Germany digital public infrastructure APAC

Germany Open-Sources Its Tax Portal's Engine, Betting Reusable Code Beats a Centralized Sovereignty Stack

By publishing the A12 platform behind ELSTER under EUPL 1.2, Germany treats reusable, auditable code — not a single unified system — as its fastest path to digital sovereignty.

Germany's A12 Open-Source Release, By the Numbers People of Internet Research · Germany 40M+ Active ELSTER users A12 has run Germany's national tax… EUPL 1.2 License Germany published A12 under the EU… ~€250M Sovereign AI cloud value STACKIT's parallel BMDS cloud-foun… ~€12B 2025 sovereignty commitments Investment tied to the German-Fren… peopleofinternet.com
Germany's A12 Open-Source Release, By … People of Internet Research · Germany 40M+ Active ELSTER users EUPL 1.2 License ~€250M Sovereign AI cloud value ~€12B 2025 sovereignty commitments peopleofinternet.com

Key Takeaways

On May 27, 2026, the Bavarian State Office for Taxation (BayLfSt) and its software partner mgm technology partners published the source code of A12 — the low-code platform that has run ELSTER, Germany's national online tax portal, for more than a decade — on openCode, the federal government's own open-source registry, and on GitHub. The license is EUPL 1.2, the EU's own copyleft license, not an off-the-shelf US-authored one. That choice is itself a small sovereignty statement: Germany is publishing under a license the European Commission wrote and maintains.

What was actually released

A12 is not ELSTER itself, and it is not a finished tax app anyone can install. It is the modeling engine, runtime, and accessible UI/UX design system that has let BayLfSt's teams build ELSTER's forms and workflows without hand-coding each one — infrastructure that opencode.de says now serves "over 40 million users actively" and has been in production for more than ten years. mgm executive Sergio Lerena called the release a foundation for "digital sovereignty in the public sector," while BayLfSt's Andreas Koch framed it as reducing "independence from commercial third-party systems across broader parts of German public administration," per mgm's release notes. Crucially, the repository ships read-only for now: external contributions aren't yet accepted. This is publication, not yet a community project.

Where it fits the Deutschland-Stack

The release lands as Germany's Federal Ministry for Digital Affairs and State Modernization (BMDS) works through its Deutschland-Stack program, which the ministry describes as pursuing "a high-performance German cloud infrastructure with a focus on open interfaces, Europe-wide standards" and "greater use of open source technologies," per BMDS's own digital-sovereignty page. That page also notes 2025 commitments of roughly €12 billion tied to a German-French sovereignty summit and 18 partnerships. Separately, STACKIT confirmed in May 2026 that it will supply the cloud foundation for a federal AI platform carrying an estimated €250 million project value. A12 is a comparatively small, app-layer piece of that larger sovereignty push — but it's the piece that's actually shipped and running at national scale, rather than a procurement announcement.

The steelman: this could be sovereignty theater

Skeptics have a fair case. A read-only repository with no external contribution path is not the same as an open community project — it doesn't yet let another state's IT department fork, patch, and upstream fixes the way a live open-source project would. Critics of Europe's broader "EuroStack" debate — which the European Parliament has been holding conferences on, per the Atlantic Council's survey of global DPI models — argue that publishing application-layer code doesn't touch the harder sovereignty problem: dependence on non-EU chips, hyperscaler cloud, and undersea connectivity. One Bavarian tax office open-sourcing its internal tooling, however well-intentioned, doesn't by itself prove other German states or EU members will actually adopt it instead of continuing to buy Microsoft Power Platform, ServiceNow, or Salesforce licenses. Sovereignty announcements have a track record of outrunning sovereignty deployments.

Why the release is still the right call

That caution is warranted, but it argues for finishing the job, not for withholding the code. A read-only release is still a meaningfully lower-risk starting point than a closed system: it lets other Länder, municipalities, and EU member states audit exactly what runs a system 40 million people already rely on, before committing budget to it — the opposite of the opaque, single-vendor lock-in that has made past e-government procurement so brittle. The Atlantic Council's comparison is instructive here: India Stack's Aadhaar-UPI-DigiLocker layers succeeded not because India built one monolithic sovereign system, but because it published open APIs that let banks, startups, and other agencies build on a shared foundation without asking permission each time. Estonia's X-Road took the opposite architectural path — no central authority, peer-to-peer data exchange — and still delivered comparable resilience. Both prove the same point: durable digital public infrastructure comes from reusable, inspectable components that other builders can adopt piecemeal, not from a single stack imposed top-down. A12's EUPL license and its ELSTER pedigree — a system that already survives tax season at national scale — make it a stronger reference implementation than most greenfield "sovereign cloud" pilots announced without a single production user.

What to watch

The real test isn't the GitHub commit history — it's whether BayLfSt opens the repository to outside contributions, and whether a second German state or a peer EU tax authority actually deploys A12 rather than treating the release as a one-off PR moment. If Germany wants A12 to function as genuine digital public infrastructure rather than a symbolic gesture, the sequel to "open the code" has to be "open the governance." Until then, this is a well-sourced, well-timed proof of concept — not yet the DPI layer Europe's EuroStack debate is reaching for.

Sources & Citations

  1. openCode.de — A12 platform listing
  2. BMDS — Digital Sovereignty
  3. mgm technology partners — A12 open-source release
  4. Atlantic Council — Global DPI Models
  5. STACKIT — Sovereign AI cloud foundation