European organisations are increasingly turning to open source software (OSS) as part of a broader push toward digital autonomy, according to new research from Perforce Software.
The company’s 2026 State of Open Source Report, produced in collaboration with the Open Source Initiative and the Eclipse Foundation, highlights a growing shift across the UK and EU toward reducing reliance on large technology vendors. The full report can be accessed here: https://www.perforce.com/resources/sca/2026-state-automotive-software-development-report
At the centre of this trend is a sharp rise in concerns around vendor lock-in. More than half (55%) of respondents now cite it as a key driver for adopting open source – a 68% increase year-on-year. The figure rises to 63% across the UK and EU, compared to 51% in North America, underscoring the region’s stronger focus on data sovereignty and regulatory compliance.
“Digital autonomy has become a strategic priority for European organisations,” said Matthew Weier O’Phinney, principal product manager at Perforce OpenLogic and lead author of the report. “Open source provides a clear path to that independence, but it must be paired with infrastructure choices that preserve flexibility.”
Maintenance burden challenges AI-driven innovation
Despite continued growth in adoption – with fewer than 2% of organisations reducing their use of open source – the report highlights significant operational challenges that could limit its value, particularly in AI-driven environments where speed and scalability are critical.
Across large enterprises, 60% of respondents said they spend at least half of their time on maintenance and bug fixes rather than developing new features. For enterprise Java teams, nearly a third reported spending up to 90% of their time maintaining existing systems.
This growing maintenance burden reflects the increasing complexity of modern software ecosystems, where frequent updates, dependency management and compatibility issues place additional strain on development teams.
Security and compliance risks persist
Security remains a major concern as organisations scale open source usage. Keeping up with patches and updates is the most widely cited challenge, while 20% of organisations admit they have no formal process for managing vulnerabilities.
The report also highlights a clear link between legacy software and compliance risk. The majority of organisations that failed an audit in the past year were running end-of-life (EOL) software, with failure rates significantly higher among those using outdated versions of widely adopted frameworks such as Tomcat and Spring.
At the same time, only 16% of respondents said they have a plan in place to address upcoming regulatory requirements, including the EU Cyber Resilience Act, which is expected to come fully into force by 2027.
Balancing flexibility with governance
The findings point to a growing tension for organisations: while open source offers flexibility, control and a foundation for AI innovation, it also introduces ongoing responsibilities around governance, security and lifecycle management.
Deb Bryant, interim executive director of the Open Source Initiative, said organisations must take a more structured approach.
“A 68% surge in organisations citing vendor lock-in avoidance tells us that enterprises are actively seeking flexibility and independence,” she said. “But open source can only deliver on that promise if it is well maintained, well governed and sustainably supported.”
As organisations across Europe continue to invest in AI and data-driven technologies, effectively managing open source will likely become a key differentiator, determining whether digital autonomy translates into long-term resilience or increased operational risk.
