The European Commission has spent years advocating for open standards, vendor neutrality, and digital sovereignty. The European Interoperability Framework explicitly recommends open formats for public sector digital services. The EU’s own Open Source Software Strategy calls for reducing dependency on proprietary technologies, and the Cyber Resilience Act itself is designed to address systemic risks from unaccountable technology dependencies.
On March 3rd, 2026, the European Commission published a request for feedback on to the guidances to be provided in relation to the CRA, which must be provided through the linked spreadsheet in .xlsx format, a proprietary format that makes interoperability extremely difficult due to its ever changing and undocumented features.
This is not a minor procedural oversight. It is a structural bias built into the process which sends out a clear message: full participation in EU policymaking requires a Microsoft licence.
We ask the European Commission to lead by example by following its own guidances in relation to interoperability and at to least provide, alongside the proprietary format generated by the proprietary software and services they use, also an Open Document Format (ODF) file which is an actual interoperable and internationally recognised standard.
While the Commission evaluates plans to upgrade its infrastructure and services to Open Source solutions, with the aim of improving resiliency and reduce risky dependencies, it should implement in its standard procedures the release of documents in ODF format to allow all citizens, organisations and institutions to participate in the democratic processes.
#CyberResilienceAct #OpenStandards #DigitalSovereignty #OpenSource #LibreOffice #ODF
CALL FOR ACTION
The Document Foundation is asking Free and Open Source Software (FOSS) foundations, projects and advocates to support this campaign by signing the following letter:
Dear Commission representatives,
We are writing to provide feedback on a procedural matter that, while perhaps appearing minor at first glance, carries significant implications for the principles underpinning EU digital policy — in particular the commitments to open standards, interoperability, and vendor neutrality that the Commission itself has championed in multiple legislative and strategic contexts.
The stakeholder feedback template for the Cyber Resilience Act Guidance document has been made available exclusively in Microsoft Excel format (.xlsx). This choice is, respectfully, difficult to reconcile with the Commission’s own stated commitments.
The .xlsx format is a proprietary format defined and controlled by Microsoft Corporation, a private entity incorporated in the United States. In fact, although OOXML (ISO/IEC 29500) has been approved as a standard, its implementation has never complied with the specifications of the standard itself, as widely documented in the literature on interoperability. Requiring participants to use this format as the sole vehicle for structured data entry effectively conditions participation in a public consultation on the availability or willingness to use software produced by a single supplier.
This stands in direct contradiction to several principles the EU has advanced:
• The European Interoperability Framework (EIF), which recommends the use of open standards in public sector digital services and the avoidance of lock-in to proprietary technologies.
• The Open Source Software Strategy 2020–2023 and its successor, which promote the use of open source and open standards across EU institutions.
• The spirit, and arguably the letter, of the very Cyber Resilience Act itself, which seeks to reduce systemic risk arising from dependency on unaccountable or opaque technology components.
A consultation process that requires respondents to use a proprietary format produces a structural bias: it disadvantages individuals, organisations, and public administrations that have made the entirely legitimate and EU-endorsed choice to operate on open source software and open formats. A citizen or small organisation using LibreOffice, for instance, may encounter compatibility issues when working with the provided .xlsx template. A government body that has migrated to ODF-based workflows faces an unnecessary obstacle.
The remedy is straightforward. Feedback templates of this kind should be provided in at minimum two formats: one open format (ODF spreadsheet, .ods, being the obvious choice, as it is a true ISO-standardised format with no proprietary ownership) and one widely-used proprietary format for those whose environments require it. Ideally, a plain-text or web-based form would supplement both, removing the spreadsheet dependency entirely for respondents who prefer it.
The Commission’s credibility on digital sovereignty, open standards, and vendor-independent infrastructure is undermined — symbolically but meaningfully — each time its own processes rely exclusively on proprietary formats from non-European technology vendors. The CRA is precisely the kind of legislation where procedural consistency with stated principles matters most.
We respectfully urge the Commission to review its template distribution practices and to adopt a format-neutral approach to stakeholder consultation as standard policy going forward.
Yours faithfully,
Board of Directors
The Document Foundation
Berlin, March 5, 2026
Since there is no email address for feedback, we suggest sending a copy of the letter or a message supporting it using one of the following forms:
https://european-union.europa.eu/contact-eu/write-us_en
https://digital-strategy.ec.europa.eu/en/write-us
or the following email address:
