FOSS in the Italian public administration: fundamental law principles

Simone Aliprandi,a Carlo Piana,b

(a) ph.d. in Information Society, lawyer at Array and founder of Project; (b) lawyer at Array and General Counsel (external) Free Software Foundation Europe.

DOI: 10.5033/ifosslr.v5i1.84


We take a first reading of the recent modification to the fundamental law that governs the digital aspects of the Public Administration in Italy. These modifications require Public Administrations to prefer internally made solutions and FOSS solutions over proprietary ones, mandate an increased degree of interoperability and strengthen the push for open data.


Italian law; information technology; Free and Open Source Software; public administration; e-government; public sector information; reuse of software programs; open by default;



The Codice dell'amministrazione digitale (“Digital Public Administration Act”, also known with the acronym “CAD”) is the most important Italian law about e-government. It includes provisions that govern the use of information technology as a privileged communication channel between Italian citizens and all the public administration system.

CAD's Article 68 establishes  the core rules for all  aspects related to openness in the Italian public sector: free and open source software1 (“FOSS”, par. 1 and 2),  open formats and open data (par. 3). During 2012, these paragraphs underwent some important changes which created an unprecedented opening, inter alia, in favour of a preference for FOSS in the Public Administration.

Free and open source software, as well as in-house made or ad-hoc developed solutions or reused software, takes precedence by law (first reform)

The part of Art. 68 dealing with software procurement rules in the Public Administration was initially modified by Law 134/2012, approved by the Italian Parliament on August 7, 2012.

Here is an English translation of Par. 1 of Art. 68, resulting from this first reform. The first part remained unchanged and read:

Public administrations must acquire computer programs or parts thereof as a result of a comparative assessment of technical and economic aspects among the following solutions available on the market:

a) develop a solution internally
b) reuse a solution developed internally
c) obtain a free and open source license
d) obtain a proprietary license of use
e) a combination of the above

After this paragraph, that makes FOSS an overriding choice by law, the following language was initially added :

Only when the comparative assessment of technical and economic aspects demonstrates the impossibility to adopt open source solutions or any other software solution already developed (at a lower price) within the public administration system, the acquisition (by license) of proprietary software products is allowed. The assessment referred to in this paragraph shall be made according to the procedures and the criteria defined by the Agenzia per l'Italia Digitale, which, at the instance of interested parties, also provides opinions about their compliance.

Second reform: enter the cloud option, some refinement

On December 17, 2012 a new law (commonly known as "Italian Digital Agenda Reform") was approved by the Italian Parliament: a broad-spectrum legislative package about digital innovation for all the Italian Public Administration information systems. It adds a further amendment to Article 68 of CAD.

With this amendment, Italian Public Administrations can choose between 6 options (and not 5 as it was in the previous version): cloud computing solutions are expressly included in the type of solutions that can be evaluated in the procurement process.

What is interesting is that the rest of Article 68 is quite different and more detailed. The principles governing the comparative analysis that every Public Administration is required to perform before choosing one of these 6 options is now set out in Paragraphs 1-bis and 1-ter.

Here is a complete version of the current wording of Par. 1 of Art. 68 CAD:

1) In accordance with the principles of economy and efficiency, return on investment, reuse and technological neutrality, public administrations must procure computer programs or parts thereof as a result of a comparative assessment of technical and economic aspects between the following solutions available on the market:

a) develop a solution internally;
b) reuse a solution developed internally or by another public administration;
c) adopt a free/open source solution;
d) use a cloud computing service;
e) obtain a proprietary license of use;
f) a combination of the above.

1-bis) For this purpose, before procuring, the public administration (in accordance with the procedures set out in the Legislative Decree 12 April 2006, n. 163) makes a comparative assessment of the available solutions, based on the following criteria:

a) total cost of the program or solution (such as acquisition price, implementation, maintenance and support);
b) level of use of data formats, open interfaces and open standards which are capable of ensuring the interoperability and technical cooperation between the various information systems within the public administration;
c) the supplier's guarantees on security levels, on compliance with the rules on personal data protection, on service levels [,] taking into account the type of software obtained.

1-ter) In the event that the comparative assessment of technical and economic aspects, in accordance with these criteria of paragraph 1-bis, demonstrates the impossibility to adopt an already available solution, or a free/open source solution, as well as to meet the requirements, the procurement of paid-for proprietary software products is allowed. The assessment referred to in this subparagraph [more correctly: “the above subparagraph”] shall be made according to the procedures and the criteria set out by the Agenzia per l'Italia Digitale, which, when requested by interested parties, also expresses opinions about the compliance with them.2

Some comments about the criteria and the role of the Agenzia per l'Italia Digitale

It is apparent how the criteria established to evaluate the "value for money" of the different solutions are now more detailed and encompass a larger spectrum of factors, in comparison with the former version of the law, which was more blunt and mainly referred to the "price" factor. However, the law is far from clear as to how the different factors must weigh in the evaluation, if they are all equal, if any can be completely ignored.

Here enters the Agenzia per l'Italia Digitale3 (literally: Agency for a Digital Italy), which is in charge of defining practical rules for such evaluation. The Agenzia has a really difficult task, as the law is not technically well drafted. Besides the poor definition of the criteria and their scope, there is uncertainty as to what is the mandate of the Agenzia. The latter is in charge of defining the criteria "as per this subparagraph”, where the criteria for such evaluation are actually defined in the earlier paragraph. But this is easily resolved. It is our opinion that the principles and criteria for the evaluation remain the same, whereas paragraph 1-ter adds a further and special requirement for the adoption of proprietary software (and arguably cloud services). Such requirement being that the evaluation must show that the inadequacy of available solutions under the first two categories (development of an ad hoc solution –which is then available for reuse to other PAs– or reuse of an existing one already developed for the PA; and free/open source) reaches an “impossibility level”   Finally, it is also uncertain which metrics can be used, if a given model shall be preferred and so on.

One thing seems very clear, the procurement of proprietary solutions (or of cloud services for that matter) is an extrema ratio, available only if previous solutions fail. The evaluation between ex ante equally viable solution shall happen only between the preferred ones, otherwise the entire paragraph would lack any conceivable purpose and its words would be read against their very meaning. The only latitude that the Agency can arguably take is to define when "impossible" is impossible, in other words, to establish when no viable solutions exist and therefore the proprietary solution is by far the obvious winner.

This is a great achievement. FOSS solutions are to be preferred, and to a great extent. It is noteworthy that even when a software solution is made internally by the PA, it must be made available for reuse (i.e., offered at no licensing costs and accompanied by the complete source code to all other PA requesting it) to all other PAs.4  One of the simplest form of reuse is to share it under a public FOSS license.

Interoperability as a mandatory goal

Paragraph 2 of Art. 68 has not been touched by the two recent reforms presented above (its last modification dates back to 2010). However, its content is relevant and also noteworthy. It establishes interoperability as a basic principle to achieve true openness in the public sector.

2) In the preparation or acquisition of computer programs, public administrations, whenever possible, must adopt solutions which are: modular; based on functional systems disclosed as stated by Article 70; able to ensure the interoperability and technical cooperation; able to allow the representation of data and documents in multiple formats, including at least one open-ended (unless there are justifiable and exceptional needs).

2 bis) The public administrations shall promptly notify the Agenzia per l'Italia digitale the adoption of any computer applications and technological and organizational practices they adopted, providing all relevant information for the full  of the solutions and the obtained results, in order to favour the reuse and the wider dissemination of best practices.

Although this is clearly a provision that does not favour any licensing or business model, it is apparent that it creates an environment where FOSS licensing has a certain edge, at least in principle, because of the possibility to peruse the permissions that are embedded in it even without the cooperation of the copyright holders.

A new “open format” definition and the “open by default” principle in PSI

Another part of Article 68 which was involved in the second reform discussed above  is Paragraph 3. This part of the Article provides a definition of two relevant aspects that contribute to define a healthy ecosystem for FOSS.

The first definition is about open formats:

an open format is a data format which is public, documented exhaustively and neutral with respect to technological tools for the use of data

The second definition relates to open data.  

open data are data that:

1) are available under the terms of a license permitting their use by anyone, even for commercial purposes, in disaggregated format;

2) are accessible through the information and communication technologies, including public and private telecommunication networks, in open formats; are suitable for automatic processing by computer programs and equipped with relative metadata;

3) are available for free through the information and communication technologies, including public and private computer networks, or are available to the marginal costs incurred for their reproduction and dissemination.5

But this is not the entire story. The Italian lawmaker decided to introduce an open by default” principle for all the public sector information. This choice, that sounds quite revolutionary for the Italian legal order, has been made operational by  modification of Article 52 (entitled "Electronic access and re-use of public administrations' data"), where we now find the following paragraph:

Data and documents, which the public administrations own and publish without the express adoption of a proprietary license (as defined in Article 2, paragraph 1 of Legislative Decree 24 January 2006, n. 36), are released as open data in accordance with the definition provided in Article 68, paragraph 3.

This provision is particularly important as it paves the way to open data by the Public Administration to an unprecedented level. Although it does not actually mandate the open data principle, and by all means it does not per se mandate the publication of data in general, it requires an actual decision when desiring to restrict the use of data that are published.

This also marks an additional U-turn in the field. Before this legislation, Italian PAs were facing a constant threat from a restrictive reading of the liability rules of public officers. Said reading was that if the PA could have been in the position to obtain benefits from the release of data (even to other Pas!) for a monetary compensation and failed to do so, the public officer making this decision could be asked to restore the loss suffered by the PA. Now, with the enactment of the opposite principle, the decision is clearly authorized –nay, defaulted to– by law, and it becomes clear that the widest release open data is a goal of the Public.

Conclusions and perspectives

To our knowledge,  Italian law is the farthest-reaching law to date  favouring the use of FOSS in the Public Administration and the general openness of their IT systems to create a public commons created by public money. The decision was made in a dire situation of the national economy and inspired by practical reasons (spending review) rather than idealistic ones. It seems however a new direction that can hardly be changed. Only it can be made less compelling by a slack implementation, if not outright non compliance.

Vigilance is therefore required.

A simple flowchart of the process for evaluating available software solutions



About the authors

Simone Aliprandi is an Italian lawyer and independent researcher who is constantly engaged in writing, teaching and consulting in the field of copyright and ICT law. He has an additional degree in Public Administration Science and he holds a Ph.D. in Information Society at the Bicocca University of Milan. He founded and still coordinates the project and has published several books devoted to openculture and copyleft. He also collaborates as a legal consultant with Array (

Licence and Attribution

This paper was published in the International Free and Open Source Software Law Review, Volume 5, Issue 1 (MARCH 2013) It originally appeared online at

This article should be cited as follows:

Aliprandi, Simone and Piana, Carlo (2013) 'FOSS in the Italian public administration: fundamental law principles', International Free and Open Source Software Law Review, 5(1), pp 43 – 50
DOI: 10.5033/ifosslr.v5i1.84

Copyright © 2013 Simone Aliprandi, Carlo Piana.

This article is licensed under a Creative Commons UK (England and Wales) 2.0 licence, no derivative works, attribution, CC-BY-ND available at

As a special exception, the author expressly permits faithful translations of the entire document into any language, provided that the resulting translation (which may include an attribution to the translator) is shared alike. This paragraph is part of the paper, and must be included when copying or translating the paper.

Carlo Piana is the General Counsel (external) of the Free Software Foundation Europe and an Editor of this Review. An Italian lawyer in private practice, he advises a number of Public Administrations on open data and reuse of software through FOSS licensing. He is the founder of Array (, a group of IT lawyers focussed on FOSS and digital liberties.

1The law indeed uses both naming convention: “free/libre” (libero) and “open source” (codice aperto)

2An updatetd and verified text of the CAD is available at Last accessed on 2013-03-19.

3Carlo Piana is also a member of the consulting commitee appointed by the Agenzia to advise in the process of defining the evaluation criteria, called for at

4See Art. 69 CAD, which provides the basic principles for the so-called “reuse of software programs” (within public administrations). Here is an English translation of par. 1: “Public administrations owning computer programs made on specific demand by the public sector have a duty to give them in source code form, with the complete documentation, at no charge, to other public administrations that require them and want to adapt them to their needs, unless justified reasons.”

5The Agenzia per l'Italia digitale shall establish, with deliberation, exceptional cases, identified according to objective, transparent and verifiable, in which they are made available at higher rates to marginal costs. In any case, the Agency, in the treatment of exceptional cases identified, will follow the guidance provided by Directive 2003/98/EC of the European Parliament and of the Council of 17 November 2003 on the re-use of public sector information, implemented by legislative Decree 24 January 2006, n. 36.