In August 2025, we announced our sponsorship of the Open Source Initiative and launched Block’s Open Source Public Policy Lab. We set out five principles we believed should guide policy thinking on open source and we promised to back them with substance.

Today, we’re releasing Open Source as Critical Infrastructure, a white paper developed with input from our partner, the Open Source Initiative.

Open source: Block’s past and future

Block’s business has an open source heritage. From foundational infrastructure to the libraries and frameworks used daily in products across the world, software depends on decades of collaborative, open source, development. We’re not unusual in this. An estimated 96% of commercial codebases contain open source elements.

Over time, we’ve given back. OkHttp, our HTTP client for Java and Kotlin, is now the default on Android devices. Bitkey, our self-custody bitcoin wallet’s software, is released under a permissive MIT licence, which allows free use and adaptation. In December 2025, we contributed Goose, our agentic AI framework, to the newly formed Agentic AI Foundation under the Linux Foundation, alongside our founding partners Anthropic and OpenAI. Beyond software, we’re pursuing OpenIP, an evolution in our approach to intellectual property rights informed by open source principles.

Overcoming the tragedy of the commons

Harvard research estimates open source generates US$8.8 trillion in value annually, against supply-side costs of around $4.15 billion. The same study estimates that just 5% of developers create 96% of that value, most without compensation or institutional support. Everyone benefits, but without coordinated protection, the resource depletes through developer burnout, emergent security vulnerabilities, and project abandonment.

In reflecting on the state of technology, competition and progress, we landed on the idea that open source is critical infrastructure. It powers the tools we use every day and serves as the backbone of the internet. Despite its pivotal role, it remains undervalued in policy circles, poorly understood by regulators, and underfunded compared to the public investment we give things like roads, utilities, and research. The paper makes the case for treating open source as the public good it is.

Some governments have started to act. Germany’s Sovereign Tech Fund has invested €23.5 million in over 60 open source projects since 2022. The EU’s Cyber Resilience Act exempts non-commercial open source from compliance burdens while establishing voluntary security attestation programs. These are promising signals but remain exceptions.

Block’s policy proposals

The paper presents a set of targeted policy proposals for governments and regulators seeking to advance responsible adoption while protecting open source communities:

1. Public good investment: Sustainable funding, liability protections for maintainers, and security audits for critical open source projects.
2. Standing advisory groups to give policymakers direct access to technical expertise, modelled on precedents the European Commission has used successfully.
3. International coordination through bodies like the Financial Stability Board, IOSCO, and the BIS for proportionate, risk-based supervision across jurisdictions.
4. Sandbox testing of the kind the UK’s FCA has pioneered, allowing regulators to learn how potential rules might affect open source communities before they’re finalised.
5. Regulatory clarity for non-custodial developers who never hold customer funds.
6. Procurement reform so open source solutions can compete fairly in government tenders, reducing vendor lock-in.

An invitation

This white paper is a starting point. If you’re a policymaker, regulator, developer, or advocate with a stake in the future of open source, we want to hear from you. Get in touch at opensource@block.xyz.

Open source is a civic resource and a public good. It already powers the digital world. Let’s make sure it’s treated like one.