GDS Local’s Sourcing the Stack initiative forms part of GDS’s commitment to cocreating a shared vision for local government technology. An important step in this work is publishing a clear “to-be” technical architecture model, alongside a view of the products and components that could make up a common local government technology stack.
Part of this initiative will focus on identifying strong candidate products through different buy, borrow, build approaches, including evaluating open-source options for capabilities and other elements of the recently published Local Government Architecture Model. Our aim is to directly improve the experience of public services users by facilitating the introduction of technology that will enable more consistent, joined-up local public services across organisations, so people don’t have to repeat the same information or navigate different systems for related needs.
By sharing common, components and standards, services can work together more seamlessly behind the scenes, even when they are delivered by different departments or levels of government.
Attendees at LocalGov Drupal Camp 2025 in Westminster, UK. Photo by Jimmy LeeThis means simpler journeys for citizens, fewer hand‑offs and delays, and services that feel coherent and connected around people’s real‑world needs, rather than organisational boundaries.
A new source for the stackOrganisations such as Open UK have been considering a more joined up approach open source, and their recent publication Making the UK the Home Of Open Source included across the public sector.
When open-source is discussed in the public sector, it is usually framed around transparency and reuse. The code behind products and tools built with public money is made open so that others can develop, adapt, and reuse it, and GDS recently published new guidance on this.
What is far less often considered is the reverse direction, where the public sector adopts and builds on open-source software developed by others.
LocalGov Drupal is an example of what this can look like in practice. It began with two councils collaborating on a local authority implementation of the open-source content management system Drupal. Today, it is used by around 60 councils and 23 vendors.
Two factors are likely to have contributed to its success. First, Drupal itself is a mature product, originally released in 2001 and now on its eleventh major version, released in 2024, with older versions still supported. Second, it benefits from a large and active global community, with over a million members contributing to, maintaining, and supporting the platform.
Figures compiled by Open Digital Cooperative show by using this open-source product:
there is a cost reduction to councils of a website rebuild by 30%–50% councils typically save £30,000–£90,000 on developer costs ongoing costs can be as much as 50% lower councils can avoid around £50k/year in licence fees and proprietary upgrades.Which raises an important question: where will the next LocalGov Drupal emerge from, and who will source and scale it?
Providing product assuranceAt present, there is no formal or standardised process across government for evaluating, recommending, or providing confidence in open-source products or components for use in the public sector.
For local government to adopt open-source products built outside the sector this would need to be in place, and it’s something GDS Local is starting to explore.
Elements of the Software Security Code of Practice and the Technology Code of Practice go some way towards this, but aspects of an assurance process might mean a product has to demonstrate:
Maturity and stability: The product shows sustained development, clear versioning, and a credible path for upgrades and long‑term use. Healthy community and governance: There is an active, diverse contributor community with transparent decision‑making and maintenance responsibility. Security and risk management: The product demonstrates good security hygiene, including vulnerability disclosure, patching, and dependency management, perhaps building on the work of the Open Source Security Foundation and the Cyber Assessment Framework for local government. Operational fit for the public sector: The product is usable by public‑sector teams, with appropriate licence, documentation, accessibility, and proven deployment patterns. Sustainability and support: There are clear signals that the product can be supported and maintained over time, through community, commercial support, or both. Value for money, in its runtime, e.g. its technically efficient, cheap to run, scales well How it uses artificial intelligence, ethically, sustainably, and securely by following the Code of Practice for the Cyber Security of AI. Help us make open source safe and scalableFrom the example of LocalGov Drupal, greater adoption of open‑source products in the local government could save time and money, especially as artificial intelligence has now democratised their development, dramatically lowering the barrier to building and extending them, with both the risks and opportunities that brings.
We would welcome your thoughts on how proportionate and continuous assurance could help ensure these products are safe, supported, and continuously improved, and how an assurance process itself could be designed to scale, should it be successful if adopted by local government, by completing this form.
https://technology.blog.gov.uk/2026/05/27/adopting-open-source-in-local-government/
seen at 15:07, 27 May in Technology in government.