Description of solutions¶

Article 68(1) of the CAD indicates the types of solution subject to comparative analysis by type of software:

‘Public administrations acquire computer programs or parts thereof in accordance with the principles of economy and efficiency, investment protection, reuse and technological neutrality, following a comparative technical and economic assessment of the following solutions available on the market:

1. software developed on behalf of the public administration;
2. the reuse of software or parts thereof developed on behalf of the public administration;
3. free software or open source code;
4. software that is usable through cloud computing;
5. proprietary software through the use of a user licence;
6. a combination of the previous software solutions’.

The following list of definitions describes the six solutions provided by the legislation:

A - Software developed on behalf of the public administration A solution also known as the ‘make option’: the public administration entrusts the development of the software (either from scratch or through modifying existing software) to a supplier and the latter undertakes to deliver the developed software to the public administration on the basis of the defined requirements. For example, during the software life cycle (analysis, design, development, testing, release, maintenance) the public administration may take care of the analysis and design phases, defining the software requirements and then entrust the development to the supplier.

B - Reuse of software or parts thereof developed on behalf of the public administration ‘Reuse’ of a public administration software solution (or components thereof) that already exists and is available.

C - Free software or open source code software licensed under an open source licence (see 1.7 Glossary). In particular, this refers to all software distributed under an OSI-certified license (complete list), as described in 3.5.2 Open software licences.

D - Software that is usable through cloud computing A solution in which the public administration acquires the software as a service. This solution does not include HaaS (Hardware as a Service) and IaaS (Infrastructure as a Service).

E - Proprietary software through the use of a licence Subject to proprietary software user licence conditions, to be installed ‘on premises’.

F - A combination of the previous solutions Software implemented with components belonging to more than one of the previous categories. For example, software in which a reused solution relies on open source middleware and accesses a proprietary database, with components specifically designed for the administration that is receiving the solution. In fact, this is the most common type currently used in public administrations.

In addition, Article 69(1) of the CAD states that

‘public administrations that are owners of IT solutions and computer programs made to the specific specifications of the public client, have the obligation to make the relevant source code available, complete with documentation and released in a public repository under an open licence, free of charge’.

With regard to solution D) (Software that is usable through cloud computing), this is to be considered as a method for the provision of IT services, and therefore can be occasionally combined with categories A), B), C) and E).

Description of the assessment criteria¶

Below is a brief description of the criteria required for the comparative assessment of solutions, for each of the criteria listed in Article 68(1a) of the CAD.

Total cost In the context of this document, this is to be understood as the Total Cost of Ownership (TCO) of the solution, calculated over a time window appropriate to the context of the assessment, including the cost of migration to another solution (see also paragraph 2.4).

Use of open data formats The use, by the solution to be assessed, of standard and open formats (see Glossary) for the representation of data, metadata and documents, aimed at ensuring interoperability between the computer systems of public administrations and/or public service operators.

Use of open interfaces The use, by the solution to be assessed, of open interfaces, including Application Programming Interfaces (API), i.e. public, documented and freely implementable/extendible interfaces, to ensure interoperability between the computer systems of public administrations and/or public service operators.

Use of interoperability standards The adequacy of the solution to be assessed, ensuring interoperability between computer systems of public administrations and/or public service operators.

Security levels In the context of this document, this refers to the existence of suitable guarantees regarding the security levels of the solution regardless of the legal nature of the owner of the software and/or the service provider in cloud computing mode.

Compliance with data protection legislation This refers to the processes/procedures that comply with data protection legislation, regardless of the legal nature of the owner of the software and/or the service provider in cloud computing mode.

Service levels of the supplier This refers to the ability of the supplier to provide services in compliance with the metrics previously identified by the public administration in a Service Level Agreement (SLA).

Description of macro-phases¶

Given the varied nature of the solutions and the difficulty in making uniform quantitative comparisons, such as in the case of comparing a solution from which certain costs may be derived (an ‘on premises’ proprietary or cloud computing solution) with a solution to be implemented from scratch - for which only a feasibility study is available - it was decided to specify a decision-making process through the description of phases and their organisation into macro-phases.

The following diagram provides the macro-phases that characterise the decision-making process to follow up the comparative assessment provided for in Article 68 of the CAD.

The macro-phases identified are as follows:

MACRO-PHASE 1: This phase aims to define requirements by specifying the needs and constraints (organisational and economic) that affect the choices for the identification of a solution appropriate to the requirements of the administration;

MACRO-PHASE 2: In this phase the public administration considers the possibility of satisfying its own requirements by adopting a solution already in use by another administration (hereinafter referred to as a ‘reusable PA solution’) or free software or open source code (hereinafter referred to as ‘open source solutions’).

MACRO-PHASE 3: If macro-phase 2 does not allow the public administration to satisfy its requirements, the satisfaction of the same is pursued through the use of proprietary computer programs, through the use of a licence and/or from-scratch products.

In the following section, the macro-phases identified are divided into phases, describing the activities to be carried out in terms of criteria and methodologies to be adopted.

Phase 1.1: Needs analysis¶

The administration defines its own needs for the identification of the software solution. In doing so, it takes into account that defined in the Acquisition programme and in the Public works planning (Article 21 of Legislative Decree No 50 of 18 April 2016).

The activities anticipated in this phase are:

• an analysis of the context through the description of the characteristics of the administration: purpose, structure and organisation;
• a description of the operational flows involved in the software to be acquired, which the public administration puts in place as a follow-up to the administrative procedures;
• the optimisation assumptions for the flows in relation to the software to be acquired;
• identification of the ‘tools’ (definition of objectives) needed to implement the identified operational processes;
• declaration of requirements, i.e. the needs to which the software must respond, providing for a differentiation between indispensable and non-essential requirements.

This phase concludes with the:

• identification of the needs of the public administration.

Phase 1.2: Identification of constraints¶

The administration shall describe the constraints that will affect the supply of the software solution. The activities anticipated in this phase are:

• identification of the budget resources available (hereinafter T_budget) to ensure the availability and production of the solution to be acquired (possible data reclamation and migration from existing systems, installation, customisation, integration with existing systems, training, start-up support, management activities, payment of any surplus, etc.);
• estimate of the time required to implement the solution (hereinafter referred to as T_time), which the public administration can absorb;
• any standards and guidelines that the software should follow in its technical implementation, such as for example:
  • AgID Design guidelines (which also includes compliance with Law No 4/2004 on accessibility);
  • AgID interoperability guidelines;
  • AgiD guidelines on the development of secure software.
• any other constraints of interest of the administration.

This phase concludes with the:

• identification of constraints (economic and time-related) that affect the choices of the administration.

Phase 1.3: Drafting of the document describing the requirements¶

The administration shall draft a document describing its requirements to be used in the subsequent stages of the comparative assessment.

The activities anticipated in this phase are:

• drafting of the document describing the requirements, which shall contain the results of the previous phases 1.1 and 1.2.

This phase concludes with the:

• availability of the document describing the requirements.

Phase 2.1: Identifying reusable solutions for the PA¶

The administration identifies the candidate ‘reusable PA solutions’ that meet its requirements. The activities anticipated in this phase are:

• a search for ‘reusable PA solutions’ that currently exist within the Developers Italia platform.

This phase concludes with the:

• identification of ‘reusable PA solutions’ of interest to the public administration.

Phase 2.2: Assessment of reusable solutions for the PA¶

Whereas the previous phase 2.1 made it possible to identify at least one ‘reusable PA solution’ of potential interest to the public administration, through the implementation of this assessment phase the best ‘reusable PA solution’ shall be identified. Solutions that meet the majority of needs and require modifications or customisation are also eligible at this stage.

For each of the potential ‘reusable PA solutions’ of interest, steps shall be taken to:

• check that at the very least, they conform to the regulations in force, which are detailed on the software data sheet in Developers Italia. In particular:
  • compliance with the interoperability rules prescribed by the guidelines issued in implementation of Article 73 of the CAD;
  • compliance with data protection regulations;
  • compliance with minimum levels of security for public administrations.
  • compliance with accessibility requirements (Law No 4/2004).
• assess the quality of the solution through the following parameters, some of which can be found on the software data sheet in Developers Italia:
  • degree of coverage of functional and non-functional requirements;
  • the presence of an expert technician for the software in question;
  • the possible presence of agreements with third parties entered into by the owner administration and usable by the assessing administration, regarding support activities for the installation and/or customisation of the solution or, in any case, the methods of use for the solution itself (e.g. a regional in-house may make open source software available for its municipalities together with an agreement to provide installation and training services);
  • the presence of mandatory constraints and dependencies with other open software and/or proprietary software; for example, open source software may require a licence for a proprietary database, or it may require a licence for a proprietary API for a cloud service;
  • the presence and level of competence of the internal resources of the PA, as regards the management of environments and languages used in the solution;
  • the number and type of other public administrations using the open source project;
  • the viability of the open source project, through the assessment of visible indicators on the repository, such as code activity, release history, user community, longevity of the project, number of unique developers.
• estimate the Total Cost of Ownership (S:sub:TCO) as described in 2.7 Total Cost of Ownership (TCO), with particular attention paid to:
  • any software installation costs in the PA cloud or costs for using the software through SaaS mode, where present in AgID’s Cloud Marketplace;
  • any costs for the training of personnel, including those necessary for the training of the parties assigned to the management of the solution as well as those for its use by the end-users;
  • any costs required to integrate the solution with its own systems;
  • any customisation costs, including those necessary to ensure functional and non-functional requirements, not already present in the reusable software;
  • any costs for verifying compliance with the regulations in force.
• estimate the time for the production of the solution (hereinafter S_time);
• any other estimates expressing the specificity of the administration.

In order to follow up on the assessment of the above, the public administration will have to prove that, if not already in its possession, it is capable of retrieving all the necessary information in the manner provided for by the regulations.

Therefore, if:

• The cost (TCO) falls within the established budgetary constraints (S:sub:TCO< T_budget);
• Production times are compatible with the estimated times (S:sub:tempi< T_tempi);
• Any other impediments are respected.

the administration shall identify the solution best suited to its requirements on the basis of the assessment carried out. This phase concludes with the:

• determination of the best ‘reusable PA solution’, or possible absence of a solution.

Phase 2.3: Procurement of the reusable solution for the PA¶

If, following the previous phase 2.2, the administration has determined a ‘reusable PA solution’ that meets its requirements, it shall provide for procurement. The reuse process is described in 3.9 Reuse ofsoftware or use of open source software.

The comparative assessment shall be deemed to be complete.

In the event that the public administration has to bear costs during the procurement phase (e.g. customisation, installation, training), the administration shall acquire these services in accordance with Legislative Decree No 50/2016 and subsequent amendments and additions. (hereinafter referred to as the Public Contracts Code).

Phase 2.4: Identifying open source solutions¶

If it is not possible to identify a ‘reusable PA solution’, the administration MUST expand its search for solutions, which meet its requirements, to ‘open source solutions’, i.e. software released under an open licence but not owned by a public administration and therefore not published for reuse. Solutions that meet the majority of needs and require modifications or customisation are also eligible at this stage.

The activities anticipated in this phase are:

• identification of open source software projects whose ownership is attributed to parties other than public administrations. The identification process must be carried out, at the minimum, with the tools made available on Developers Italia, and can also be extended to other international platforms that manage open source software projects.

In identifying a solution, the public administration must verify:

• if the software licence is among those suggested in this document or certified by OSI (complete list).
• if the licence is compatible with the software licences that may be integrated with it and/or with its intended use;

This phase concludes with the:

• identification of ‘open source solutions’ of interest to the public administration

Phase 2.5: Assessment of open source solutions¶

If the previous phase 2.4 has led to the identification of at least one ‘open source solution’ of potential interest, the best ‘open source solution’ for the requirements of the public administration is identified in the assessment phase.

The assessment of open source software in this phase should follow the same assessment criteria as described for phase 2.2. Therefore, consider phase 2.5 as a duplication of phase 2.2, applied to a different set of software (third-party open source instead of reusable software).

This phase concludes with the:

• determination of the best ‘open source solution’, or possible absence of a solution.

Phase 2.6: Procurement of the open source solution¶

If, following the previous phase 2.5, the administration has identified an ‘open source solution’ that meets its requirements, it shall proceed with the acquisition. The acquisition process is described in 3.9 Reuse ofsoftware or use of open source software.

The comparative assessment shall be deemed to be complete.

In the event that the public administration has to bear costs during the procurement phase (e.g. customisation, installation, training), the same shall acquire these services in accordance with the Public Contracts Code.

Phase 2.7: Impossibility determination¶

In the event that it is impossible to identify a solution that satisfies, at least to a large extent, the requirements of the administration, between ‘reusable PA solutions’ and ‘open source solutions’, a document is prepared (without format constrictions) that justifies the reasons for the ascertained impossibility, which will be kept with the documents filed for the proceedings.

The public administration continues the comparative assessment exercise by following up with the phases anticipated within the next macro-phase 3.

Phase 3.1: Identifying proprietary solutions¶

The public administration must assess the proprietary solutions available on the market.

The administration must search for a solution with a proprietary licence, analysing the offerings in accordance with the Public Contracts Code.

The administration must verify that the licensed software meets the following requirements (i.e. the absence of even one of these makes the solution ineligible):

• compliance with the interoperability rules prescribed by the guidelines issued in implementation of Article 73 of the CAD;
• compliance with data protection regulations;
• compliance with minimum levels of security for public administrations;
• compliance with accessibility requirements (Law No 4/2004);
• capacity to export free of charge, at any time, the entire database (including any type of index or metadata used to implement the functionalities of the software itself) in standard format, open and documented, to avoid the occurrence of lock-in, as better specified in ANAC guideline No 8.

Among the software that respects the aforementioned requirements, the administration carries out a comparative analysis that takes into account the following criteria:

• assurance that the functional requirements not determined in macro-phase 1 comply with those indicated in the documentation;
• assessment of the suitability of the solution to interoperate with the systems already in use in the administration;
• any software installation costs in the PA cloud or costs for using the software through SaaS mode, where present in AgID’s Cloud Marketplace;
• any costs required to integrate the solution with the systems already in use by the administration;
• any costs for training personnel to manage and administer the proposed solution;
• calculation of the TCO and its adherence to the available budget determined in the previous macro-phase 1.

This phase concludes with the:

• identification of solutions with a proprietary user licence that meet the requirements of the administration.

Phase 3.2: Analysis of from-scratch solutions¶

The public administration, after having identified the existence or not of a proprietary solution suitable for its requirements, shall prepare a document containing a feasibility study [1] with an estimate of the activities, costs and time required for the implementation of a solution from scratch that fully meets the requirements indicated in the document concerning the analysis of needs, as described in 2.4.1 Phase 1.1: Needs analysis.

Phase 3.3: Comparison of proprietary and from-scratch solutions¶

In making a decision between the development of a from-scratch solution and the acquisition of a proprietary solution (the so-called ‘make or buy’ assessment), the administration assesses the advantages and disadvantages of both types of solution, using the following list as a reference point:

Advantages of acquiring a proprietary solution:

• quick commissioning;
• full guarantee and application risk borne by the supplier;
• supplier maintenance;
• lower acquisition or subscription costs than full development;

Advantages of developing a from-scratch solution:

• full compliance with needs and objectives;
• ease of management (importing and exporting) of data;
• medium/long-term TCO (Total Cost of Ownership);
• sharing of the solution and therefore optimisation of the costs of sustaining it;
• extension and updating;
• reuse by other administrations.

Disadvantages of a proprietary solution:

• periodic licences (monthly, annual subscriptions) or paid version updates;
• rigidity of the operative flow or inability to adapt to the operational organisation of the public administration;
• possibility of lock-in, i.e. excessive costs of changing the solution in the future;
• economic stability of the supplier.

Disadvantages of a from-scratch solution:

• more tasks to execute;
• greater need for coordination;
• longer commissioning times.

Phase 3.4: Procurement of proprietary or from-scratch solution¶

Following on from the previous phase 3.3, the administration identifies a solution, either with a proprietary licence or developed from scratch, which meets its requirements and provides for the procurement of the same according to the procedures set out in the Public Contracts Code.

If the from-scratch solution has been chosen, taking into account paragraphs 1 and 2 of Article 69 that govern the reuse of software that will be developed, please refer to 3.7 Developing software from scratch for information on how to develop this solution to comply with the paragraphs mentioned and thus enable it to be reused.

In the event that proprietary software is acquired under licence, please note that the administration must, where possible, acquire ownership of the developed code (as explained in 1.5 Ownership), so as to enable it to be reused.

The comparative assessment shall be deemed to be complete.

Identifying a code hosting tool¶

The release of software must be carried out through a code hosting tool, which is specialised in hosting and making distributed software available under an open licence. There are many solutions on the market, both free and commercial.

Since the purpose of Article 69(1) is to encourage reuse between administrations, the tool must follow best practices in terms of functionality for the publication of the source code, in order not to create additional costs for administrations hoping to find and use the software.

In particular, the tool must at least have the following functions:

• Free read access to the source code, without authentication;
• Free and unobstructed registration, open to the public;
• A web interface for viewing and browsing the code and its documentation;
• The use of a version control system with the functionality of managing parallel branches of development;
• An issue tracker system open to the public for read access without authentication and for write access following authentication;
• Implementation of at least one flow for sending modifications, code review and integration of the modification, fully managed by the tool, open to the public;
• A release management system;
• Availability of an API to interface with the tool and extract data and metadata related to the repositories.

To simplify the choice, in Annex A: Guide to publishing software as open source there is a non-exhaustive list of the main platforms on the market that meet the requirements.

Some platforms fully adhering to the minimum parameters are available in SaaS mode (i.e. they can be used directly via the internet without having to install a copy on a server), without any licence cost and without the need to sign contracts or conventions; selecting one of these SaaS platforms is therefore to be considered preferential, in the event that there are no other technical constraints (e.g. integration requirements), so as not to create direct or indirect costs for the administration.

The administration must choose a tool (or tools, where justified for organisational purposes) on which to release all the software it owns. Alternatively, in Annex A: Guide to publishingsoftware as open source,an alternative process is outlined that leaves the choice to the party responsible for developing the software and/or releasing it on behalf of the administration (whether this party corresponds to a resource that is internal or external to the administration).

Once one or more code hosting tools have been selected, the administration must provide adequate visibility of the tools on its web page, as detailed in the same guide (Registration of therepository on Developers Italia).

Registration of open software on Developers Italia¶

Software released by the administration must be ‘registered’ in the search engine of Developers Italia, to facilitate access by other administrations that are looking for reusable software.

The precise technical process for registration is indicated in the section Registering the repository onDevelopers Italia.

Responsibilities related to the release¶

The administration that owns the software does not incur any specific obligation related to the release: it is not necessary to provide a warranty with the software, technical or user level support, nor financially support administrations that reuse the software as regards costs or adoption procedures.

Context¶

It should be noted that the legislator, in drawing up Article 69, has clearly indicated that the objective is to encourage the reuse of the same software between several administrations. It is therefore important that the first consideration as regards the importance of the choice of the licence is to assess the impact that the licence text has on the possibility of reuse by other administrations.

Since the 1980s, the world of computer research and industry has produced numerous examples of licence texts for open source software, with the aim of creating a global software sharing model. As the complexity of applications increases, it has become increasingly important to work with ready-made components rather than to start developing code from scratch each time.

Open software licences¶

An open licence, as understood in Article 69 of the CAD, is a licence that grants the user of software the following freedoms:

• Freedom to use the software as desired, for any purpose, without additional costs or restrictions;
• Freedom to analyse how the software works and to modify it in order to adapt it to your needs;
• Freedom to redistribute copies of the software;
• Freedom to modify the software and publicly distribute the modified versions. [1]

Access to the source code, or equally to the format necessary to reproduce and modify the software, is a prerequisite for respecting these freedoms.

Open Source Initiative [2] (OSI) is an international organisation, recognised worldwide for the certification process of software licences that meet these requirements. An updated list of OSI-certified licences is available at the following address (in alphabetical order): https://opensource.org/licenses/alphabetical

Compliance with Article 69 of the CAD, with regard to selecting the licence, must be carried out by choosing a licence from those certified by the Open Source Initiative. Alternatively, the administration that wishes to independently provide for the drafting of text for a licence, may only use this text following certification by the Open Source Initiative, to verify its adherence with the principles of open software. The process of sending a licence for approval is detailed at this link: https://opensource.org/approval.

It should be noted that to uniquely identify licence text, SPDX categorisation [3] may be used, which associates each licence (or combination) with a unique identifier and full name. An updated list of identifiers and their licence texts is available at this link: https://spdx.org/licenses/.

Attached to the guidelines (Annex C: Guide to open source licences) there is a guide that delves further into the topic of open source licences, which outlines the categorisation of the main types of licences and their features.

Choosing a licence¶

A free software licence allows for the free use of the source code to which it refers, while imposing certain constraints that must be respected. As such, the integration of multiple free software components released under different licences requires a compatibility analysis of the same. Such an analysis may be overly complex if there are multiple licences involved, leading to additional costs.

In other words, a proliferation of different licences makes it more difficult and costly to reuse software, contrary to the objectives outlined in Article 69 of the CAD.

Use of the following decision-making process is recommended for selecting an open licence:

• If the software release refers to modifying existing open source software (i.e. software picked-up for reuse by another administration or owned by third parties), the administration will use the same licence with which the software was originally distributed, to facilitate maximum interoperability and reuse with other users of the same software;
• If it is new software, apart from the exceptions specified below, use the EUPL v1.2 licence (SPDX identifier: EUPL-1.2): https://spdx.org/licenses/EUPL-1.2.html. This licence, developed by the European Commission, has been selected as a ‘copyleft’ licence, guaranteeing maximum interoperability at European level, and has also been translated into Italian. There are only a few exceptions to this general specification:
  • if the software is mainly used online (e.g. via a browser), use the ‘GNU Affero General Public Licence’ version 3 or above (SPDX identifier: AGPL-3.0-or-later): https://spdx.org/licenses/AGPL-3.0-or-later.html;

This licence was chosen because, in addition to being compatible with most open source licences, it requires those who modify the code to release improvements even if it is used as part of a SaaS service.

• if software components with a wide range of applications (e.g. ‘software libraries’ and ‘SDKs’) are being released, use the ‘BSD 3-Clause’ licence (SPDX identifier: BSD-3-Clause) https://spdx.org/licenses/BSD-3-Clause.html;

This licence has been chosen to ensure that all stakeholders use it as freely as possible, allowing applications to be created based on such libraries, which can be released under any licence. These types of software components are normally used to facilitate interoperability with public administrations, and benefit from the emergence of ecosystems that include third-party applications, including proprietary software.

• For software technical documentation, use the Creative Commons licence CC-BY 4.0 (SPDX identifier: CC-BY-4.0) https://spdx.org/licenses/CC-BY-4.0.html. This licence was selected because it allows for easy reuse of documentation and code examples contained therein.

Please refer to Annex A: Guide to publishing software as open source for technical details on how to correctly embed the licence text to the source code at the time of publication.

Selected licences have a wide use in the open source ecosystem, therefore the ability to integrate third-party components released with compatible licences is maximised.

An administration that wishes to select a licence differently from that outlined here must justify their reasons, analysing the compatibility between the licenses adopted and those proposed here, ensuring that the choice does not limit opportunities for reuse and that it does not entail additional costs for administrations in the reuse phase.

Releasing new software under open licence¶

It is important that Article 69(1), which requires release under open licence, is considered from the outset of development and not only at the end of the entire process. The technical requirements for release are described in Annex A: Guide to publishing software as open source.

The costs incurred in carrying out the work described in the guide will be significantly lower if the technical specifications described are followed from the outset of development.

In the case of procurement, it is essential that the authorities always include Annex A: Guide to thepublication of software as open source among the tender documents, for example, in an annex to the technical specifications.

Conversely, if the administration were to be late in complying with Article 69(1), using a tender procedure subsequent to the completion of the former, it would incur additional economic costs.

Therefore, it is recommended to develop the software directly on the selected code hosting tool, from the early stages of design, without waiting for the preliminary version to implement the release.

Acquisition of ownership of software developed from scratch¶

As already discussed in 1.5 Ownership, the administration must ensure full ownership of software created from scratch. Please refer to the aforementioned section for further information.

Ownership of the code developed during maintenance¶

As already discussed in 1.5 Ownership, the administration must assume full ownership of software developed from scratch, including any portion developed during a maintenance contract. Please refer to the aforementioned section for further information.

Release of modifications under open licence¶

To release modifications to software, it is not possible to use the process previously described in 3.7.1 Releasing new software under open licence; in fact, this process, regardless of the extent of the modification, would create a second source code repository separate from the original, creating high costs for any administration that, having reused the original software, hopes to continue to benefit from its ongoing development.

The proper and cheaper way (both for the owner administration, and for those who hope to reuse the software in the future) to maintain software under open licence is to adopt a specific development process in which every individual change is carried out directly in the original repository containing the software, providing immediate evidence of the change that has occurred.

Furthermore, it is essential to communicate that the software is in the maintenance phase (by entering this information during the software registration in Developers Italia), so that other administrations can take this into account in the comparative assessment phase.

The entire process is described in technical detail in Annex B: Guide to maintainingopen source software. In the case of procurement, the administration is required to include the guide among the tender technical documents, for example as an annex to the technical specifications, so that suppliers have immediate evidence of the process required.

Support for reusing administrations¶

Even if there is no guarantee or technical or training support obligation on the part of the owner administration towards administrations that reuse the software, where the software is subject to upgrading maintenance, it is essential that the internal resources or companies in charge of such maintenance provide basic support to those who report specific issues, or who wish to make (at their own expense) changes to the software.

In fact, the reuse model, allows for multiple administrations to invest in the same software, each with its own budget, therefore incrementally adding to the value of the original software. However, for this process to work correctly, as a minimum, a technical coordination process between the public administration that maintains the software and the administration that intends to modify it is desirable. Furthermore, this provides an opportunity to share development plans and therefore investments between multiple administrations as regards the same software, with savings for public financing.

This process of supporting software modifications is also detailed in the same guide Annex B: Guideto maintaining open source software.

Software not yet released under open licence¶

If the administration initiates a process of maintenance for software that it already owns, but for which it has not yet released under an open licence, adding its initial release to the maintenance contract must be considered, because of the lower cost that is normally incurred compared to carrying it out separately.

Use of reusable or open source software¶

In general, it is not necessary to obtain authorisation from the owner of the rights to the software; in fact, the reuse model outlined for the use of open licences, allows for the adoption of software without the need to enter into any convention or to make a request for access: software published as described in 3.6 Releasing existing software under open licence, is immediately available for a requirements compatibility analysis, for customisation and for use.

As explained in 3.8.3 Support for reusing administrations, it is advisable to contact the current person in charge of software maintenance, to agree, in a technical sense, how to carry out the required modifications in the most effective way and coordinate economic efforts.

Modifications to reusable or open source software¶

From a regulatory point of view, modifications or customisations to software under open licence are subject to Article 69(2) and therefore must be implemented by acquiring full ownership of the code developed. However, the reuse of software without any modifications, does not constitute an obligation to release.

From the point of view of acquisition of ownership, the fact that the software being modified is not the property of the administration making the modification does not exempt the latter from the obligation to acquire ownership of the modifications developed. Please refer to 1.5 Ownership.

Conversely, at a technical level, the process for making changes is different from the maintenance process described in 3.8 Maintenance of software by the owner administration, since the interventions will take place on software that is not fully owned and therefore technical coordination is desirable, which was previously described in relation to opportunities and benefits in 3.8.3 Support for reusing administrations.

The technical process is detailed in Annex D: Guide to reusing open source software. In the case of procurement, the administration is required to include the guide among the tender technical documents, for example as an annex to the technical specifications, so that suppliers have immediate evidence of the process required.