By Stuart Dee
My work at a global systems integrator allows me to discuss and deliver solutions with partners across the entire technology ecosystem, from cutting-edge agentic AI platforms to legacy banking modernisation initiatives. With the focus being on financial services, discussions invariably turn to operational durability, digital sovereignty, and the growing problem of legacy technology debt. One topic that fuels heated debate, however, is the role open-source software (OSS) plays in the enterprise technology stack. Open-source software and hardware are central to EuroStack 2025, which positions them as foundational components designed to reduce dependencies on non-European vendors and proprietary platforms. Yet, open-source adoption is not without its complications.
The Promise of Open Source
Community-driven innovation, code transparency that can be audited and modified, and freedom from vendor lock-in offer a great deal of promise unlike proprietary solutions. However, as these conversations deepen, real-world realities emerge, and a more nuanced dynamic surfaces than open-source evangelists might suggest. There is an inevitable reliance on the team that creates the software: how actively they fix critical vulnerabilities, how responsive they are to security flaws, and whether their roadmap fits enterprise goals.
This uncertainty is particularly dangerous for organisations in highly regulated sectors such as finance, healthcare, or critical national infrastructure. The problems are many: open source does not just entail a financial investment in skills training and adoption; its support is fundamentally at the mercy of the community. Projects can be scrapped, maintainers take new jobs, and suddenly an entity finds its critical infrastructure running on software that no one is actively looking after.
Rise of the Commercial Open-Source Model
These challenges created an opening for a new approach. A few astute companies identified a business model that could bridge the gap between open-source ideals and enterprise requirements. They took successful open-source software, injected enterprise functionality, packaged it with support, and crucially offered the kinds of Service Level Agreements (SLAs) businesses were looking for. With this hybrid model, vendors have built billion-pound businesses on community-driven code. But that success has created a new discussion that arises in almost every client conversation: “If it is open source, and we are buying it from a vendor with proprietary enterprise features, are we not just swapping one kind of lock-in for another?”
A New Kind of Lock-In?
The answer is by no means simple; it is determined by a number of factors, of which the vendor’s ethos is one of the most important. Some vendors genuinely give back to the open-source communities from which they gain value. Others are more extractive, building closed proprietary layers atop open foundations and pushing little back to the community. The difference matters enormously. Organisations hold true optionality when a vendor actively maintains the open-source core, while keeping its proprietary features genuinely additive rather than substitutive. In theory, they could shift to another provider or take the open-source components in-house should the relationship sour.
The Hidden Costs
Skills, Speed, and Risk Open-source technologies often assume a higher technical skill set on the implementation team. This skills gap represents a hidden cost that needs to be factored into any Total Cost of Ownership (TCO) calculation.
Commercial open-source vendors can provide training, certification, and managed services to fill this gap, for a fee naturally. Then there is innovation velocity. Open-source communities can move incredibly quickly, with contributions from numerous sources, enabling organisations to adopt cutting-edge features faster than conventional enterprise procurement cycles allow. Conversely, vital security patches can stall if a project lacks maintainers, creating unacceptable exposure for risk-averse organisations.
Open-Source AI
A New Frontier of Complexity Open-source AI models make this discussion even more complex. As organisations struggle to accommodate large language models and other AI capabilities, the decision between closed proprietary and open alternatives has significant consequences. Open-source AI offers an auditable process, allowing solutions to be tweaked for individual use cases without being beholden to per-token pricing mechanisms. However, it requires hefty infrastructure investment and significant technical capability.
Making It Work in Practice
Ultimately, the question is not whether open source should exist within the enterprise; that debate has been resolved. The challenge lies in thoughtfully incorporating open-source components into broader technology strategies that balance innovation, resilience, sovereignty, and pragmatic risk management. The commercial open-source model, despite its apparent contradictions, presents an attractive middle ground. It benefits from community innovation and code transparency while providing the protection of enterprise support. The secret lies in understanding what motivates vendors, how they engage with upstream projects, where open-source communities are diverse and sustainable, and whether the organisation has the internal maturity, skills, governance, and strategic alignment to support and evolve these technologies effectively. These factors determine whether an open-source solution adds genuine value or simply introduces new dependencies.
In my experience, organisations that approach these decisions with rigour invariably find that open source, if done correctly, can indeed underpin operationally resilient systems. Those that do not too often discover that ‘free’ software can be a very expensive choice.