The Dutch government quietly replaced GitHub with a self-hosted FOSS forge. No press release. Just commits.
Most developers have had the self-hosting conversation at least once. Someone on the team floats it, everyone nods, someone opens a Hetzner tab, and then a Jira ticket appears and the whole thing dies quietly on a Friday afternoon. We talk about owning our stack the way people talk about going to the gym constantly, convincingly, and without follow-through.
The Netherlands apparently skipped that part.
In November 2025, a software engineer named Jan Vlug published a detailed evaluation on the Dutch government’s developer portal asking one very reasonable question: which Git forge should the Netherlands actually use for its governmental source code? Not which one is most popular. Not which one has the slickest UI. Which one is appropriate for a government that has an actual policy about open source software.
That blog post wasn’t a thought experiment. The Ministry of the Interior was already spinning up a dedicated Git instance. The platform decision was live and open. And the Dutch government’s code at that point was scattered across GitHub and GitLab neither of which is under any form of government oversight or control.
So they actually did it. On April 24, 2026, code.overheid.nl went live quietly, without fanfare, in pilot phase as a fully self-hosted, FOSS-only government code forge. No press release. No launch party. Just a blog post from developer advocate Tom Ootes saying, essentially,
“we’re building this together, come help.”
TL;DR: The Dutch government evaluated GitHub, evaluated GitLab, rejected both on legitimate technical and policy grounds, and shipped a self-hosted Forgejo instance with actual ministries and municipalities already committing code to it. This is what digital sovereignty looks like when someone actually does the work instead of just writing about it.
Why GitHub got killed first
Let’s be honest GitHub losing a government contract isn’t exactly a scandal. It’s more like getting eliminated from a cooking show because you showed up with a microwave. The outcome was obvious the moment someone read the rules.
The Dutch government operates under a policy that says: prefer open source software when options are equally suitable. That’s not a vague suggestion buried in a footnote. It’s the kind of thing that shows up in procurement checklists and makes lawyers nervous when ignored. GitHub is proprietary software. Full stop. It didn’t matter how good the UI is, how many integrations exist, or how many developers already live there. Proprietary meant disqualified, and that was the end of that conversation.
What’s interesting though isn’t that GitHub lost it’s why that reasoning is actually correct. When your government’s source code lives on someone else’s SaaS platform, you don’t control it. You control a subscription. There’s a difference between storing your nation’s infrastructure code on a platform and owning where that code lives. One of those is a business arrangement. The other is sovereignty.
The Microsoft acquisition in 2018 didn’t help GitHub’s case either. That’s not FUD it’s a real procurement consideration for any government evaluating long-term vendor risk. When a $26 billion acquisition happens, the platform’s priorities shift. Governments move slowly enough that they’re still feeling that shift when everyone else has moved on.
GitLab made it further, which is fair. GitLab’s Community Edition is genuinely solid software it’s what a lot of self-hosting teams reach for when they want the GitHub experience without the GitHub dependency. But GitLab runs an open-core model, and that model has a very specific problem: the free version is real, but the version with everything your team eventually needs is not.
Every team I’ve been on has hit this wall. You start on GitLab CE, everything’s fine, and then six months later someone needs a feature advanced CI analytics, security dashboards, dependency scanning at scale and it’s sitting right there in the UI with a little lock icon on it. The open-core model is free-to-play with a battle pass. The base game works. The content you actually want is in the enterprise tier.
For a government platform that needs to stay fully open and auditable indefinitely, “free until it isn’t” isn’t good enough. GitLab CE is free software. GitLab EE is not. That split was enough to end the evaluation.
Enter Forgejo: the underdog with a squirrel
If you haven’t heard of Forgejo, you’re not alone. It doesn’t have a $7 billion valuation, a Super Bowl ad, or a developer relations team sending you swag. What it has is a GPLv3+ license, a democratic nonprofit governing it, and a squirrel mascot that somehow makes the whole thing feel more trustworthy than it has any right to.
Forgejo is a fork of Gitea, which itself was a fork of Gogs, which means it has the kind of lineage that open source projects accumulate when the community keeps deciding the current maintainers aren’t moving fast enough. The fork happened in 2022 when a subset of the Gitea community felt the project was drifting toward commercial interests. They took the code, stood up Codeberg e.V. as a governing body, and built something with an explicit commitment to staying fully free no enterprise edition, no proprietary upsell, no acquisition exit ramp.
Codeberg e.V. is a registered democratic nonprofit based in Germany. That structure matters more than it sounds. There’s no board of investors with a liquidation preference waiting for a strategic exit. No sales team trying to land an enterprise deal that quietly shapes the product roadmap. The governance model is the moat, and for a government platform that needs to be auditable and independent indefinitely, that moat is exactly what the evaluation was looking for.
Feature-wise, Forgejo covers the 90% of what most teams actually use on GitHub. Pull requests, issue tracking, code review, CI integration hooks, webhooks, org management it’s all there. It’s not trying to be GitHub. It’s trying to be a solid, self-hostable Git forge that doesn’t ask you to trust a vendor with your data, your uptime, or your roadmap.
The analogy that keeps coming to mind is Nextcloud. Nextcloud isn’t sexier than Dropbox. The setup takes longer, the UI isn’t as polished, and you have to think about your own backups. But it’s yours. When Dropbox changes its pricing, raises its limits, or gets acquired, your data isn’t caught in the crossfire. Forgejo is that, but for code hosting. Less glamorous than the SaaS alternative. Infinitely more yours.
Jan Vlug’s evaluation post laid all of this out methodically license model, governance structure, hosting requirements, community health. It wasn’t a hot take. It was the kind of calm, thorough technical writeup that procurement decisions should be based on and almost never are. Forgejo cleared every bar. So Forgejo won.
What’s already live and why it matters more than you think
Here’s where it stops being a policy story and starts being an engineering story.
code.overheid.nl had its soft launch on April 24, 2026. Developer advocate Tom Ootes wrote about it on the government’s developer portal, framing it not as a finished product being handed down but as a collective build early adopters were explicitly encouraged to file issues and open pull requests on the platform itself. Eat your own dog food, government edition.
The platform is a self-hosted Forgejo instance running on Dutch government infrastructure managed by SSC-ICT, the government’s shared IT services organization. It’s free for all government organizations to join. No licensing fees, no per-seat pricing, no surprise invoice when you add your fifteenth ministry.
Now here’s the part that made me stop scrolling.
The most prominent presence on the platform right now is Kiesraad the Dutch Electoral Council. They’ve pushed several repositories including Abacus, the software used for vote counting and seat distribution in Dutch elections, and e-KS, an electronic candidate nomination system.
Let that sit for a second. The software that counts votes in a national election is publicly hosted, publicly auditable, open source, and sitting on a government-controlled server. No black box. No “trust us.” Anyone can read the code, file an issue, or submit a pull request. That’s not just good open source practice that’s a fundamentally different relationship between a government and the people it serves.
Think about how many countries have their election-adjacent infrastructure running on proprietary systems or third-party SaaS platforms where independent audit is somewhere between difficult and impossible. The bar for public trust in election software is already low. Making it open and auditable doesn’t fix every problem, but it’s a meaningful step that most governments haven’t taken.
The Ministry of the Interior has the DAWO project on there their digital autonomous workplace initiative along with a DigiD source code release that was published under a freedom of information ruling. That last one is particularly interesting. The code went public not because the government volunteered it, but because a legal ruling required it. And now it lives on infrastructure the government actually controls.
On the organization side, the roster for a platform still in pilot is genuinely surprising. National ministries already signed up include Finance, Foreign Affairs, Agriculture, and Interior. Municipalities include The Hague, Utrecht, Leiden, and Arnhem. That’s not a proof of concept anymore. That’s adoption.
Tom Ootes framed the whole thing as building alongside the people who will use it rather than shipping something finished. That framing is quietly smart. Government software projects fail constantly because they get designed in isolation and handed to users who had no input. Starting in public, in pilot, with issues open that’s the right instinct even if it’s a slower path.
Europe is waking up slowly, quietly, correctly
The Netherlands didn’t invent this idea. They just executed it better than most.
France has been running code.gouv.fr for a while now. It’s a public inventory of open source software published by French public agencies. Germany has opencode.de, a similar initiative pushing government code into the open on self-hosted infrastructure. The pattern is consistent across every country doing this:
US cloud platform → data sovereignty concern → FOSS forge.
It’s not a coincidence. It’s GDPR doing its job.
When your government code lives on servers in Virginia, you have a problem. Not a theoretical one. A legal one. GDPR has real teeth, and “we use GitHub” is not a compliance strategy when the data in question belongs to citizens of a member state. The move toward self-hosted, EU-controlled infrastructure isn’t ideological it’s a legal and operational requirement that some governments are finally taking seriously.
Here’s the thing though. Nobody’s making noise about this.
If a VC-backed startup pulled off what the Netherlands just did evaluated the market, rejected the dominant players on principled technical grounds, shipped a self-hosted alternative with real adoption in under six months it would be a Product Hunt #1, a TechCrunch piece, and seventeen LinkedIn posts about “disruption.”
Instead it’s a quiet blog post from a developer advocate and a Forgejo instance that most devs outside the Netherlands have never heard of.
That asymmetry says something about where the dev community puts its attention. We celebrate funded startups shipping fast. We ignore governments shipping slowly and correctly. But slow and correct compounds. The Netherlands isn’t going to wake up one day and discover their code platform got acquired, deprecated, or pivoted into an enterprise product. They own it.
The “Europe buying a NAS instead of paying for iCloud” energy is real here. Yes, the NAS takes longer to set up. Yes, you have to think about your own redundancy. But when Apple changes its storage tiers, your files aren’t hostage to a pricing decision made in Cupertino.
Same logic. Different scale. Higher stakes.
GitHub won the developer market on network effects, not on being the objectively correct choice for every use case. For personal projects, open source collaboration, and public repos GitHub is great. For government infrastructure that needs to stay auditable, sovereign, and free from vendor risk indefinitely? The Netherlands just proved there’s a better answer.
And it has a squirrel mascot.
The quiet ones ship
There’s a version of this story where the Netherlands holds a press conference, brings in a minister to cut a ribbon on a server rack, and publishes a forty-page digital sovereignty strategy document that nobody reads.
They didn’t do that.
They hired an engineer to write an honest evaluation. They picked the right tool. They stood up the infrastructure. They opened it in pilot with real organizations committing real code. And then they wrote a blog post about it.
That’s it. That’s the whole move.
There’s something genuinely refreshing about watching an institution do the unglamorous work without performing it. No roadmap deck. No keynote. No waitlist with a referral bonus. Just a Forgejo instance, a squirrel mascot, and government ministries quietly pushing commits.
The part that sticks with me is Abacus. Election software. Publicly hosted. Openly auditable. In a world where public trust in institutions is running low and the black-box nature of critical infrastructure is a legitimate concern making your vote-counting code readable by anyone is a statement. Not a loud one. But a real one.
GitHub isn’t going anywhere. It’s still where most of the world’s open source code lives and where most developers spend their days. But the assumption that GitHub is the default, obvious, unquestioned choice for every organization is starting to crack. Slowly. One government forge at a time.
The Netherlands killed that assumption for themselves. France and Germany are doing the same. More will follow not because FOSS forges are trendy, but because the alternative is permanent dependency on platforms you don’t control, running on infrastructure outside your jurisdiction, governed by priorities that aren’t yours.
If you’ve been meaning to look into self-hosting your team’s code, this is a decent nudge. And if you want to see what a government actually shipping digital sovereignty looks like, code.overheid.nl is live right now.
Go look at it. The squirrel is worth it.
Are you self-hosting your team’s Git infrastructure? Is your organization still on GitHub by default or by choice? Drop your take in the comments.
Helpful resources
- code.overheid.nl the live platform
- Forgejo official site what it is and how to self-host
- Codeberg e.V. the nonprofit governing Forgejo
- Jan Vlug’s Git forge evaluation the blog post that started it
- Tom Ootes soft launch post the April 24 announcement
- code.gouv.fr France’s government FOSS platform
- opencode.de Germany’s equivalent
- Forgejo FAQ and governance how the project is actually run
Top comments (0)