, and the City of Amsterdam shared insights on open source management best practices within the public sector, education, and enterprise contexts in Europe. Their contributions covered a wide range of topics, including security management, Software Bill of Materials (SBOM), developer experience, and fostering open source culture inside organizations.

They also showcased impactful open source software projects supporting key public needs (such as TINA) for Sovereign AI initiatives in Dutch municipalities, and Abacus, used in the context of Dutch elections—presented by speakers from the Dutch Electoral Council and the Association of Dutch Municipalities.

🔗 Related content: OSPOlogyLive Knowledge Archive

Wrap-up Session Highlights

The final wrap-up confirmed that OSPOlogyLive Amsterdam successfully met the core objectives:

📋 Next Actions Board

Throughout the sessions and especially during the wrap-up, participants identified practical follow-ups to continue the momentum after the event. These next steps were collaboratively gathered on a shared board, reflecting concrete opportunities for collaboration, improvement, and alignment across the open source ecosystem in Europe.

Security & RegulationsCommunity & NetworkingTooling & InfrastructureLeadership & Strategy
Collaborate with Linux Foundation / OpenSSF on security testingBenchmarking sessions with the City of Amsterdammprove CI/CD tooling for blockchains and project boilerplatesAssign responsibilities for publication workflows
Join CHAOSS Working Group and connect strategies to the Dutch governmental contextCollaboration between InnerSource Commons and CURIOSSClarify metadata and SPDX usage across toolsDefine cross-organizational agreements
Further define what’s needed to use OpenDesk in SwedenSupport formation of a working group for women in open source governanceEvaluate governance tooling landscape (CHAOSS, OSPO tooling from TODO, OpenChain, etc)Continue working on alignment between legal counsel and developers

What Makes OSPOlogyLive Europe Chapter Unique?

OSPOlogyLive prioritizes participation over passive listening. Sessions are designed for small-group work, guided discussions, and real-time collaboration with peers and experts. Instead of watching speakers from a distance, attendees roll up their sleeves and co-create solutions to current challenges in digital sovereignty, compliance, and open source governance.

specialthanksto

By the end of OSPOlogyLive Amsterdam, participants left with clear actions, new collaborations, and a deeper understanding of how open source strategy connects legal, technical, and community impact.

🔗 Related content: OSPOlogyLive Framework