Civic & OSS Grant Funding (Government)
Sovereign Tech Fund, NLnet, NSF POSE, DARPA Open Source — where civic-tech and OSS infrastructure actually gets paid.
The most consequential civic-tech development of the 2020s isn't a tool — it's that governments started funding OSS infrastructure as infrastructure. Pair with OSS Funding Platforms, OSS Foundations & Fiscal Sponsors, OSS License Selection, and Civic Organizations.
The big three (start here)
- ★ ★ Sovereign Tech Fund (Germany) — the most important OSS funding development of the decade. Founded 2022 by the German Federal Ministry for Economic Affairs and Climate Action (BMWK); operated by Sovereign Tech Agency. Funds digital infrastructure as infrastructure: OpenSSL, GnuPG, sequoia-pgp, Bundler, OpenJS, Wine, FFmpeg, RubyGems, GStreamer, OpenStreetMap, curl, Yocto, and many more. Direct grants, no equity, no commercial obligation. Average grants in the €100k–€1M range. Renewable. Apply.
- ★ ★ NLnet Foundation (Netherlands / EU) — non-profit; very long-running; runs NGI (Next Generation Internet) EU-funded grant programs (NGI Zero, NGI Assure, NGI TALER, NGI Sargasso, NGI Commons Fund). Smaller grants (€5k–€50k typical) but broad, frequent, and friendly to small projects. Open-call and rapid review. The default for European indie OSS funding.
- ★ NSF POSE (Pathways to Enable Open-Source Ecosystems) — US National Science Foundation; research-grant-shaped; up to ~$1.5M for "scaling" an OSS ecosystem. Started 2022; deeply paperwork-laden; PI must be at a US research institution. The closest thing to a US Sovereign Tech Fund.
US federal
- ★ DARPA Open Source Defense — DARPA programs that fund OSS-aligned defense work; e.g. SocialCyber, Voltron, CARVE. Project-shaped, not maintainer-shaped.
- NSF SBIR Phase I/II — US small-business research; OSS-friendly but commercial-spinout-shaped. Paid.
- NIST funding — supply-chain security adjacencies; sigstore-shaped work.
- DOE / national-lab open source — domain-specific (high-performance computing, scientific software).
- Federal grants.gov — searchable; vast and bureaucratic; mostly not for individual maintainers.
EU programs
- ★ NGI (Next Generation Internet) — EU H2020 / Horizon Europe pillar; flowed through NLnet, FNF, eSSIF-Lab, others. Funds privacy-tech, decentralized-tech, open-source infrastructure.
- ★ EU FOSSEPS / EU FOSSA — historical EU FOSS audit + bug-bounty programs; limited but precedent-setting.
- Horizon Europe — broader EU R&D framework; OSS-friendly themes.
- DG CONNECT funding lines — EU digital-services policy adjacencies.
- CEF Digital / DIGITAL Europe Programme — EU digital infrastructure; some OSS lines.
Foundations / non-profits funding civic OSS
- ★ Ford Foundation BUILD program + Critical Digital Infrastructure funding — Ford has been a quietly important OSS+civic funder.
- ★ Mozilla Foundation grants — varying programs; MOSS (Mozilla Open Source Support) was historically important; current programs vary.
- Knight Foundation — civic-tech-leaning; funds OpenElections, Free Law Project, journalism.
- Open Society Foundations — civic-tech / governance grants.
- MacArthur Foundation — funded much of early Code for America and civic-tech.
- Hewlett Foundation — democracy / cybersecurity grants.
- Sloan Foundation — research-software-engineering grants.
- Schmidt Futures / Schmidt Sciences — sometimes OSS-adjacent science software.
OSS-specific grant programs
- ★ GitHub Accelerator — paid; equity-free $40k for OSS projects in a 10-week cohort. Free; competitive.
- Microsoft FOSS Fund — internal Microsoft program; funds OSS dependencies.
- Google Open Source Peer Bonus / Patch Rewards — Google-employee-driven; small.
- Linux Foundation Public Health / OpenSSF Alpha-Omega — supply-chain-security funded; specifically targets critical OSS.
- Internet Security Research Group / Let's Encrypt — non-profit; ISRG-funded projects (Let's Encrypt itself, divviup).
Bug bounty / security funding
- Internet Bug Bounty (IBB) — HackerOne-hosted; pays for bugs in critical OSS. See Bug Bounty Platforms.
- OpenSSF Alpha-Omega — funds security work on critical OSS (alpha=top 10K, omega=long tail).
- GitHub Securitylab Bug Bounty — funds vulnerability research in OSS.
Practical tips
- ★ Apply to STF and NLnet first. Both are open-call, transparent, and have low overhead per application relative to outcome.
- STF priorities are explicit — read their published priority list; don't waste an application on something off-thesis.
- NLnet's grant process is unusually fast and friendly — small grants, quick decisions, indie-developer-shaped.
- NSF POSE requires a US research institution PI. Solo maintainers without academic affiliation cannot apply directly.
- Foundation grants are slow. 6–18 month application-to-decision is typical.
- Pair grant funding with sustaining donations — see OSS Funding Platforms. Grants are project-shaped, not maintainer-shaped.
Honest take (2026)
- STF is the model. Germany has demonstrated that a few €M/year of state funding can stabilize an enormous swath of OSS infrastructure. Other governments are copying: France, Netherlands, Switzerland, Spain are at varying stages.
- NLnet is the unsung hero. Decades of small grants, low overhead, and trust-based review have funded an astonishing number of indie projects.
- The US lags badly. NSF POSE is the closest, but the academic-PI requirement excludes most actual maintainers. There is an obvious unmet need for a US-Sovereign-Tech-Fund-shaped institution.
- Foundation grants are still the largest pool of money for civic-tech specifically (vs. infrastructure-OSS), but slower and more relationship-driven than the STF / NLnet model.
- The xz-utils 2024 backdoor materially shifted political appetite for funding OSS maintainers — expect more programs in the 2026–28 window.
Pick this if…
- You maintain critical OSS infrastructure: apply to Sovereign Tech Fund.
- You're an indie OSS / privacy-tech / decentralized-tech project in the EU orbit: apply to NLnet (NGI Zero / NGI Assure).
- You're at a US university with an OSS ecosystem to scale: NSF POSE.
- You're a defense-adjacent OSS project: DARPA programs.
- You're a civic-tech non-profit: Knight, Ford, MacArthur, Hewlett, Mozilla.
- You want to combine grants with recurring donations: Sovereign Tech Fund + GitHub Sponsors / Open Collective. See OSS Funding Platforms.