At the crossroads of code and policy: Bosch insights from 2026 FOSDEM, CHAOSScon, and the EU Policy Summit
As the digital landscape of Europe undergoes a fundamental transformation, the conversations happening today will define the technology of tomorrow. This January, the EU Open Source Week in Brussels once again served as the premier stage for these discussions. Bringing together thought leaders from politics, industry, and the open-source community, the event tackled the most pressing challenges and opportunities facing the ecosystem, addressing topics such as the rise of the software-defined vehicle and the regulatory frameworks that will govern artificial intelligence (AI). For Bosch, this is more than just an event; it is a cornerstone of the company’s open-source strategy. It serves as a vital arena for engaging with the global community, understanding emerging technological directions, and actively participating in the discussions that shape everything — from embedded systems and AI to developer tooling and cloud software. In the following report, Bosch attendees share their key takeaways from this impactful week.
Deep dive: Competitiveness & open-source in the automotive industry
Detlef Zerfowski, Vice President at ETAS GmbH
During the EU Open-Source Policy Summit, Detlef Zerfowski shaped the discussion during a key panel about the automotive industry's transition to software-defined mobility. Alongside industry leaders and the European Commission, he discussed how shared development models and collaborative projects, such as Eclipse S-CORE, are essential for fostering interoperability, reducing redundant efforts, and building long-term, sustainable capabilities. A key focus of the discussion was the alignment of these industry-led initiatives with the European Commission’s broader transport innovation agenda.
The audience considered the regulatory and organizational frameworks necessary to support shared development, ensure functional safety, and enable the deployment of these technologies at a massive scale. The insights from the software-defined vehicle initiatives provided a valuable blueprint for how open approaches can be successfully applied across other strategic sectors.
Code and compliance: Open-source in safety-critical products
Philipp Ahmann, Automotive Open-Source Process Lead at ETAS GmbH, Member of the Linux Foundation Europe Advisory Board
At the prestigious FOSDEM main track, Philipp Ahmann delivered a thought-provoking talk on the integration of Open-Source Software (OSS) in safety-critical systems. His presentation addressed the dual landscape of rapid innovation and persistent compliance challenges. The talk highlighted the significant acceleration in the adoption of OSS in safety-critical products, noting the growing maturity of foundation-backed initiatives like the ELISA project and specialized operating systems such as Zephyr.
However, Philipp also confronted the barriers that still impede broader adoption. He cut through the marketing hype to clarify confusing terminology — such as the crucial distinction between "safety Linux" and "safe Linux" — which illustrated the broader challenge of allocating responsibility between OSS components and system-level safety measures. The talk addressed the uncertainty around certification pathways and the difficulties in providing sufficient evidence for safety arguments.
Attendees gained practical insights for evaluating safety concepts in OSS-based systems, leaving with a clearer understanding of the critical questions to ask when implementing open-source software in safety-critical production systems.
Beyond the main stage, the conversation continued in two specialized "Birds of a Feather" (BoF) sessions focusing on safety-critical software in the railway and industrial sectors. While automotive topics remain dominant, the strong participation and pointed questions from attendees in fields like aerospace and railway technologies signal a clear expansion of interest.
The momentum was tangible. Compared to a similar presentation just three years ago, the main track session was significantly better attended, and the formal Q&A spilled over into an hour-long discussion in the hallway. This surge in engagement demonstrates that the work by Bosch and ETAS in initiatives like Eclipse S-CORE is directly addressing a growing and urgent business need for safe and compliant open-source solutions. To continue this momentum, ETAS will also present on the topic of Eclipse S-CORE at the safe.tech 2026 at TÜV Süd end of April in Munich.
Shifting sands of EU Regulation: A focus on the AI Act
Janneke van de Westelaken, Legal Counsel at Robert Bosch GmbH
Janneke van de Westelaken provided a crucial legal perspective on the wave of new EU regulations impacting digital products. Her session focused on the significant implications of the AI Act and touched upon the effects of the Cyber Resilience Act and the revised Product Liability Directive. She explained how the AI Act introduces a seemingly complicated and well-thought-out exception scheme for open-source AI systems, GPAI models, and AI components. She peeled this exception scheme like an onion and concluded that the AI Act seriously affects open-source systems, models, and components. The promised “exception” is ultimately more of a burden than a relief for developers.
Her presentation opened the participants' eyes and caused many to reevaluate their strategies for open-source development and business. Her presentation aimed to cut through the confusion, focusing on finding coherence within the new regulatory landscape and fostering collaboration between organizations. By examining the practical application of these new definitions, the talk led to a better understanding of how to remain compliant while navigating the evolving European market, ultimately helping to safeguard the future of open-source innovation.
Community, compliance, and code: A consultant's perspective
Nikola Babadzhanov, Open-Source Consultant at Bosch Digital
For Nikola Babadzhanov, the EU Open Source Week was a deep dive into the operational backbone of open-source. His time was spent connecting with the communities and tool smiths who are shaping the future of enterprise open-source management.
At CHAOSScon, the focus was squarely on community health, where discussions with contributors to the GrimoireLab platform sparked fresh ideas for measuring the impact and vitality of Bosch's own Inner Source projects. The FOSDEM Fringe tooling workshop provided a hands-on environment to tackle the industry's pressing challenges around Software Bill of Materials (SBOM) generation. As an OpenChain ambassador of the OpenChain tooling workgroup, Nikola shared his own expertise and collaborated with peers on new tools and compliance strategies.
The main FOSDEM event tied everything together, offering a whirlwind of talks, project showcases, and valuable hallway conversations. In his role as OpenChain Ambassador, Nikola connected with fellow leaders passionate about open-source compliance and best practices. He left the week with a renewed sense of purpose and a list of new projects and actionable ideas to strengthen the work of the Open-Source Program Office at Bosch.
On the front lines of securing the software supply chain
Marcel Kurzmann, Open-Source and Software Management Consultant at Bosch Digital
For Marcel Kurzmann the EU Open Source Week was a deep dive into the interconnected worlds of cybersecurity, compliance, and community building.
The week began with a focus on vulnerability management at the GVIP Summit, exploring the future of a global, community-based intelligence platform using standards like PURL. A recurring and critical topic was the potential danger of "AI slop" – false vulnerability reports — and their impact on the open-source ecosystem. He also attended the Software Heritage Summit, which highlighted the mission of preserving our global software commons, a project whose founders were later honored with the Open-Source Award.
A key part of his mission was representing "The FOSS-LÄND," Baden-Württemberg's regional FOSS community during the Code & Compliance Summit. On stage, Marcel emphasized the need for local events to foster diversity and inclusion, making the open-source community more accessible to all. He highlighted how initiatives like the upcoming OpenChain and Friends event in Stuttgart, organized in collaboration with the FOSS-LÄND community, are crucial for bringing the open-source community directly to the people and lowering the barrier for entry.
The FOSDEM tooling workshop was a personal highlight, offering a unique opportunity to engage directly with open-source giants like Greg Kroah-Hartmann (Linux Kernel) and Daniel Stenberg (CURL). The discussions bridged the gap between the high-level challenges faced by maintainers and the ground-level solutions being built by security and compliance experts, culminating in a toast to the newly published ECMA standard for the CycloneDX SBOM format.
The week concluded with a deep dive into the SBOM and Supply Chains devroom at FOSDEM. Sessions covered new developments in SBOM generation and underscored the growing collaboration around common formats. It was a fitting end, reinforcing that while business contexts may differ, the entire community is on a shared journey toward a more transparent and secure software supply chain – the foundation for digital sovereignty.
The energy in Brussels served as a powerful reminder of what this community can achieve when it works together toward a more open and secure future. The Bosch team is already channeling this momentum into their projects and are counting the days until next year’s EU Open Source Week.