WMO Guide to Free and Open Source Software

World Meteorological Organization

Date: 2026-06-23

Version: 0.1.0

Document status: DRAFT

Document location: https://wmo-im.github.io/wmo-foss-guide/guide/wmo-foss-guide-DRAFT.html

WMO publication location: TBD

Standing Committee on Information Management and Technology (SC-IMT)^[1]

Commission for Observation, Infrastructure and Information Systems (INFCOM)^[2]

Table of Contents

Executive Summary
- Key findings
How the guidance helps Members
Further guidance
How the guidance is organised
Introduction
Guidelines
- WMO Members
- WMO Activities
Glossary
References
Annex A: FOSS evaluation rubric
Annex B: Data policies
- Global
- Regional
- National
Annex C: AI Tool Use in FOSS

Executive Summary

Free and open-source software (FOSS) has become a foundational element of modern meteorological, hydrological, and climate services. Across the WMO community, FOSS underpins digital infrastructure — from data encoding libraries and dissemination services (including the WMO Information System 2.0 (WIS2) reference implementations) to open-source numerical weather prediction (NWP) models. The global shift toward open science, open data, and digital transformation has made structured engagement with FOSS a strategic imperative for WMO and its Members.

This guide provides practical guidance for WMO Members and the WMO Secretariat on the responsible adoption, development, and governance of FOSS. It addresses the full software lifecycle — from evaluation and selection through operational use to end-of-life — and identifies coordination mechanisms to ensure that FOSS activities across WMO programmes are coherent, secure, and sustainable.

Key findings

FOSS adoption within the WMO community has grown significantly but has largely been managed on an ad hoc basis. Independent decisions by projects and programmes, without a common framework for evaluation and governance, have led to fragmentation, duplication of effort, and in some cases reliance on software that does not meet adequate standards of maintenance, security, or operational fitness. The absence of structured coordination places operational services at risk and leaves Members — particularly those with limited technical capacity — without adequate guidance or support.

The benefits of FOSS are well established, though returns vary significantly by context, scale, and implementation approach. Studies have documented a cost-benefit ratio of above 1:4 for OSS investment across the EU public sector (European Commission, 2021), and over 200% return on investment in a geospatial software case study directly analogous to NMHS operations over a seven-year period (World Bank / GFDRR). FOSS is a key enabler for WMO’s Early Warnings for All initiative and supports Members' digital transformation journeys, especially for least developed countries (LDCs) and small island developing States (SIDS).

How the guidance helps Members

The guide equips Members to make informed, risk-aware decisions about FOSS, applied in proportion to their technical capacity and the operational criticality of the software concerned. It:

sets out the benefits, risks, and total cost of ownership of FOSS, and shows that the same assessment discipline applies equally to proprietary alternatives;
guides Members on contributing to, managing, and publishing FOSS — including licensing choices, governance models, and establishing an "architecture of participation" for community projects;
addresses the competencies staff require and the infrastructure choices involved, from code hosting and CI/CD to package registries and community channels;
provides a common evaluation rubric (Annex A) that Members can apply directly when selecting or adopting software;
helps Members plan for sustainability from the outset — key-person dependency, long-term maintenance, security, and funding; and
relates FOSS to the WMO Unified Data Policy and to the growing impact of AI tools on FOSS projects.

It also frames a WMO-level coordination and support function — drawing on existing bodies and external partnerships — designed to ensure that no Member is left behind.

Further guidance

The guide encourages WMO and its Members to:

Strengthen the coordination of FOSS across WMO, moving from an ad hoc approach to systematic software governance — covering evaluation and endorsement (using the Annex A rubric), lifecycle oversight, standards alignment, advisory guidance, external partnerships, and Member support. These functions can build on existing WMO bodies (Standing Committees, Expert Teams, and Task Teams); the guide also describes a dedicated Open Source Program Office (OSPO) as a model for delivering them with continuity across sessions, noting that such an office need not require a significant resource commitment — the critical requirement being institutional mandate and continuity rather than scale, as demonstrated by comparable arrangements at ECMWF, the World Bank, and the UNDP/ITU Open Source Ecosystem Enabler (OSEE) initiative.
Recognize and formalize Communities of Practice within WMO’s constituent body structure, to strengthen collaborative FOSS governance and sustain shared software initiatives across Members.
Develop Reference Implementations in parallel with Technical Regulations, as demonstrated by the WIS2 programme, to validate standards, reduce implementation risk, and accelerate adoption by Members.
Apply a common evaluation framework (see Annex A) when selecting or endorsing FOSS for use in WMO programmes and projects.
Engage with the broader FOSS ecosystem through formal partnerships (for example, Memoranda of Understanding with OSGeo), registration of key WMO FOSS as Digital Public Goods, and participation in joint events, code sprints, and hackathons.
Plan for sustainability from the outset: address key person dependency, long-term maintenance, security vulnerability management, and funding — including through the WMO Voluntary Cooperation Programme and extra-budgetary sources.
Support national FOSS policies: encourage Members to develop or leverage national open-by-default policies and institution-level guidelines that reduce vendor lock-in and strengthen long-term operational resilience.

How the guidance is organised

Introduction — defines FOSS, sets out the intended audience and scope, and frames two cross-cutting themes: the mutually reinforcing relationship between open data and FOSS, and the impact of AI tools on FOSS projects.
Guidelines for WMO Members — using FOSS (benefits, risks, and cost implications); contributing to FOSS and the role of national policies; managing and publishing FOSS; profiling the competencies required; and infrastructure considerations.
Guidelines for WMO activities — the coordination, alignment, and support role of the Secretariat, including options for systematic coordination and governance (such as a dedicated OSPO), roles and responsibilities, the FOSS project lifecycle, and sustainability and risk management; standards compliance; software review and evaluation; reference implementations; and a WIS2 case study illustrating the agile, parallel development of standards and FOSS.
Annexes and reference material — a glossary and references, together with Annex A (FOSS evaluation rubric), Annex B (examples of open data policies), and Annex C (AI tool-use references and example project policies).

Introduction

Free and open-source software (FOSS) refers to software that is released under a license that grants users the freedom to run, study, modify, and distribute the software and its source code. Common licenses include GPL,^[3] MIT,^[4] Apache,^[5] BSD, and many others, a comprehensive list of which is maintained by the Open Source Initiative (OSI).^[6] Throughout this document, the terms "FOSS" and "open source" are used interchangeably for readability, though they carry distinct philosophical emphases.^[7] Such software has become increasingly crucial for WMO and its Members. No longer a "niche" industry, FOSS now powers major initiatives and services worldwide, and is backed by industry support.

FOSS solutions play a pivotal role as accelerators for the implementation of Early Warnings for All (EW4All), a key WMO initiative aimed at protecting every person on Earth with life-saving early warning systems by 2027. By providing accessible, customizable, and cost-effective tools, FOSS enables Members to rapidly deploy and adapt early warning systems to their specific needs and contexts. This approach is particularly crucial for least developed countries (LDCs) and small island developing States (SIDS), where resource constraints often hinder the implementation of proprietary solutions.

Moreover, FOSS initiatives serve as powerful catalysts in supporting Members' efforts towards digital transformation. As National Meteorological and Hydrological Services (NMHSs) worldwide strive to modernize their operations and services, FOSS now offers a flexible and scalable foundation for innovation. They enable Members to leverage cutting-edge technologies, collaborate on development, and share best practices, thus accelerating their digital transformation journeys while optimizing resource utilization.

Audience

The document is intended for WMO Members who are involved in software acquisition, implementation and development activities in their respective organizations (developers, managers/decision makers) as well as the WMO Secretariat in the coordination, alignment and support of FOSS within WMO.

Scope

This document provides guidance on FOSS for WMO Members and WMO Secretariat, both in terms of using FOSS but also in the development and contribution to FOSS projects. The guidance is equally applicable to internally developed software, and to commercially sourced or supported software.

Background

FOSS development and use among WMO Members has been a longstanding activity. Typical FOSS implementations included decoders and encoder libraries of WMO BUFR and GRIB formats (for example, ecCodes, degrib, libecbufr), as well as data dissemination services (such as THREDDS, GDAL, ERDDAP).

In addition, as part of the global open data/open science movement, numerous government organizations have put forth using FOSS by default; this includes use of existing FOSS tools as well as developing them and working in the open by default. Free software development platforms and tools (for example, GitHub) have greatly lowered the barrier for sharing software for research, development and operations for all.

As part of the development of the WMO Information System (WIS2), FOSS implementation has been a significant activity, as exemplified by a number of Reference Implementations of WIS2 Standards and Global Services. The development of software in the open during the pre-operational phases of WIS2 proved valuable in testing WIS2 Standards put forth in Technical Regulations while they were still in development. This also promoted the “release early, release often” philosophy of agile and iterative development (see Case study: WIS2, FOSS, and agile development). While FOSS is increasingly used across WMO Member organizations, guidance and coordination are vital to support the delivery of services with security, privacy and safety in mind.

Culture and process in FOSS projects

Openly developed FOSS projects depend on community contributions and maintainer review and approval of contributions. Whether a large or small community, ongoing maintenance of a project depends on building and maintaining a strong community with a culture of collaboration and contribution. The community aspects of a project can be as important as the technical aspects when considering the maintainability and sustainability of the project.

Communication during the contribution and review process is key. Contributors should consider the effort involved in reviewing contributions and how they can structure their contributions to simplify the process. Contributors should be able to justify all changes they are submitting (whether developed with or without assistance from AI tools).

Data policy considerations

While FOSS is a key enabler of modern meteorological systems, its full value is realized only when combined with accessible, well-governed data. Open data and FOSS are mutually reinforcing: open data provides the raw material for analysis and forecasting, while FOSS provides the tools to discover, process, share, and operationalize that data. Open data policy has existed for decades at global, regional and national levels (see Annex B for examples). Together with FOSS they can, for example, support the implementation of the WMO Unified Data Policy^[8] by helping Members expand access to Earth system data, strengthen international collaboration and contribute to broader open science practices.

Open data as a strategic asset

Open data, and especially meteorological, hydrological, atmosphere, and climate data should not be understood solely as data that is “available”. To be truly useful, data must be governed through clear policy frameworks, standards, and licensing arrangements that define how it can be accessed, shared, reused, and redistributed. Open access alone does not guarantee value. Data must also be FAIR:

Findable through clear metadata and catalogues
Accessible through reliable services and standard interfaces
Interoperable across institutions and systems
Reusable under clear legal and technical conditions

These FAIR principles are highly aligned with WMO objectives, provide a practical framework for implementing the Unified Data Policy, and help ensure that shared data can be effectively used by Members, researchers, and operational centres, thereby strengthening and supporting also open science and reproducible research.

The importance of policy, license and legal clarity

To enable meaningful data exchange, open data should be supported by a clear policy framework. Such policies help define:

what data should be shared,
under what conditions,
who is responsible for stewardship,
and how quality, security, and privacy are maintained.

Also, an often overlooked but essential aspect of open data, is licensing. Even where data is technically accessible, the absence of an explicit open data license can create uncertainty around reuse, redistribution, and related products. An open data licence helps to provide legal clarity for users and encourages broader adoption. The Open Knowledge Foundation provides a curated list of open data licences at https://opendefinition.org/licenses/.

The enabling role of FOSS

FOSS plays a central role in translating data policy into operational practice.

They can help:

Reducing barriers to access: FOSS tools allow members to access and work with shared datasets without dependence on costly proprietary software, an aspect especially interesting for members with limited financial or technical resources.
Supporting interoperability: Many FOSS solutions are built around open standards, APIs, and web services, making data exchange easier (see above).
Strengthening transparency: FOSS workflows allow users to inspect how data are processed, improving trust, reproducibility, scientific integrity, and metadata management.
Enabling innovation: When open data is combined with open software, organizations can develop locally relevant applications and services, maybe also supporting start ups and local economies, while contributing improvements back to the wider community.

By relying on open standards and transparent architectures, FOSS helps ensure that data remains interoperable, portable, and reusable across institutions.

The way forward

The benefits of open data policies, such as the WMO Unified Data Policy, depend not only on making data available, but also on ensuring that data can be effectively discovered, understood, and reused. FOSS provides the technical means to support this goal, while sound data policies and open licensing provide the governance foundation that ensures sustainable and trusted data sharing.

Together, open data, FOSS, and open standards can help create a more collaborative, transparent, and resilient global meteorological data ecosystem.

Impact of AI on FOSS Projects

The capabilities of AI/LLM/Agentic tools and workflows are evolving rapidly and increasingly used to contribute to and manage FOSS projects. FOSS projects can be impacted in a variety of ways including dramatic increases in the number, size, and complexity of contributions. Many FOSS projects have responded by developing AI Tool Use Policies or Guidelines, often focused on the importance of maintaining a project’s community and culture. (See Annex C for references to AI in FOSS overview articles and example AI use policies.)

The guidelines tend to focus on the need for human communication around contributions, the value of contributions relative to the effort required by maintainers, and transparency with type and amount of AI tool use indicated. (Contributions of low value-to-effort are sometimes called "extractive contributions".)

The speed and scale at which AI tools can generate possible fixes and enhancements, as well as exploits to security vulnerabilities, necessitates strong culture, process, and communication around human decision making on discussions and issues. AI has also be used for reputation building through AI-generated discussions and Q&A which, along with requiring maintainer effort, can impact an OSS project’s ability to provide support to the user and developer community.

Guidelines

WMO Members

WMO Members — through their National Meteorological and Hydrological Services (NMHSs) and other designated bodies — are the primary adopters and, in many cases, developers of FOSS within the WMO community. The guidelines in this section address the full range of Member engagement with FOSS: from evaluation and operational use, through contributing to and managing FOSS projects, to the policies, competencies, and infrastructure that underpin sustainable adoption. Members are encouraged to apply these guidelines in a manner proportionate to their technical capacity and the operational criticality of the software concerned.

Using FOSS

This section provides an overview of key considerations for WMO Members when using FOSS, covering the benefits it can offer alongside the risks and cost implications that require careful management.

Benefits of FOSS

The benefits of FOSS are well evidenced, though they vary significantly by context, scale, and implementation approach. They can be summarized across three dimensions: autonomy and control, cost advantages, and ecosystem flexibility.

Autonomy and control: The code is open and licences are flexible, allowing meteorological organizations to perform customization as needed, directly modifying the code to add or remove functional modules to suit unique operational scenarios (for example,regional weather forecasting adjustments). This level of access also allows them to independently identify and fix vulnerabilities, optimize performance for large meteorological data workloads, and control the technical roadmap of core systems. Certain permissive licences (for example,MIT License, Apache License 2.0) even permit using modified code as closed source in commercial products, balancing customization needs with operational requirements.
Cost advantages: No software licence fees or subscription fees are required, making FOSS suitable for national meteorological services as well as deployments in regional forecasting centres. The availability of source code and community documentation reduces costs during adaptation and integration. Meteorological organizations can also choose free community support or affordable third-party services instead of expensive vendor support packages. A 2021 study commissioned by the European Commission estimated a cost-benefit ratio of above 1:4 for OSS investment across the EU public sector, noting that EU companies' € 1 billion investment in OSS in 2018 generated between € 65 and € 95 billion in macroeconomic impact on EU GDP — though these are economy-wide figures and individual organizational returns will vary.^[9] A World Bank case study of institutional investment in open-source geospatial software — a domain closely analogous to NMHS operations — found a conservatively estimated 200% return on investment over seven years.^[10]
Avoiding vendor lock-in: Free from proprietary interfaces and data format dependencies, enabling free choice of deployment environments (for example,private or public clouds). Even if the original project is discontinued, maintenance can be taken over independently or by a third party. Moreover, multiple service providers often support the same open-source software, strengthening the user’s bargaining position.
Cross-platform portability: Most open-source tools run on multiple operating systems (for example,Windows and Linux). Adherence to common technical standards (for example,WMO GRIB data formats) lowers system integration difficulty. Modular design facilitates containerized deployment and cross-cluster migration, adapting to architectural upgrades in meteorological data centres.
Technical capacity development: Community involvement within FOSS projects can foster career growth, professional recognition, networking and collaboration. In turn this can lead to increased technical capacity within Members' NMHSs and other organizations.

Risks

The use of FOSS may introduce a range of risks that should be carefully assessed and managed, particularly in operational environments where reliability, security, and compliance are critical. It is worth noting that many of these risks apply equally to commercially licensed software.

Licence compliance risks — users: Members using FOSS internally, without modification or redistribution to third parties, face minimal licence compliance risk in most cases. The principal exception is the Affero GPL (AGPL), which extends copyleft obligations to software used to provide network services even without distribution; NMHSs operating web-based or API services should assess AGPL-licensed components carefully.
Licence compliance risks — contributors and distributors: Members who modify FOSS and distribute it to third parties face broader obligations. Copyleft licences (for example, GPL, LGPL) require that derivative works be made available under the same terms and that original copyright notices be preserved. Where FOSS components with different licences are combined, compatibility between those licences must also be assessed. Violations of applicable licence terms may lead to legal disputes and intellectual property issues.
Security risks: The openness of FOSS source code means that vulnerabilities can be identified — and fixed — by a wide community of developers; this transparency is a significant security advantage over proprietary software where code cannot be independently inspected. However, software from niche or less-established projects may pose security risks where the contributor community is too small to provide adequate review. Additionally, the complexity of FOSS supply chains can create vulnerabilities that could be exploited to implant malicious code. These risks are amplified in meteorological applications, especially when handling sensitive observational data or real-time forecasting models.
Maintenance risks: Fixes for vulnerabilities rely on community responsiveness. If an open-source project is discontinued, known vulnerabilities may remain unaddressed.
Dependency and stack maintenance risks: FOSS solutions typically depend on a broader ecosystem of libraries, frameworks, and runtime components. Keeping the full software stack up to date, including across upstream dependencies, requires continuous effort. Version incompatibilities, breaking changes upstream, and end-of-life releases can create significant operational burden, particularly for small teams managing operational meteorological systems.
Support risks: Most open-source software lacks official support. As a result, timely response and effective resolution of critical operational system failures cannot be guaranteed, potentially leading to interruptions in meteorological operations and data loss.

Cost Implications

The use of FOSS may entail cost implications that should be carefully assessed, particularly with regard to integration, maintenance, and long-term resource requirements. As with risks, many of these considerations apply equally to commercially licensed software.

Technical adaptation and integration costs: Human resources must be allocated for software customization and adaptation, system interface integration, and compatibility testing to ensure the software aligns with existing systems.
Long-term maintenance and version management costs: Dedicated personnel are needed to track version updates, conduct testing, and manage migrations. If a project is discontinued, taking over its maintenance internally entails high technical challenges and added operational complexity.
Talent acquisition and training costs: Recruiting skilled professionals can be expensive, and ongoing in-house training is required to maintain the necessary expertise.
Compliance audit and management costs: It is necessary to maintain an inventory of all open-source components and perform regular compliance audits. Large meteorological organizations may also need to develop dedicated management platforms, with costs increasing as the number of components grows.
Proprietary software pricing risks: When assessing the cost implications of FOSS, these should be considered alongside the risks of commercially licensed alternatives, which may include vendor-driven migration to subscription-only licensing models (whether cloud-based or locally deployed software requiring ongoing licence validation), significant price increases, and ratchet mechanisms that progressively erode an organization’s bargaining position and ability to exit the relationship.

The risks and costs described above are faced by individual Members when adopting FOSS. The broader systemic implications — including WMO’s role in monitoring project health, managing community-wide sustainability risks, and supporting Members when critical software reaches end-of-life — are addressed in FOSS sustainability and risk management.

Contributing to FOSS

National policies

The adoption and development of FOSS within NMHSs can be significantly strengthened through supportive national-level policies. Several WMO Members have already introduced digital government strategies that encourage the use of open standards, open data and open-source software as default options within public administrations.^[11] Where such frameworks exist, NMHSs can leverage them to increase efficiency, reduce vendor lock-in and ensure long-term sustainability of operational systems.

National FOSS-related policies may include:

"Open by default" procurement rules requiring public institutions to consider FOSS alternatives alongside proprietary solutions when acquiring software. National examples include the United States Federal Source Code Policy,^[12] the Government of Canada Open First approach,^[13] New Zealand’s NZGOAL-SE framework,^[14] India’s Policy on Adoption of Open Source Software,^[15] and Japan’s Open Source Promotion Report.^[16] In some countries, like Romania, when you purchase "on demand" software development services, the source code should be transferred to the customer along with all the IPR associated with the software. Making the source code available under an open-source licence is highly recommended.
Guidelines for software development funded from public budget, encouraging publication of code under approved open-source licences. The "Public Money? Public Code!" campaign, supported by over 200 civil society organizations, advocates that software developed with public funds should be released under open-source licences.^[17]
Policies promoting interoperability and open standards, which naturally align with FOSS implementations within WIS2 and other WMO technical frameworks. In the European Union, the Interoperable Europe Act^[18] (in force from April 2024) requires public sector bodies to conduct interoperability assessments and share open source solutions for cross-border digital services.
Capacity-building programmes that enable staff to acquire skills for maintaining and developing open-source tools, reducing long-term operational dependency on external vendors.
Security and lifecycle requirements to ensure that open-source components used in critical systems follow maintenance, patching, auditing and version management rules.

Where no national regulations exist, NMHSs can still develop institution-level policies or internal guidelines to support responsible FOSS adoption:

Establish internal rules for licensing, contribution approval and repository management.
Define procedures for evaluating FOSS components (governance, community health, maintenance model).
Incorporate sustainability planning (including contribution back to upstream projects when fixes or new features are developed internally).
Promote transparency by adopting open repositories for research software and operational tools.

Participation in events such as code sprints, hackathons and conferences (for example,OGC/OSGeo/ASF joint sprints and FOSS4G) provides valuable opportunities for capacity building, community engagement and collaborative development. OSGeo also supports a network of local chapters^[19] that can serve as regional points of contact for FOSS engagement. WMO’s coordination role in facilitating such events and managing partnerships with external FOSS organizations is described in External partnerships.

Managing FOSS activities

In some cases, Members developing their own FOSS in support of WMO obligations and activities may wish to make the software freely available to the public. The current FOSS landscape and infrastructure provide a strong support mechanism for doing FOSS development in the open, using services such as GitHub, GitLab, Codeberg and numerous other platforms.

In the same spirit as contributing to FOSS, where no national regulations exist, NMHSs can still develop institution-level policies or guidelines in support of making FOSS available to the public. The following are (some) key aspects to consider:

Establish an "architecture of participation":
- Who will be responsible for development, release management, and accepting external contributions?
- How will commit access be governed and managed? Does the project need a project steering committee or group of stakeholders to help drive the project?
- How will external collaboration be addressed? For example, will the project have a bug or issue tracker which can be used to identify new feature development, defects and/or bugs. Will there be a dedicated discussion forum or mailing list for wider discussion?
- Make clear how collaboration will work to the public (for example, by providing a CONTRIBUTING.md document for GitHub).
- Having a strong process for managing contributions can help ensure a strong culture of collaboration and cooperation. (This applies to both open projects and more restricted, small group projects). Consider addressing whether and how contributors can use AI Tools, if at all (see the Impact of AI on FOSS Projects section and Annex C).
- Make clear how security issues should be addressed (mitigation/release policies/timelines, contact points and so forth)
- What is the release schedule for new versions?
Choose a licence that the software will be made available with (such as the Apache License, Version 2.0, MIT and similar licences). It is strongly advised to consider and consult organization policies to ensure proper licensing and understanding risk, responsibility and liability
Choose the mechanism by which the software will be made available (GitHub, GitLab, Codeberg, organizational website, etc.)
Ensure that a README is available with the code stating a clear mission and purpose
Identify any supported WMO technical standards and best practices
Ensure that the project has proper documentation for users (downloading, installing, configuring, running), as well as additional documentation for developer or other audience types (administrators and so forth)
Ensure the code is versioned (for example using Git as a version control system)

Profiling competencies

Members wishing to use, participate and/or manage FOSS activities should be familiar with basic FOSS principles, and assess their level of participation accordingly. Understanding the architecture of participation of FOSS varies among projects. In addition to domain and software development competencies, staff require the ability to analyze a given FOSS project and/or community, understanding how development, contributions and social and political infrastructure operate. Staff should also be supported to participate in FOSS as part of their ongoing learning and development. This can include attending conferences and/or code sprints and hackathons. The degree to which these skills are developed depend on the level of FOSS investment by a given Member organization.

Infrastructure considerations

FOSS development and distribution is supported by a rich ecosystem of freely available hosting platforms and services. Understanding this landscape helps Members make informed choices when publishing software, consuming FOSS components, or participating in collaborative development.

Source code hosting and collaboration

Platforms such as GitHub, GitLab, and Codeberg provide the core infrastructure for hosting source code, tracking issues, managing contributions via pull or merge requests, and publishing project documentation. Many of these platforms also offer free tiers for public open-source projects. Members should consider platform accessibility (for example,connectivity constraints in some regions), governance and data sovereignty when making a choice. Some platforms, notably GitLab (Community Edition), Gitea, and Forgejo, can also be self-hosted, which may be preferable where organizational policy or national regulations require software infrastructure to remain under institutional control.

Continuous integration and delivery (CI/CD)

Most major hosting platforms include integrated CI/CD tooling (for example,GitHub Actions, GitLab CI) that enables automated testing, building, and release workflows. These services are typically free for public repositories and significantly reduce the overhead of maintaining software quality and producing releases. Where platforms are self-hosted, organizations must also provision and maintain the runner infrastructure — the compute resources on which CI/CD jobs execute. This may be on-premises hardware, virtual machines, or cloud instances, and represents an additional operational consideration when choosing a self-hosted deployment model.

Package and artefact registries

FOSS components are distributed through a variety of public registries depending on the language and runtime environment — for example, PyPI (Python), npm (JavaScript), Docker Hub and GitHub Container Registry (container images), and conda-forge (scientific computing). Members consuming FOSS should be aware of the provenance and integrity guarantees offered by each registry, and consider mirroring critical dependencies where connectivity is a concern. Registry licensing terms can also change: for example, Anaconda Inc. revised their Terms of Service in 2020 to require a paid licence for use of their defaults channel by organizations with more than 200 employees, while the community-maintained conda-forge channel remains freely available. This illustrates the importance of reviewing registry terms alongside software licences.

Community infrastructure

Beyond code hosting, FOSS projects often rely on additional community infrastructure including mailing lists, discussion forums, chat platforms (for example: Matrix, Slack, Discourse, etc.), and documentation sites. When evaluating or adopting a FOSS project, the health and accessibility of these channels is a useful indicator of community activity and support.

Economic aspects of FOSS development and support

While the origins of FOSS have been volunteer driven, numerous FOSS projects and activities now provide viable business models for industry. This includes, but is not limited to:

custom development
maintenance (defect management)
support / deployment / operation

FOSS can be financially supported in numerous ways (crowdsourcing, direct procurement, etc.) in support of a given project’s upstream community/development. When evaluating or adopting a FOSS project, funding architecture is a valuable indicator of community support and maintenance.

WMO Activities

This chapter presents key WMO activities aimed at supporting the effective adoption and use of FOSS, including coordination and alignment, standards compliance, software review and evaluation, and reference implementations.

Coordination, alignment and support

As FOSS has become increasingly embedded in WMO programmes, projects and Member operations, the need for structured coordination at the organizational level has grown accordingly. Historically, software developed, or selected, for use in different projects and programmes has largely been managed on an ad-hoc basis. Independent experts, contractors, and implementing authorities / agencies have typically made, and in many cases continue to make, independent choices without a common framework for the evaluation, governance, and life-cycle management of FOSS.

Whilst enabling rapid development and innovation, this approach has led to fragmentation and duplication of effort, and in some cases, reliance on software that does not meet adequate standards of maintenance, security, or operational fitness — putting Members' services at risk.

The WMO Secretariat, as the body supporting the work of its Members and constituent bodies, has a central role in coordinating FOSS activities across WMO programmes and projects and in supporting Members in the adoption of FOSS. This coordination function should ensure that FOSS initiatives adopted through WMO projects and programmes are aligned with WMO’s regulatory framework and that software used in support of WMO obligations meets appropriate standards of quality and security. Equally important, this coordination should ensure that Members, particularly those with more limited technical capacities, are not left behind.

Governance and organizational functions

Effective FOSS coordination within WMO requires dedicated governance functions. The following functions are identified as essential:

Software evaluation and endorsement: Providing a consistent process for assessing FOSS used in WMO programmes and projects, applying criteria such as those described in the FOSS evaluation rubric (see Annex A). This includes evaluating licence compatibility, security posture, project and community health, openness of governance, and technical fitness for purpose.
Lifecycle oversight: Tracking the status of FOSS components used across WMO programmes, from initial adoption through operational use to end-of-life, ensuring that migration plans are in place when software is no longer maintained.
Standards alignment: Coordinating standards alignment reviews, working with Expert Teams to ensure that FOSS developed or endorsed within WMO implements relevant Technical Regulations and open standards correctly and consistently.
Guidance and advisory support: Providing practical guidance on FOSS best practices — including licensing, contribution workflows, governance models, and release management — to Members, implementing authorities, and project teams, in support of the technical direction set by Expert Teams and Task Teams.

These functions may be carried out by existing WMO bodies, such as the Standing Committees, Expert Teams, and Task Teams. However, these bodies often have a narrow focus on a particular activity or area, are not typically involved in the projects implementing or using FOSS, and often lack the specialist knowledge on FOSS.

The governance functions described above are best delivered through a dedicated Open Source Program Office (OSPO), as described in the following section.

Open Source Program Office

An Open Source Program Office (OSPO) is a dedicated organizational unit responsible for enabling, governing, and coordinating an institution’s engagement with open-source software. OSPOs are increasingly adopted by public sector organizations — including intergovernmental bodies, national governments, and major operational centres — as the recognized best-practice mechanism for managing FOSS at institutional scale. This model is well established in comparable organizations: ECMWF has embedded FOSS practice as a core institutional activity; the World Bank operates its own open source programme with documented returns on institutional investment; and the UNDP and ITU, through their Open Source Ecosystem Enabler (OSEE) initiative, actively support the establishment of OSPOs across the UN system and in developing countries. An OSPO need not require a significant resource commitment — many effective OSPOs operate with a small, dedicated team — but it does require a clear institutional mandate and the authority to act across programme boundaries.

For WMO, an OSPO would serve as the central coordination function for FOSS across all programmes and projects, hosted within the Secretariat and operating with a cross-cutting mandate, enabling it to engage with all programmes, constituent bodies, and Members. The core functions of a WMO OSPO are described in the Governance and organizational functions section above. In practice, an OSPO also acts as a point of contact for Members seeking advice on FOSS matters, a liaison with external FOSS organizations, and a custodian of institutional knowledge on FOSS governance. It provides continuity across constituent body sessions, which volunteer Expert and Task Teams cannot reliably sustain.

Regardless of the specific organizational form adopted, there is a clear requirement for software governance to be systematic rather than ad hoc, and for clear, objective criteria to exist for evaluating and endorsing FOSS within WMO. It is equally important to note that WMO should not seek to develop its own registry of open-source software — existing registries and ecosystems (such as those maintained by OSGeo, the Digital Public Goods Alliance, and language-specific package repositories) already serve this purpose. WMO’s coordination role should focus on evaluating and recommending software from within these existing ecosystems, rather than duplicating their efforts.

Roles and responsibilities

Coordination of FOSS activities within WMO involves a range of actors:

Open Source Program Office (OSPO): Delivers the day-to-day coordination of FOSS activities across programmes and projects, including software evaluation, lifecycle oversight, guidance to implementors, management of external partnerships, and continuity of institutional knowledge across constituent body sessions.
WMO Secretariat: Provides the institutional mandate and home for the OSPO, and ensures FOSS governance is embedded within WMO’s broader programme management and regulatory framework.
Expert Teams and Task Teams: Provide domain-specific expertise in evaluating and developing FOSS relevant to their areas of responsibility. Expert Teams and Task Teams may identify candidate software for endorsement or develop Reference Implementations of WMO standards.
Communities of Practice: Serve as collaborative spaces where Members, developers and stakeholders work together on shared FOSS initiatives. Communities of Practice can play an important role in maintaining and evolving software that supports WMO standards, as demonstrated by the development of Reference Implementations within the WIS2 programme and the OpenCDMS project and initiative.
Members: Contribute expertise, code, testing and operational feedback. Members with mature FOSS programmes can serve as mentors and collaborators for those building capacity.

Whilst "Communities of Practice" have been listed above, these do not exist formally within WMO’s framework and constituent bodies, instead operating on an informal basis. Strengthening and formally recognizing these communities would have significant benefit.

FOSS project life cycle

FOSS projects and software typically progress through several stages:

Concept and prototyping: An initial requirement is identified and ideas are explored. These may often be part of the development of a new standard, such as the WIS2 standards, or in response to an operational need. At this stage, the software may be experimental and maintained by a small number of developers.
Development and pilot use: Following initial prototyping, the software gains maturity and may have additional contributors. The software is tested in pilot environments. Parallel to this, the standards that the software is implementing may also gain maturity and undergo further changes.
Operational use: Software, and standards, are ready for production use in operational environments. There will be established governance processes for the FOSS together with comprehensive documentation and contribution guides. The contributor base will have grown and be sustainable.
End-of-life and migration: When software is no longer actively maintained or has been superseded, clear guidance should exist for migrating to alternative solutions, including data migration. End-of-life planning is particularly important for software that Members depend on for operational services. Retirement planning should include: a data archiving plan to ensure secure storage and traceability of historical data; an assessment of migration costs and a defined transition path to maintain continuity of service; and clear assignment of responsibilities for decommissioning, including procedures to mitigate risks such as data loss or service disruption.

The WMO can support this lifecycle by providing evaluation criteria at each stage, recognizing software that meets established thresholds of maturity, and facilitating transitions when software reaches end-of-life. Established frameworks such as the OSGeo incubator and graduation process^[20] provide a useful model for structuring such a lifecycle within the WMO.

FOSS sustainability and risk management

Sustainability, and long-term maintenance and support, are amongst the most significant challenges in FOSS adoption. Software that is relied upon by Members, especially for operational services, must be maintained over the long-term, with timely security updates and patches, backwards compatibility and responsive support. Key risks to be managed include:

Key person dependency (bus factor): Over-reliance on a single, or small team, for critical software. When supporting FOSS development and adoption, the WMO should encourage a broad contributor base, shared governance, and pooling of resources for the support and development of critical software.
Lack of long-term support and maintenance: Not all FOSS projects have a sustained commitment to long-term support. Projects may cease active development without formal end-of-life notice, leaving Members dependent on unmaintained software with unaddressed vulnerabilities and no migration path. FOSS maintenance relies on community goodwill, institutional backing, or commercial arrangements with service providers — similarly to proprietary software, where such obligations are contractually defined but not always guaranteed in practice. Members should assess the long-term support model of any FOSS solution prior to operational adoption and have contingency plans in place should maintenance cease.
Security vulnerabilities: Software components must be subject to regular security reviews, including vulnerability testing, with clear disclosure and patching policies. Adequate resources must be in place to ensure any identified vulnerabilities are addressed in a timely fashion.
Dependency risk: Software often depends on a chain of upstream libraries and components. Understanding and monitoring these dependencies is essential for assessing overall project health. This includes changes to upstream licensing conditions.
Funding and institutional support: Whilst FOSS may be free of licensing costs there are still costs associated with the development, maintenance, implementation and operation of FOSS software. These costs are often hidden or neglected but should be taken into account. Capacity development costs — including staff training, upskilling, and the ongoing effort required to build and retain the expertise needed to evaluate, deploy and maintain FOSS — represent a significant and frequently underestimated component of these costs, particularly for Members with limited technical resources.

The WMO has a role in supporting FOSS initiatives and managing risks by promoting and supporting investment in the development and maintenance of FOSS software and in community management. This support may be realized through sources such as the WMO Voluntary Cooperation Programme (VCP), extra-budgetary resources and projects, and through broader stakeholder and donor engagement.

The WMO’s coordination role should include monitoring the health of FOSS that is critical to WMO programmes and alerting Members to emerging risks, such as previously promoted projects that show declining activity, unpatched vulnerabilities or loss of key maintainers.

Alignment with the WMO ecosystem

In the WMO context, FOSS initiatives should be aligned with the broader set of WMO activities in supporting Members. This includes:

Technical Regulations and standards: Co-development of Reference Implementations alongside the development and implementation of new regulations and standards; FOSS developed or endorsed should conform with and / or implement WMO standards. The WMO should also promote alignment and interoperability with open standards, such as those developed by the Open Geospatial Consortium (OGC).
Cross-programme and cross-project coordination: FOSS components are often relevant to multiple WMO programmes. Coordination can help avoid duplication, identify opportunities for shared development and ensure that Members benefit from a coherent set of tools rather than competing or overlapping solutions.

Supporting Members

A key function of WMO coordination is ensuring that all Members can benefit from FOSS, regardless of their technical capacity, and making sure that no Member is left behind. This includes:

Capacity building: Providing training, documentation and technical support to help Members evaluate, deploy and maintain FOSS solutions. This is particularly important for developing countries and small island developing States, where resource constraints may limit the ability to engage with FOSS communities directly.
Knowledge transfer: Facilitating the exchange of experience and expertise between Members, for example through workshops, code sprints and hackathons organized alongside WMO events or in collaboration with partner organizations.
Visibility and discovery: Helping Members identify FOSS that is relevant to their needs by curating recommendations and maintaining awareness of available tools within the WMO community, drawing on existing registries and partner ecosystems.

External partnerships

The WMO does not operate in isolation in the FOSS landscape. Established organizations such as the Open Source Geospatial Foundation (OSGeo), the Digital Public Goods Alliance (DPGA), the Apache Software Foundation and others have developed mature frameworks for FOSS governance, incubation and community management. WMO should seek to leverage these existing frameworks rather than developing parallel structures.

Potential areas for collaboration include:

Formal partnerships: Memoranda of Understanding (MoUs) with organizations such as OSGeo can provide a structured basis for collaboration on project governance, incubation and quality assurance.
Registration as Digital Public Goods: Key WMO FOSS implementations may qualify for registration with the DPGA, increasing their visibility and credibility within the broader international development community. The DPG Standard^[21] provides a structured quality framework covering licence compliance, documentation, privacy, and standards adherence.
Multilateral development partners: The UNDP and ITU, through their joint Open Source Ecosystem Enabler (OSEE) initiative, provide practical support to developing countries in establishing national open source ecosystems and Open Source Program Offices (OSPOs). This initiative represents a direct parallel to the OSPO model described in this guide, and presents an opportunity for WMO to partner with UNDP/ITU in promoting OSPOs across the meteorological and hydrological community. The World Bank maintains its own open source programme and has documented significant returns on institutional FOSS investment in geospatial and environmental data domains directly analogous to NMHS operations.^[22]
Joint events: Code sprints, hackathons and workshops organized in collaboration with partner organizations (such as OGC/OSGeo/ASF joint sprints or FOSS4G conferences) provide valuable opportunities for capacity building, community engagement and collaborative development.
Meteorological sector examples: The European Centre for Medium-Range Weather Forecasts (ECMWF) runs an annual open source innovation programme under the Copernicus Climate Change Service (Code for Earth),^[23] demonstrating how a major operational meteorological institution can embed FOSS practice as a core activity.
Regional digital innovation hubs: Regional digital innovation hubs, established in collaboration with Members, national and international development agencies, and regional organizations, can play an important role in the development and implementation of FOSS solutions, with a focus on meeting the needs of Members within a region. These could be co-located, or hosted, by existing regional centres. By enabling the development of regional communities around shared software solutions, FOSS can also support local service ecosystems, allowing expertise and associated economic value to be retained within the region rather than being dependent on external providers.

Standards compliance

FOSS can also play a significant role as an indicator of the feasibility of Technical Regulation implementation. As part of the standards development phase, developing the associated FOSS implementation(s) aids in determining "fit for purpose" of the specification. In addition, FOSS implementation during standards development allows for an open review and assessment on how a standard is implemented — covering supported network protocols, availability of tooling and libraries for integration, and the effort required for implementation. Where a FOSS implementation proves unexpectedly complex, this is a signal that the standard itself may need to be reviewed for scope or clarity before formal approval. Determining these aspects earlier in the development cycle allows the standard to be improved and adjusted while still in development, avoiding costly formal amendment processes once approved by WMO. The agile and parallel development of WIS2 standards and FOSS is a key example in this context (see Case study: WIS2, FOSS, and agile development).

Another indicator is the number of implementations. For example, the Open Geospatial Consortium (OGC) mandates that a proposed standard requires at least 3 implementations for consideration by its Technical Committee. This provides "proof" to the Technical Committee that the standard can be implemented, and has investment from various projects as early adopters.

In summary, while FOSS is not in scope for being identified as part of a Technical Regulation, it is a strong indicator of the maturity, applicability and sustainability of a given standard. Implementing FOSS during standards development provides safety in investment, iterative improvements, and confidence for widespread and sustainable adoption and implementation by Members.

Software review and evaluation

The identification and selection of software for WMO-related activities and Member implementations should follow a structured, transparent and repeatable assessment process. This applies equally to FOSS and proprietary solutions and aims to reduce technical, operational and organizational risks while increasing confidence in long-term sustainability, interoperability and compliance with WMO frameworks. Before adopting, recommending or endorsing a software solution, Members and WMO bodies are encouraged to perform a lightweight but systematic project assessment covering at least the following dimensions:

Purpose and scope alignment. The software should have a clearly defined purpose and scope, aligned with the intended operational, research or regulatory use case. Its role within the overall system architecture (for example,data production, exchange, discovery, processing or visualization) should be explicit and overlaps or dependencies with existing solutions should be identified.
Standards and regulatory compliance. The software should demonstrably support relevant WMO Technical Regulations, standards and recommended practices, as applicable (for example,WIS2, BUFR, GRIB, NetCDF, WMO Core Metadata Profile). Where full compliance is not yet achieved, gaps, limitations and mitigation measures should be clearly documented. For Members operating across national boundaries, cross-border data transfer requirements should also be assessed, covering applicable data protection frameworks and WMO data policies across the full data lifecycle — collection, processing, sharing, and archiving.
Licensing and policy compatibility. Licensing terms must be clearly stated and compatible with national regulations, WMO data policies and operational constraints. For FOSS, licences should be OSI-approved and allow redistribution, modification and operational use without legal ambiguity.
Project maturity and sustainability. The assessment should consider the maturity of the project, including release history, roadmap availability, versioning practices and evidence of operational use. Indicators such as the number of active contributors, governance transparency, institutional backing and the “key person dependency” (bus factor) provide insight into long-term sustainability and associated risks.
Security and risk management. The project should have documented security practices, including vulnerability reporting mechanisms, patching policies and incident response procedures. Known risks, external dependencies and lifecycle considerations (including end-of-life or migration paths) should be evaluated early in the selection process.
Technical quality and operational fitness. Software quality should be assessed based on documentation availability, test coverage, automation (for example,CI/CD), performance at NMHS-relevant data volumes, and ease of deployment, operation and maintenance. Evidence of production use within the WMO community or by peer organizations is a strong positive indicator.
Organizational readiness and total cost of ownership (TCO). Adopting organizations should evaluate internal capacity, including staff skills, support models, infrastructure requirements and TCO. This includes training needs, long-term maintenance effort and the ability to contribute fixes or enhancements upstream where appropriate. Where feasible, core functionality should be validated through a proof-of-concept or pilot deployment using representative operational data, including scenarios relevant to peak load or extreme conditions. Evaluation should conclude with a documented adoption decision — full adoption, conditional adoption subject to identified remediation, or rejection — with the rationale recorded for audit and future review.

To support early-stage identification and comparison, Members and WMO activities may also consult community-maintained software catalogues, such as the FOSS4G Observatory (https://project.oss4geo.org/). These platforms provide structured metadata for a wide range of open-source software projects, including functional scope, licensing, governance characteristics, development activity and dependency relationships. Such catalogues can assist with preliminary screening and ecosystem-level understanding, but the information they provide should be treated as indicative and complementary.

For consistency and transparency, WMO encourages the use of a common evaluation checklist or rubric, such as the one provided in Annex A, and promotes rolling reviews of selected software to account for evolving requirements, standards and ecosystem changes. This assessment process does not seek to formally “approve” specific software for inclusion in WMO Technical Regulations, but rather to provide confidence-based guidance and shared criteria to support informed decision-making and harmonized adoption across the WMO ecosystem.

Reference Implementations

Reference Implementations (RIs) are key resources for the precise implementation of a given standard or requirement set. Benefits of RIs include (but are not limited to):

validating the functionality and capability of a given standard (for example, for data encodings or interfaces)
providing a publicly available FOSS resource that is authoritative and can be studied to better understand and/or implement a standard
providing an implementation that Members may adopt directly, adapt to their operational context, or use as a reference basis for their own development

RIs developed alongside a given specification are especially useful for agile, rapid and iterative feedback during the specification definition phase, leading to the approval of Technical Regulations with confidence. Developing RIs as part of WMO Technical Regulation development is therefore strongly encouraged, to ensure fit for purpose and functionality. Where a WMO Technical Regulation is supported by an RI, referencing it within the regulation may be appropriate, though this should not be a requirement.

Note

The primary purpose of an RI is functionality coverage — demonstrating that a standard can be implemented correctly. While RIs need not initially target mission-critical or production environments, they may evolve into production-grade tools as community adoption grows, as demonstrated by several WIS2 implementations (see Case study: WIS2, FOSS, and agile development).

Case study: WIS2, FOSS, and agile development

The WMO Information System 2.0 (WIS2) is the framework for WMO data sharing in the 21st century for all WMO domains and disciplines. It supports the WMO Unified Data policy and the Global Basic Observing Network (GBON) and simplifies international, regional and national data sharing, making it more accessible and cost-effective. The idea that no Member should be left behind and the objective of lowering the barrier to adoption has been at the core of WIS2 development. These objectives inspire the principles underpinning the WIS2 technical framework, such as adopting open standards and Web technologies to facilitate sharing of increasing variety and volume of real-time data.^[24]

The WMO Executive Council, through Resolution 34 (EC-76)^[25] — Implementation plan update of the WMO Information System 2.0, endorsed the WIS2 implementation plan. The Resolution also recognized the importance of establishing a pilot phase to develop the WIS2 infrastructure and begin testing it, in order to be ready for a pre-operational phase in 2024, and then for the transition starting in 2025.

The pilot phase was completed at the end of 2023, with several Members collaborating in building the WIS2 infrastructure. Each Member had a different role in the WIS2 framework and implemented a specific component. Starting in January 2024, the implementation of WIS2 entered the pre-operational phase in preparation for transitioning to WIS2. On 01 January 2025, WIS2 became operational.^[26]

WIS2 is comprised of a number of key standards, including (but are not limited to):

Internet and messaging protocols for data and metadata transmission (HTTP, MQTT)
metadata encodings for dataset descriptions (WMO Core Metadata Profile) and notifications (WIS2 Notification Message)
topic structures for real-time notifications (WIS2 Topic Hierarchy)
interfaces and APIs for Global Services (Global Discovery Catalogue)

Throughout the WIS2 Implementation timeline, the architecture^[27], standards definitions as well as key software components were developed, deployed and tested in parallel, in an agile manner. These software components include (but are not limited to):

Software	WIS2 component(s)
wis2box	WIS2 Node
wis2-gdc	Global Discovery Catalogue
csv2bufr	CSV to BUFR encoding tool for station data
wis2downloader	Application for downloading real-time data from WIS2
pywis-pubsub	Python package providing notification message publishing, subscription and data download capability in WIS2

Software

WIS2 component(s)

wis2box

WIS2 Node

wis2-gdc

Global Discovery Catalogue

csv2bufr

CSV to BUFR encoding tool for station data

wis2downloader

Application for downloading real-time data from WIS2

pywis-pubsub

Python package providing notification message publishing, subscription and data download capability in WIS2

Driven by collaboration, the development and testing of FOSS significantly helped with early assessment of the WIS2 standards in development. As a result, WIS2 standards were being tested in an agile environment and rapid feedback was provided that helped refine, adjust and improve the standards early and often.

WIS2 FOSS implementations have resulted in a more stable and robust programme delivery with significantly reduced risk to Members. In addition, some tools have emerged as Reference Implementations. WIS2 Technical Regulations were approved with confidence as a result of the agile development of open standards and FOSS.

Glossary

AGPL (Affero General Public License): A copyleft licence that extends the obligations of the GPL to software used to provide network services, even without distribution. See also: [_licence_compliance_risks].
API (Application Programming Interface): A defined interface that allows software components to communicate with each other.
BUFR (Binary Universal Form for the Representation of meteorological data): A binary data format standardized by WMO for the exchange of meteorological observations.
CI/CD (Continuous Integration and Continuous Delivery): A software development practice in which code changes are automatically tested and, where configured, deployed. Widely used in FOSS projects to maintain software quality.
DPGA (Digital Public Goods Alliance): A multi-stakeholder initiative that endorses open source software, open data, and open content meeting its standard for digital public goods.
ECMWF (European Centre for Medium-Range Weather Forecasts): An independent intergovernmental organization operating one of the largest supercomputer facilities for numerical weather prediction.
EW4All (Early Warnings for All): A WMO initiative aimed at ensuring that every person on Earth is protected by early warning systems by 2027.
FAIR: A set of principles — Findable, Accessible, Interoperable, and Reusable — for managing scientific data and software to maximize their value and reusability.
FOSS (Free and Open Source Software): Software released under a licence that grants users the freedom to run, study, modify, and distribute the software and its source code.
GBON (Global Basic Observing Network): A WMO framework defining minimum observational requirements to support global numerical weather prediction.
GPL (GNU General Public License): A widely used copyleft licence that requires derivative works to be distributed under the same terms.
GRIB (GRIdded Binary): A WMO-standardized binary data format for gridded meteorological and oceanographic data.
Key person dependency: The risk arising when critical knowledge, code, or operational responsibility is concentrated in a single individual or very small group, such that the loss of that person threatens the continuity of a project or service. Sometimes referred to as the "bus factor".
LDC (Least Developed Country): A United Nations classification of countries with low levels of socioeconomic development, structural impediments to sustainable development, and limited capacity to integrate into the global economy.
LGPL (Lesser General Public License): A copyleft licence similar to the GPL but with reduced restrictions on linking, allowing proprietary software to use LGPL-licensed libraries without triggering copyleft obligations.
NMHS (National Meteorological and Hydrological Service): A government body responsible for providing meteorological and hydrological services within a country. WMO Members are typically represented through their NMHS.
NWP (Numerical Weather Prediction): The use of mathematical models of the atmosphere to forecast weather based on current conditions.
OGC (Open Geospatial Consortium): An international standards organization developing open standards for geospatial content and services.
OSGeo (Open Source Geospatial Foundation): A non-profit organization supporting the development and adoption of open source geospatial software.
OSEE (Open Source Ecosystem Enabler): A joint initiative of UNDP and ITU to support developing countries in establishing national open source ecosystems and Open Source Program Offices.
OSI (Open Source Initiative): A non-profit organization that promotes and protects open source software and maintains the canonical list of OSI-approved licences.
OSPO (Open Source Program Office): A dedicated organizational unit responsible for enabling, governing, and coordinating an institution’s engagement with open source software.
SIDS (Small Island Developing States): A distinct group of developing countries facing specific social, economic and environmental vulnerabilities, recognized by the United Nations as requiring special attention in the sustainable development context.
TCO (Total Cost of Ownership): The full cost of acquiring, deploying, operating, and maintaining a software solution over its lifetime, including both direct and indirect costs.
VCP (Voluntary Cooperation Programme): A WMO programme through which Members contribute resources to support meteorological and hydrological capacity development in other Members.
WIS2 (WMO Information System 2.0): The WMO framework for data sharing in the 21st century, based on open standards and web technologies, supporting the WMO Unified Data Policy.

References

FOSS practice and governance

Raymond, Eric S.: The Cathedral and the Bazaar (1999)
Fogel, Karl: Producing Open Source Software: How to Run a Successful Free Software Project (2024) ^[28]
European Commission / Open Source Observatory: OSOR Handbook on Open Source Software in Public Administration (2026) ^[29]
Public Digital: Open Source in Government (2021) ^[30]
Free Software Foundation Europe: Public Money? Public Code! ^[31]

Economic impact studies

Blind, K. et al.: The Impact of Open Source Software and Hardware on Technological Independence, Competitiveness and Innovation in the EU Economy, European Commission (2021) ^[32]
GFDRR/World Bank: OpenDRI and GeoNode — A Case Study for Institutional Investment in Open Source ^[33]
Linux Foundation: Active Open Source Contribution Delivers 2–5x ROI (2025) ^[34]

National and regional policies

European Commission: Open Source Software Strategy 2020–2023 — Think Open (2020) ^[35]
Regulation (EU) 2024/903: Interoperable Europe Act ^[36]
Regulation (EU) 2024/2847: Cyber Resilience Act — open source implications ^[37]
United States Office of Management and Budget: Federal Source Code Policy (OMB M-16-21, 2016) ^[38]
Government of Canada: Open First Whitepaper (2020) ^[39]
New Zealand Government: NZGOAL Software Extension (NZGOAL-SE) ^[40]
Ministry of Electronics and Information Technology (MeitY), India: Policy on Adoption of Open Source Software for Government of India (2015) ^[41]
Information-technology Promotion Agency (IPA), Japan: 2024 Open Source Promotion Report ^[42]
Government of Brazil: Portal do Software Público Brasileiro ^[43]
African Union Commission: Digital Transformation Strategy for Africa 2020–2030 ^[44]
Center for Strategic and International Studies (CSIS): Government Open Source Software Policies database ^[45]

Multilateral and international resources

Digital Public Goods Alliance: Digital Public Goods Standard ^[46]
UNDP / ITU: Open Source Ecosystem Enabler (OSEE) ^[47]
UNDP Digital Standards — Standard 9: Default to Open ^[48]
World Bank: Open Source for Global Public Goods (2020) ^[49]
EU Open Source Observatory: Open Source Software Country Intelligence (60+ countries) ^[50]

Meteorological sector

ECMWF: OpenIFS ^[51]
ECMWF / Copernicus Climate Change Service: Code for Earth ^[52]
WMO: Provisions for the Transition from the WMO Information System (WIS) 1.0 and Global Telecommunication System to WIS 2.0 (WMO-No. 1323) ^[53]

Annex A: FOSS evaluation rubric

Category	Indicator
Licence Compatibility	Licence is permissive (MIT, BSD, Apache 2.0)
Compatible with NMHS mandates and data policies
No restrictions on data sharing or commercial use
Licence is OSI-approved
Licence is clearly stated (no licence = reject)
Security	Clear security vulnerability policy/process
Prompt patch releases (within days)
No known unpatched CVEs
Regular security checks (for example,daily or automated)
Project Health	Public issue tracker
Source code under version control (for example,on GitHub, GitLab, Codeberg or other version control system)
Active communication channels (forum, mailing list, chat)
Wiki or documentation site
Contribution guidelines or agreements
Community Health	Multiple active contributors
Supported by major NMHSs, WMO Programmes, or recognized consortia
Low key person dependency / bus factor (not reliant on one person)
Code of conduct available
Openness & Governance	Transparent governance model
Open contribution process
Alignment with WMO standards (BUFR, GRIB2, NetCDF)
Decision-making process documented
Source code openly available (mandatory)
Technical Quality & Fit	High test coverage
Continuous Integration (CI) in place
Comprehensive documentation (user, developer, admin)
Proven ability to handle NMHS-scale data volumes
Validated in operational NMHS environments
Clear release lifecycle and package management

Annex B: Data policies

Annex C: AI Tool Use in FOSS

Overview of Issues

A Scientific Python blog post, Community Considerations Around AI Contributions, provides a good introduction to concerns and possible benefits of AI tool use.

Examples of FOSS project AI tool usage policies

GDAL: LLM tool policy
matplotlib: Use of Generative AI guidelines
NumPy: AI Policy
OpenJDK: Interim Policy on Generative AI
Python: Generative AI guidelines
QGIS: AI tool use policy
Zarr-Python: AI-assisted contributions guidelines

Overall landscape of FOSS AI tool usage policies

Kate Holterhoff, "The Generative AI Policy Landscape in Open Source". RedMonk article, 26 Feb 2026. https://redmonk.com/kholterhoff/2026/02/26/generative-ai-policy-landscape-in-open-source
Melissa Weber Mendonça, list of open source AI contribution policies. https://github.com/melissawm/open-source-ai-contribution-policies]