 So thank you for the nice introduction, Sivan. I don't need to say anything more about myself then, but I will tell you a little bit about the background of this presentation. So the presentation is based on the trigger study. Trigger stands for trends and global governance and Europe's role. And this was a study that was conducted or is being conducted, it's still ongoing actually, even though our part is done. But it is being conducted for the EU's Horizon 2020 program and the Technical University of Munich or TUM, where I'm at, conducted the study with 14 partner institutions. And one of the main goals of the study is to understand how global governance and emerging technologies interact and what role the EU plays in this respect, in particular as a regulatory superpower, so-called, it's often called that. And the TUM, so we have the TUM focused on review and current governance regimes and EU initiatives concerning open standards and open source software or OSS. And my co-author, Professor Tim Butte, and I basically draw three main conclusions in our study. These conclusions are actually not the subject of today's presentation, so I'm just gonna make a very short comment on them and then move on to the actual subject of the presentation. So what we found is that OSS and open standards can contribute to interoperability, especially if OSS developers implement APIs that are based on open standards. Second, to solve the conundrum between requiring complete openness and incentivizing investments in research and development policy makers should mount a multi-stakeholder effort to redefine fan licensing and potentially also adopt a system or a tiered system actually of licensing fees. And then as regards geopolitics, the promotion of OSS and open standards can be a powerful tool for states to improve their economic and political positions vis-a-vis their rivals. And if you would like to learn more or read more about what we found out, our study is available on the trigger website and I've put the link in here if you wanna look that up. Okay, so much for background. I did have two poll questions. I don't think I'll make the attempt to do the poll now, but I was interested in whether you all thought that governments are more resilient now than they were 30 years ago and whether you think that the use of open source software and open standards increases government's resilience. So let me then talk about the actual subject of this presentation. So we've seen huge technological changes in the last few decades and these have brought both risks and opportunities, of course. So if you think about the rise of the internet about 30 years ago or now the rise of AI, right? We see that new technologies are an essential driver of economic growth, but at the same time, they can of course, pose risks to humans, animals and the environment. These risks include known knowns. So these are things we know about. We know that there are certain risks and certain dangers that new technologies bring with them. Then there are known unknowns where we know there are risks, but we don't quite know all aspects of them or how they will play out when technologies are adopted on a large scale, let's say. And then there are unknown unknowns where sometimes if you don't even know the kind of side effects of a new technology until it is adopted in a widespread manner. And I think that is a particular concern to policymakers. If you think about something like geoengineering, for example, I think that's why there are some concerns around that because there might be many unknown unknowns. And new technologies, because they have these risks that they bring with them, also opportunities, but also these risks, they raise complex policy challenges for policymakers. And the situation is complicated even further because there are of course dual use technologies. So this family of technologies that we summarize under the umbrella of AI, of course, are often times dual use, so they can be used for both military and peaceful ends, which makes it even harder to regulate them. Now, how do policymakers deal with this, right? How do governments respond? Because of course, we don't just simply wanna say, okay, then we can't adopt any new technologies we're just gonna regulate and make sure that new technologies adopted. That's of course not the case. So one principle that's been used widely in EU policymaking, also in the US, but we're focusing here on EU, is the precautionary principle, which is detailed in article 191 of the TF-EU. And it was first applied in the field of environmental protection, and basically advises risk prevention in the face of scientific uncertainty. This means that if there is any kind of doubt whether something is risky or not, we should proceed with caution, essentially. And over the years, the scope of the precautionary principle slowly widened from environmental policymaking to include consumer policy, food, and human, animal, and plant health. However, questions have risen in recent years about the scope of the precautionary principle, whether maybe it is being used too widely and maybe societies are demanding or the public is demanding this very much unattainable goal of zero risk. So in response to these kinds of concerns about the precautionary principle, the innovation principle emerged in 2016 because while zero risk may seem desirable, there is a complex relationship between reducing risk and fostering innovation and economic growth that policymakers need to take into account because if societies don't innovate, they become very, very much stagnant and that is not a good thing. But innovation, of course, brings with it a certain amount of risk. And so given the EU's comparatively weak position in the global tech industry, even though I have to say it is not quite as weak as some folks in the media are making it out to be sometimes, I think, but we don't have any of the huge internet platforms, for example, and so given this position, it has been suggested that the precautionary principle should be applied to a much narrower range of cases and it should be counterbalanced with the so-called innovation principle which was drafted in 2016 as part of an initiative to establish better regulations. And it is a much needed counterweight to the precautionary principle and basically holds that the European Commission will take innovation into account when drafting new initiatives. And so therefore it acknowledges that in order to have an innovative society and a growing economy, we need to accept a certain amount of risk. So where does this leave us? So on the one hand, there is the precautionary principle. On the other hand, there's the innovation principle. We understand that we need innovation. On the other hand, we don't wanna endanger the safety and lives of humans, animals. We don't wanna endanger the environment. And the innovation principle definitely should not be used to move away from precaution and adopt a regulatory laissez-faire approach. So in recent years, scholars and policymakers that have looked at this conundrum have suggested that resilience is an important concept for striking a balance between precaution and innovation. And the resilience perspective basically acknowledges that not all risks of new technologies can be anticipated, but instead of them saying, okay, we need strict regulations governing the use of new technologies, the resilience perspective advocates to creation of societies, of governments and societies at large that can absorb future shocks stemming from technological innovation and from anything else really, but we focus on our study and trigger study on technological innovation. Now you may say that is all well and good, but what does it actually mean to have a resilient government, a resilient society? Well, according to the OECD study from 2014, there are three capacities that underlie resilience, absorptive capacity, adaptive capacity and transformative capacity. And absorptive capacity refers to the ability of systems to use predetermined coping functions in order to prevent and restore basic structures and essential functions in the face of negative impacts. So absorptive capacity very much refers to the short-term response to shocks, right? So when something happens, a so-called shock event happens, this could be a shock stemming from the introduction of new technologies, but it could of course also be something like an environmental disaster, a financial crisis, challenges stemming from migration, whatever it is, right? The absorptive capacity, if it's high, means that a government can make sure that systems basically still function even in the face of such a shock, right? Adaptive capacity is something that is important for the medium to longer-term and that refers to a systems ability to change its structures and functions in order to take advantage of future opportunities and mitigate the impacts of potential negative events. So if you think about something like AI being in use on a wider scale now, adaptive capacity would mean that governments can react and say, okay, we wanna take advantage of the opportunities created by AI, but we also wanna mitigate its risks, right? And so if we need to change some structures, some functions of how we deliver public services, okay, we can do that, right? And so that would be then high adaptive capacity if you can change systems to respond to such events in the medium to longer-term. And finally, transformative capacity refers to the ability to create an entirely new system if the old system ends up being untenable, right? Sometimes that is the case, the old system no longer works, we need an entirely new system and a government with high transformative capacity can then create such a system and then it's possible to do so. And I think when we look at the challenges that new technologies create, we see that one thing that is very important is how to respond to that with regulation, right? So in the medium term and in the long term, how do we basically make new regulations that mean that we can harness the opportunities of new technologies and also how can we then monitor that these regulations are actually being complied with? So to have resilience as a government also means that there's a lot of regulatory agility, right? So maybe regulations will have to be updated more often so that would be regulatory adaptation that happens on a regular basis or we need entirely new ways to make and monitor compliance with regulation. So how can we support resilience than knowing now three capacities underlying it through the use of open source software and open standards? Well, resilient societies, as I said, are agile enough that they can handle the changes and shocks stemming from the introduction of new technologies and other events, of course. And open standards and OSS can support agility by making it easier for public policy makers to be quick and responsive and adaptive, just a necessity today. So if a shock event happens, the use of OSS and open standards basically contributes to all three dimensions of resilience and also helps with that kind of agility, regulatory agility that I talked about earlier. So specifically, looking at absorptive capacity, how does OSS and open, how do OSS and open standards help us? Well, they're helpful when it comes to absorbing the impacts of a shock because they allow governments to make quick changes to important technological applications and infrastructure. OSS also gives organizations control over the technology they're using and allows them to adapt to this needed, at least if they have the right resources. This is something that I believe Emma will talk about in a minute here. So for example, highly skilled developers have very important resource. So but if those resources are in place, then OSS helps organizations to manifest an effective response. In response to a shock and the use of OSS and open standards also makes governments technological infrastructure more secure, I believe. It makes it more transparent and flexible in the first place. So that means it makes it less likely that shock events related to something like hacking happen in the first place because you'd simply have this global community, right? And all these sets of eyes on the code that make it less likely that any bugs or anything slipped through. So in that sense, open source, it's just a more resilient kind of software, I believe, in and of itself. Then looking at the second capacity, underlying resilience, adaptive capacity. So the use of OSS and open standards allows governments to adapt in response to the long-term effects of shocks or longer, medium to longer term effects of shocks and thus contributes to their adaptive capacities because OSS and open standards enable many different players to be involved in the development of new technologies. And that leads to more information, a faster pace of change. So basically the software, OSS software changes as quickly as the community will allow, right? And so it also leads to better adaptation to varying real world needs because there are so many different people involved, right? So there is just a much broader set of needs that will be represented, I believe, in such a community and therefore will find its way into the code, if you will. Also the use of OSS and open standards enables actors in the relevant technology ecosystem to adopt reusable components, open APIs and open interfaces into platforms and solutions. And that potentially increases the to market rate of new products and services. And that means that governments simply have a larger menu of options to choose from which leads to more competition and therefore to lower prices, making it easier to adapt as needed, right? If you simply have more options at different price points, right? It is just easier to say, hey, here's what we need and now let's see what we can find out there in terms of options, there are more options, obviously you're in a better position. And then finally, transformative capacity. So this third dimension of resilience is also helped by OSS by the use of OSS and open standards because they can help to ease the transitions to new technological solutions. As in the case of adaptation, the use of OSS and open standards can lead to more innovation at a faster pace. And this in turn can reduce the time and cost of transformation efforts. However, one thing that is being debated in the literature, I should say it was debated, especially strongly maybe about a decade ago or so, was whether the particular innovation model that is often associated with open standards and OSS, so a modular model, right? Where basically innovation happens on top of a common plumbing, if you will, top of common infrastructure and differentiation happens at higher layers, right? Is that really suitable for producing the radical innovations required for technological transformation? This was a discussion a little while ago in the literature. And of course it is debatable, but I think it should be noted that the breakthrough ideas required for real transformation might be more easily achieved by a global community of developers, even though we saw that these developers mostly work together with the people in their proximity. We saw it in an earlier presentation, but still it is a global community of developers. And so this global community might more easily achieve these breakthrough ideas than a comparatively small group of employees working on proprietary technology. Also, I think time has shown that yes, OSS can be absolutely transformative and innovative. So to sum up, given today's fast-paced technological change, governments basically need a way to preach precaution and innovation and harness the potential of new technologies while minimizing their risks and improving the resilience of governments and of society at large is an important concept and an important way for striking a balance between precaution and innovation. There are, as I mentioned, three capacities underlying resilience, absorptive capacity, adaptive capacity and transformative capacity, and the use of OSS and open standards and government constraints and all three of these capacities and therefore contribute to more resilient governments and societies that can more easily absorb and respond well to shocks created by the adoption of new technologies or other shock events as well. This was it for me. Thank you very much for your attention and please feel free to connect via email or via Twitter or LinkedIn if you have any questions or comments. Thank you. Great. Great, so much. Thanks so much. Oh, I'm hearing myself. Oh, I'm hearing myself. Try again. Try again. I'm hearing myself. Nora, could you mute yourself? Yep. Thank you. Everybody knows how it feels like to hear yourself. Well, but thanks so much. This was super interesting and my political science had beat faster upon seeing a nice structuralization of these three dimensions. Right. Now I would invite Emma to come back to speak about their research, their report on government open source. And let's see, I think we hope that we've solved the issue in the background, now a lot of people are having fun with the whiteboard feature here. Are you feeling this? Maybe not, I'm not sure. Let's see, Emma, let us know when you're ready. Should also be presenter now. I'm just trying a couple of different things because it seems to be, it just does not seem to like me today. We did test it. There's always the beauty when you test something and it works in the test and it doesn't work when you're actually live. Aha, okay. All right, well, I'll do it this way. This is not how I was hoping to do it, but it works. All right, thank you. Thanks for your patience, we've got it going. All right, well, thanks so much for having me. Siobhan, you've already done a perfect introduction, but I'm Emma Gao and I'm a partner at Public Digital and we're a small global consultancy, typically focused on helping leaders set the right institutional conditions for success to deliver digital transformation of which implementation of open sources is part of that. And just a bit of minor background, I worked in the UK government when this policy was put in place to be open and use open source. I was not the author of it, I won't claim any credit, but I've really seen the impact of this and other initiatives unfold, I think, quite favorably in the UK government over the last few years and that's how I came to be quite enthusiastic about this topic as well. So, we recently conducted a short study on creating the conditions for success on open source software. It was qualitative based on interviews with about 20 people across four different continents and essentially asking them what accelerates open source adoption and what blocks it. So, I'll tell you a little bit about the context for the study, but not for too long. Our recommendations for governments and then a little bit about a capability model we developed to support that one moment. So, in terms of context for the study, it's worth saying that open source software operates obviously right across the technology stack from frameworks, programming languages, libraries, components. And the use case for many of those is probably a bit more straightforward. And what we were looking at is the case around open source software that supports mission critical public service and how you might implement that and how the public administrations might implement that. So, for example, a civil registration platform or a health management information system, really important things that will affect citizens' lives in quite a tangible way. I'm not gonna preach to the converted and Laura's obviously just talked about some of the advantages of open source, but we know that open source can be a really powerful way to accelerate digital transformation. You know, in the good version of that, it's encouraging sharing and reuse, experimentation, connecting to a global community, many, many positives. And it can also help governments move away from lock-in and create more competition and give the possibility of greater digital sovereignty. So there's a lot of promise in the way we talk about open source, but it is a bit more complicated than that when it comes to implementation. So what we heard from interviewees is that these factors don't make up the full picture. And some of the really great qualities of open source, they don't guarantee implementation success. And this is obviously true of any technology project, but we're thinking specifically about that kind of conditions for success for open source. But if you implement big open source service without preparation, it can be just as disastrous as a big bang proprietary technology project. And it feels a bit uncomfortable to say that out loud. We don't want to say it. But I think if we want open source software to meet its potential and to be as successful as we think it should be, it's really important to have an honest conversation about how to make it successful. There's a reality that in the development of larger scale services and infrastructure, a decision between proprietary software and open source alternatives becomes a bit more complicated because the advantages of implementing open source software meet the reality of implementing anything big in government. So given all that, what do we think governments could or might do to make themselves more successful? So we think we need to take action in four areas. And before I start, I'll say, we tried to make these as broadly applicable as possible for big administrations and small and be no regrets, no regrets things to do, that in the ecosystem and your policy and your governance will help. There's always more you can do. So we'll talk about the policy environment, about in-house skills and capabilities, open source, spend the ecosystem, and then sustainability. So this is one of our interviewers. He said to us, political stability is essential and where there is instability, the whole process holds. I think anyone who's worked with governments will recognize this. And the most important thing to say here is that it's very hard for an initiative to survive is attached to one political leader. So what you don't really want is a politician who feels very enthusiastically about open source, he then disappears in a couple of years. That's not enough. It's nice, but it's not enough. So no regrets action really is to build political consensus and support for open source software adoption. And the aspect I'd really bring out here is to really think about what your strategic objectives are for adopting open source. What's the strategy and purpose behind that adoption? It could be that the primary motivation is about digital sovereignty or it could be about reducing lock-in, but understanding those objectives is gonna make your policy more successful. And secondly, the aspect of developing a decree or a policy or a law. We've seen in some cases that it's a positive, it's a good thing to have a policy or a law. It shows political intent, but it's not enough on its own. So you need to understand your strategic objectives, build some consensus among leadership, and perhaps put it into legislation if that works in your particular context. The second part of that in that kind of policy environment is to publish a government technology strategy which includes clear objectives for open source software. So by all means have something about open sources standalone, but make it part of a whole technology strategy. We'd encourage governments to think about an open architecture approach, building systems from discrete, well-defined components, integrated using open standards, which I've heard being talked about a bit today, and explicitly encourage reuse within public administration. These things together are gonna make your open source implementation more successful. And there is a nuance here that I think is worth drawing out, which is the publish aspect. The UK technology code of practice, which includes this directive around be open and use open source, it's published, it's in the open, it's clear, and often vendors will read this as well. So it's trying to make this policy both whole and accessible, and the accessible part is a bit, I think, that sometimes gets missed. If your policy is in the deepest dark corner of your website on a PDF, then you might struggle for it to get an interaction. And then onto leadership and internal capacity. So this came up, I think, in almost every single interview, and it's no surprise, in-house capacity was seen as such a critical condition for success, and it needs to be top down in leadership and bottom up in teams as well. So in settings with significant capacity to direct open source policy, or where it's a political priority, it might be appropriate to set up an open source program office, which I've seen referenced as well. But if you don't have that size, just start by making a central official team responsible for setting that policy. Having the ownership and accountability of it, even if it is just in one person, is a great place to start. And so there's sort of the formal side of that, setting a lead. There's also a community side. So think about how you can find champions and develop an internal community around open source. We find in lots of aspects of digital government, there will be people in the administration working on these things, looking for allies and looking for community. So if there's a way to bring that together, to find out who's already doing things, can you share that, can you bring teams, can you share best practices? Creating that internal community will also help you in the long term. And the other thing, and this is sort of tangential, but I think quite important, is to encourage reuse within government. I hear often talked about in global, kind of digital transformation teams, this idea of sharing software across administrations. And it would be brilliant, it would be really nice. And it does happen in certain settings. We've seen examples of that. But my experience as a practitioner working in governments is that just getting different government agencies to share anything can be a challenge. So it's really important to encourage reuse in your, you know, just in things that you're doing. That's a really good start and it helps teams to develop that muscle. If you can find opportunities to release publicly funded code in the open, it really increases understanding and technical capacity. And it means that if you're then adopting something that's been developed externally, you've got more of a technical skill in order to be able to do so. Procurement. So this is about creating demand and I'm really conscious that we only went into this lightly and this is a huge topic. So this is a minimum bar if you like, which is to say you've got to review your procurement policies and practices to ensure they aren't inadvertently blocking open source software. This can be done in a couple of different ways. So it might be that a focus on enterprise scale and service is just blocking experimentation on anything that can happen. It can also happen that it can also happen that the way the government is typically procuring things, which is, you know, long requirements, documents and big programs. The sort of whole structure of that procurement is inadvertently locking open source out. So there's a starting point to have a look at that and perhaps talk to local vendors and understand if that's the case. In the longer term, governments need to develop a range of procurement options for buying software and related services. So they need to allow smaller procurements, allow outcomes, allow experimentation. I'm really conscious this is a huge topic, but open source often gets blocked in the procurement world. So it's a good thing to look at. And this is something one of our government interviewees said to us. So he's talking actually about the vendor ecosystem in his country. And he said, open source can require a higher level of tech expertise. You have to deeply understand the code base of the software you're adopting in order to customize it and accept decisions developers have made. And in this context, he was saying, well, what's the incentive for local vendors to use open source software when they're currently essentially got a better, more profitable delivery model from just bespoking and building their own stuff. And this was in a government where actually the adoption of open sources is quite high, but still there's this tension with local vendors. So it's important, and I heard this talked about earlier as well, but to grow and support the local ecosystem of vendors. So if we want to break lock-in, then actually it's really important that more than one vendor can support your open source implementation. If you're implementing something that one big global company can support, then that's not really solving your strategic aims if that was one. So having a think about how you can promote new business models built around open source software and encourage vendors, incentivize them in a different way, grow that community, that is something that every government I think should be thinking about. And the last section of recommendations before I wrap up, this is a kind of a sensitive topic when we talk about funding open source. And there's a lot of misconceptions. There's a sort of idea that because there isn't a licensing cost, that open source will be lower cost as a whole, and it might be. But there's also some tensions where big vendors might offer substantial discounts for adoption and might ramp up their costs later. So there's different ways to look at the costs of any kind of software implementation. So our recommendation here is just look at the full picture, understand the whole life cycle, and know that any software is gonna require gonna require money in the long term, essentially, but really digging into that and factoring it in is important. You know, one of our interviewees really highlighted the need to make governments aware of the costs that are required for consultants or staff during implementation, which seems obvious, but actually if you've been pitched something as low cost, you might just have a misconception and that'll make you feel like the software's not successful. So a full understanding is really quite important. And then the next part of this is thinking about how you support your implementation in the long term. So this is another government interviewee who said, if we were to use a community version of open source software, we would need to ensure we have a competent internal team that can maintain it. And that's absolutely right. If it's something that's critical to government, you can't necessarily rely on something that's just community supported. Maybe you could if it was small, but the more you scale up, the more you need support. There isn't a kind of a right or wrong answer here, but it's thinking about what support you might have available to you. So you might start with free support through a mature community. So if you're just doing an implementation or a small pilot, that might be fine, get some free support for something without too much custom bespoke elements. You might be able to get support and maintenance through the developer of the open source software or through a separate vendor. Having options I think is the best thing here. Ideally you want something where you can get that service from more than one vendor so that you can swap between them. Or in some cases, you might need full commercial support. If there's a league in the government, you might need it. Now, if you go down there. Emma, can you hear me? There seems to be a connection issue. Let's see if we... I think it works now again, but maybe could you back up around 30 seconds? I think we had a connection issue for a little bit. So just the previous slide, kind of halfway through I would say. This one? Yeah, exactly. I think you came almost to the last point actually, but there we lost a lot here. Okay, sorry about that. So yes, just if you're doing a more complex implementation, something that could be, you know, economy scale or for all your citizens, you might need full commercial support. Planning for that, factoring it in, understanding it and having options is really, really important. And the last one, I think this is my last one, is just to kind of engage with the global open source community. So by sharing experience in the open and contributing, that's another part of building technical capacity, encouraging a vendor ecosystem. There are lots of benefits. And there's sort of just a principle of, if as a policy you want to adopt open source, actually balancing that by participating in yourself, it's a really good way to embed the capacity throughout what you do. There's lots of parts to that. Just as a kind of, we'd always say to start small, like if there's an administration that hasn't really got experience implementing open source, is to try not to start by implementing something that was going to affect every citizen in the long term, try and find smaller projects to start with, share in open and find your peers because there are lots of governments doing this experimenting with it. So learning from them and sharing lessons is hugely valuable. And I'm just gonna share, I'm conscious of time, but I'll just share, as part of this report, we developed an open source capability model to help governments understand their capabilities and strengths. You could be quite low in maturity and still have plenty of capacity to adopt open source, but it's sort of a self-assessment tool to be able to see where you are and essentially assess where your strengths and weaknesses are, where you might need to build up your capacity. It's open source and free to use naturally. So you can go and have a look at that after this. I'll put a comment in the chat. And this report is also published on our website. I'll put a link to that as well. I'd love feedback, questions, ideas, big gaps, things we've missed. I'd really love a discussion on it, so please do free to follow up with me. Great, and maybe we have a few minutes also to have a discussion now. Nora, you invited to also come back onto the stage, I guess it is here, because we have a great discussion already happening in the chat. So I'm thinking maybe we pick up on that a little bit. There was a question originally asked by Johannes to you, Nora, about the unique risks of using open source, let's say, supposed unique risks not to upset anybody. Johannes mentions incidents such as left pad and the hard feedback. And of course the situation that I think everybody is aware of and that we're gonna talk about it a little bit in the next section on digital infrastructure that sometimes an extremely critical project is being supported by very few individuals or maybe even only one individual. And then something goes wrong and suddenly half of the internet has a big issue or maybe even the whole internet has a big issue. I also have some thoughts on it, but it's interesting. Today, actually, Open Dollar Foundation published a report on a sovereign tech fund. That's kind of interesting, maybe have a look at that because the ministry, I think it's the ministry of economy in Germany funded this, a sovereign tech fund essentially supporting financially, supporting basic open source infrastructure. So that's kind of a hot off the press situation. But okay, now I'll hand it to you, Nora, and of course Emma also feel free to jump in. I'm sure there's a lot of thoughts on that regarding resilience. Yeah, so thank you for the question Johannes. So the way we decided to split out this presentation was indeed that I emphasize a lot of the positive aspects of open source and then Emma had some caveats on how to make open source projects a success, right? So, but in the actual trigger study, we actually talk also about exactly the issues that you mentioned, Johannes. So basically, yes, it is critical, which also I think chance with Emma's presentation, right? It is critical to have the organizational capabilities to make sure that open source is actually used in a successful way, right? So what we suggest in the trigger study is that especially if OSS is used in domains with high safety requirements, it is vital to ensure that good security measures are in place and what we mean by that is that vendor selection processes must follow high standards, testing procedures must be best in class and any licensing issues also must be fully worked out before deployment. And then to talk about what you said, there's often, you know, you said small group of people that maintains the code and that can be an issue because they can't do everything. Yes, that is true. And so we think some of these internal procedures that I just mentioned would help with that. But then also there is sometimes the issue that actually a vulnerability is known, but organizations don't remove it from their own code based if you think about the active effects breach, that's exactly what happened, right? So it would be really important that governments also then make sure that, you know, there is maintenance, good maintenance of regular maintenance of the code base, right? And that any known vulnerabilities are also tracked and removed. So yes, there do need to be some steps in place that have to do with the fact that it's often a small group of people that is maintaining the code, right? And so organizations need to be aware of that. Yeah, and I'll just add to that. I think it's the case for any software, you know, that there's, it's well known now that security issues is going to come up whether it's proprietary or open source. So I think as a government, it's your responsibility to know what you're going to do about it when that problem does occur. So if it's proprietary software, then the responsibility is quite clear. You know, you can go to that source. If it's open source and it's maintained by a community, well, perhaps it's your responsibility to dive on in there. I don't have an answer, but I think you need to know what your response is going to be. Yeah, and I agree there can be made an argument for saying that governments have a role here to support kind of these basic important infrastructure elements that a lot of people rely on and are in some sense public goods. And that's really, you know, that's really something where you can construct a case for the government. I also thought maybe it's interesting, Simon asked a question to Emma and I, this is a bit, this might be something where you have a lot of experience which is on how can you make, let's say procurement rules that are favorable to our open source, implementable, better implementable, increase the efficiency of implementation. I also have maybe two sentences to say, but I'll let people want to hear from you. I would love to be able to solve this. I think it's, remember, it goes back to your objectives is what is open source unlocking for you and putting that into your procurement, not and getting away from it must be open source. So open APIs, open standards, all the things that complement that should actually lead your procurement in that direction. So I think we need to break it down and that will help when it comes to procurement. And a secondary point is just in principle and someone else asked about escalating risks in IT projects. The bigger it gets, the more likely it is to fail. That's pretty well known. Starting small and experimenting favours open source and is generally a good thing to do. So if you can start at experimentation scale and build up from there, that should also help in the longer term. But that is a study of its own that I would love to do and actually find best practice because we asked everyone we interviewed about this and didn't get really great answers of best practice, to be honest. Like maybe just two sentences from my side because we also looked at it in the commission study and Simon mentioned here enforcement and that is very interesting because that's one of the aspects if you looked and there were a few cases around the world where countries tried to use enforcement towards their own administration to bring, let's say, implementation efficiency towards these laws that they have but those approaches all failed. It was completely impossible, it showed that they have to be completely impossible to try to force the own administration to implement this. And so one thing that we say a lot these days is the aspect of culture and awareness and trying to create an open innovation and openness culture within the organization within those parts of the organization that interact with IT and through that and this is where we have really seen approaches succeeding through that getting a more successful implementation of such mandates and then even the mandate isn't maybe not necessarily necessary. Something that also the commission is now I know looking into a little bit regarding interoperability, cross-border interoperability in the EU specifically an open source but trying to kind of improve cross-border public sector interoperability and how to make it happen because the commission sees itself in a position to kind of facilitate this but kind of wondering itself how can we kind of make that efficient? And so the question between enforcement and encouragement I guess maybe it's a little bit there. Noa, if you want to also reply to that one don't let me stop you otherwise I would maybe ask another question that somebody asked because Stuart asked Emma, you also regarding the custodian model if you want to you can explain it very quickly where I think one in a group takes responsibilities for government safety security and other administrative activities so to kind of link up especially smaller market actors in such a procurement situation because they often find it difficult to react to big complex procurement calls, et cetera. If you had looked at this if this is maybe part of what you're looking at. So we didn't look at this interestingly say that from the procurement aspect we didn't look at it from that angle. We did hear very favorably about a couple of big open source projects where they have very clear ownership. So DHIS2 which has really close relationships with I think it's the University of Oslo as a custodian. There's one called Moja Loop which has clear ownership as well but it kind of has external funders. So I would say we came across a couple of examples of where this has worked well. And I think in general it's a very positive model that we should be doing more of or we need to have more of. All right. Sorry I couldn't respond just then I had to switch my microphone off and I'd lost you for a sec while I was doing it. Yeah, thank you, Emma. I did hear your response there. They actually bumped into Moja Loop on Friday just out of chance. And we were discussing that very point about the custodian model. Yeah, the custodian model really is what it considers is what are all of the actors that might be needed to service a public sector customer. And from the conversations with Crown Commercial a few years ago, they of course have on one side the desire to have a single supplier or five suppliers because it makes life easier for them in some respects. Equally, they don't like the flavor of the monopoly that that then brings. And so you have this dichotomy as to what they need. And the custodian model becomes the abstraction between what they really need which is a small amount of organizations to deal with certainly from safety, security, governance all of that from a customer perspective trivia that really they don't want to have to worry about or they want to have someone who they can offset the risk to. Whilst having that innovation that federated supply chain with resilience and redundancy across different organizations and no one organization who can from the supply side distort what the customer is trying to do. So that's really the concept around the custodian. It considers the technical service providers and the governance. This has worked very well through a project in the NHS which I think is probably the second most successful healthcare open source project that's happened rapidly gaining pace through the UK and it has communities of clinicians working together as the product design team and technical service providers and so on. So it's a really good example. And I think when you talk about best practice certainly from my perspective and following this for the last six or seven years it does seem to be a very solid approach and it is delivering against that. So I'd be very happy to talk further with you after this. Yeah, sounds good. And I think the scope of our study was quite narrowly on actions governments can take. So it'd be interesting to know how you see them what their role is in encouraging that kind of model. But let's take that one offline I think. Yeah, hold it.