On May 27, 2026, the Bavarian State Office for Taxation (BayLfSt) and its software partner mgm technology partners published the source code of A12 — the low-code platform that has run ELSTER, Germany's national online tax portal, for more than a decade — on openCode, the federal government's own open-source registry, and on GitHub. The license is EUPL 1.2, the EU's own copyleft license, not an off-the-shelf US-authored one. That choice is itself a small sovereignty statement: Germany is publishing under a license the European Commission wrote and maintains.
What was actually released
A12 is not ELSTER itself, and it is not a finished tax app anyone can install. It is the modeling engine, runtime, and accessible UI/UX design system that has let BayLfSt's teams build ELSTER's forms and workflows without hand-coding each one — infrastructure that opencode.de says now serves "over 40 million users actively" and has been in production for more than ten years. mgm executive Sergio Lerena called the release a foundation for "digital sovereignty in the public sector," while BayLfSt's Andreas Koch framed it as reducing "independence from commercial third-party systems across broader parts of German public administration," per mgm's release notes. Crucially, the repository ships read-only for now: external contributions aren't yet accepted. This is publication, not yet a community project.
Where it fits the Deutschland-Stack
The release lands as Germany's Federal Ministry for Digital Affairs and State Modernization (BMDS) works through its Deutschland-Stack program, which the ministry describes as pursuing "a high-performance German cloud infrastructure with a focus on open interfaces, Europe-wide standards" and "greater use of open source technologies," per BMDS's own digital-sovereignty page. That page also notes 2025 commitments of roughly €12 billion tied to a German-French sovereignty summit and 18 partnerships. Separately, STACKIT confirmed in May 2026 that it will supply the cloud foundation for a federal AI platform carrying an estimated €250 million project value. A12 is a comparatively small, app-layer piece of that larger sovereignty push — but it's the piece that's actually shipped and running at national scale, rather than a procurement announcement.
The steelman: this could be sovereignty theater
Skeptics have a fair case. A read-only repository with no external contribution path is not the same as an open community project — it doesn't yet let another state's IT department fork, patch, and upstream fixes the way a live open-source project would. Critics of Europe's broader "EuroStack" debate — which the European Parliament has been holding conferences on, per the Atlantic Council's survey of global DPI models — argue that publishing application-layer code doesn't touch the harder sovereignty problem: dependence on non-EU chips, hyperscaler cloud, and undersea connectivity. One Bavarian tax office open-sourcing its internal tooling, however well-intentioned, doesn't by itself prove other German states or EU members will actually adopt it instead of continuing to buy Microsoft Power Platform, ServiceNow, or Salesforce licenses. Sovereignty announcements have a track record of outrunning sovereignty deployments.
Why the release is still the right call
That caution is warranted, but it argues for finishing the job, not for withholding the code. A read-only release is still a meaningfully lower-risk starting point than a closed system: it lets other Länder, municipalities, and EU member states audit exactly what runs a system 40 million people already rely on, before committing budget to it — the opposite of the opaque, single-vendor lock-in that has made past e-government procurement so brittle. The Atlantic Council's comparison is instructive here: India Stack's Aadhaar-UPI-DigiLocker layers succeeded not because India built one monolithic sovereign system, but because it published open APIs that let banks, startups, and other agencies build on a shared foundation without asking permission each time. Estonia's X-Road took the opposite architectural path — no central authority, peer-to-peer data exchange — and still delivered comparable resilience. Both prove the same point: durable digital public infrastructure comes from reusable, inspectable components that other builders can adopt piecemeal, not from a single stack imposed top-down. A12's EUPL license and its ELSTER pedigree — a system that already survives tax season at national scale — make it a stronger reference implementation than most greenfield "sovereign cloud" pilots announced without a single production user.
What to watch
The real test isn't the GitHub commit history — it's whether BayLfSt opens the repository to outside contributions, and whether a second German state or a peer EU tax authority actually deploys A12 rather than treating the release as a one-off PR moment. If Germany wants A12 to function as genuine digital public infrastructure rather than a symbolic gesture, the sequel to "open the code" has to be "open the governance." Until then, this is a well-sourced, well-timed proof of concept — not yet the DPI layer Europe's EuroStack debate is reaching for.