Tooling

Civic & OSS Grant Funding (Government)

Sovereign Tech Fund, NLnet, NSF POSE, DARPA Open Source — where civic-tech and OSS infrastructure actually gets paid.

The most consequential civic-tech development of the 2020s isn't a tool — it's that governments started funding OSS infrastructure as infrastructure. Pair with OSS Funding Platforms, OSS Foundations & Fiscal Sponsors, OSS License Selection, and Civic Organizations.

The big three (start here)

  • ★ ★ Sovereign Tech Fund (Germany) — the most important OSS funding development of the decade. Founded 2022 by the German Federal Ministry for Economic Affairs and Climate Action (BMWK); operated by Sovereign Tech Agency. Funds digital infrastructure as infrastructure: OpenSSL, GnuPG, sequoia-pgp, Bundler, OpenJS, Wine, FFmpeg, RubyGems, GStreamer, OpenStreetMap, curl, Yocto, and many more. Direct grants, no equity, no commercial obligation. Average grants in the €100k–€1M range. Renewable. Apply.
  • ★ ★ NLnet Foundation (Netherlands / EU) — non-profit; very long-running; runs NGI (Next Generation Internet) EU-funded grant programs (NGI Zero, NGI Assure, NGI TALER, NGI Sargasso, NGI Commons Fund). Smaller grants (€5k–€50k typical) but broad, frequent, and friendly to small projects. Open-call and rapid review. The default for European indie OSS funding.
  • NSF POSE (Pathways to Enable Open-Source Ecosystems) — US National Science Foundation; research-grant-shaped; up to ~$1.5M for "scaling" an OSS ecosystem. Started 2022; deeply paperwork-laden; PI must be at a US research institution. The closest thing to a US Sovereign Tech Fund.

US federal

  • DARPA Open Source Defense — DARPA programs that fund OSS-aligned defense work; e.g. SocialCyber, Voltron, CARVE. Project-shaped, not maintainer-shaped.
  • NSF SBIR Phase I/II — US small-business research; OSS-friendly but commercial-spinout-shaped. Paid.
  • NIST funding — supply-chain security adjacencies; sigstore-shaped work.
  • DOE / national-lab open source — domain-specific (high-performance computing, scientific software).
  • Federal grants.gov — searchable; vast and bureaucratic; mostly not for individual maintainers.

EU programs

  • NGI (Next Generation Internet) — EU H2020 / Horizon Europe pillar; flowed through NLnet, FNF, eSSIF-Lab, others. Funds privacy-tech, decentralized-tech, open-source infrastructure.
  • EU FOSSEPS / EU FOSSA — historical EU FOSS audit + bug-bounty programs; limited but precedent-setting.
  • Horizon Europe — broader EU R&D framework; OSS-friendly themes.
  • DG CONNECT funding lines — EU digital-services policy adjacencies.
  • CEF Digital / DIGITAL Europe Programme — EU digital infrastructure; some OSS lines.

Foundations / non-profits funding civic OSS

  • Ford Foundation BUILD program + Critical Digital Infrastructure funding — Ford has been a quietly important OSS+civic funder.
  • Mozilla Foundation grants — varying programs; MOSS (Mozilla Open Source Support) was historically important; current programs vary.
  • Knight Foundation — civic-tech-leaning; funds OpenElections, Free Law Project, journalism.
  • Open Society Foundations — civic-tech / governance grants.
  • MacArthur Foundation — funded much of early Code for America and civic-tech.
  • Hewlett Foundation — democracy / cybersecurity grants.
  • Sloan Foundation — research-software-engineering grants.
  • Schmidt Futures / Schmidt Sciences — sometimes OSS-adjacent science software.

OSS-specific grant programs

  • GitHub Accelerator — paid; equity-free $40k for OSS projects in a 10-week cohort. Free; competitive.
  • Microsoft FOSS Fund — internal Microsoft program; funds OSS dependencies.
  • Google Open Source Peer Bonus / Patch Rewards — Google-employee-driven; small.
  • Linux Foundation Public Health / OpenSSF Alpha-Omega — supply-chain-security funded; specifically targets critical OSS.
  • Internet Security Research Group / Let's Encrypt — non-profit; ISRG-funded projects (Let's Encrypt itself, divviup).

Bug bounty / security funding

  • Internet Bug Bounty (IBB) — HackerOne-hosted; pays for bugs in critical OSS. See Bug Bounty Platforms.
  • OpenSSF Alpha-Omega — funds security work on critical OSS (alpha=top 10K, omega=long tail).
  • GitHub Securitylab Bug Bounty — funds vulnerability research in OSS.

Practical tips

  • Apply to STF and NLnet first. Both are open-call, transparent, and have low overhead per application relative to outcome.
  • STF priorities are explicit — read their published priority list; don't waste an application on something off-thesis.
  • NLnet's grant process is unusually fast and friendly — small grants, quick decisions, indie-developer-shaped.
  • NSF POSE requires a US research institution PI. Solo maintainers without academic affiliation cannot apply directly.
  • Foundation grants are slow. 6–18 month application-to-decision is typical.
  • Pair grant funding with sustaining donations — see OSS Funding Platforms. Grants are project-shaped, not maintainer-shaped.

Honest take (2026)

  • STF is the model. Germany has demonstrated that a few €M/year of state funding can stabilize an enormous swath of OSS infrastructure. Other governments are copying: France, Netherlands, Switzerland, Spain are at varying stages.
  • NLnet is the unsung hero. Decades of small grants, low overhead, and trust-based review have funded an astonishing number of indie projects.
  • The US lags badly. NSF POSE is the closest, but the academic-PI requirement excludes most actual maintainers. There is an obvious unmet need for a US-Sovereign-Tech-Fund-shaped institution.
  • Foundation grants are still the largest pool of money for civic-tech specifically (vs. infrastructure-OSS), but slower and more relationship-driven than the STF / NLnet model.
  • The xz-utils 2024 backdoor materially shifted political appetite for funding OSS maintainers — expect more programs in the 2026–28 window.

Pick this if…

  • You maintain critical OSS infrastructure: apply to Sovereign Tech Fund.
  • You're an indie OSS / privacy-tech / decentralized-tech project in the EU orbit: apply to NLnet (NGI Zero / NGI Assure).
  • You're at a US university with an OSS ecosystem to scale: NSF POSE.
  • You're a defense-adjacent OSS project: DARPA programs.
  • You're a civic-tech non-profit: Knight, Ford, MacArthur, Hewlett, Mozilla.
  • You want to combine grants with recurring donations: Sovereign Tech Fund + GitHub Sponsors / Open Collective. See OSS Funding Platforms.

On this page