The Standard for Public Code is a set of criteria that supports public organizations in developing and maintaining software and policy together.
Anyone developing software or policy for a public purpose can use this standard to work towards higher quality public services that are more cost effective, with less risk and more control.
This introduction introduces the term public code, explains why this is important, and introduces the process through which software and policy code can become certified public code.
Public code is both computer source code (such as software and algorithms) and public policy executed in a public context, by humans or machines. Public code is explicitly distinct from regular software because it operates under fundamentally different circumstances and expectations.
There are many reasons for why public code is relevant now.
Software is public infrastructure.
In the 21st century, software can be considered vital public infrastructure. It is increasingly not just the expression of existing policy but the originator of new policy – for example where algorithms decide which districts need extra social services or policing.
Software mechanics, algorithms and data collection have become key elements in the execution of public policies. Computer code now executes policies that have been codified in legal code through democratic procedures. Both forms of code set conditions for society to function according to democratically set public values, the latter executed by humans, the former by machines. In other words, software code has increasingly started to equal legal code.
Software should therefore be subject to the principles of democratic governance.
Current public software production methods have not served public service delivery very well.
In the last decade, public organizations that purchased complete software solutions have sometimes been surprised to discover that they:
- can’t change their software to reflect changing policy or take advantage of new technology
- don’t have access to their data as it's locked into proprietary systems
- are asked to pay ever increasing license fees
Public institutions, civil servants and residents deserve better.
We believe the software that runs our society can no longer be a black box, controlled by outside companies that keep the underlying logic on which their software operates hidden in proprietary codebases. Instead, governments and the people they serve need technological sovereignty – allowing them to set and control the functioning of public software, just like they are able to set and control policy that is legally formulated in laws. Citizens and civil society actors need this software to be transparent and accountable.
The design of software as essential civic infrastructure should honor digital citizens’ rights.
Public code is at the core of modern public institutions, shapes the work of civil servants and affects the lives of almost all residents.
Public software must therefore be:
- transparent
- accountable
- understandable for its constituents
It must reflect the values of the society it serves, for example by being inclusive and non-discriminatory.
Most proprietary software systems currently used by public organizations do not meet these requirements. Public code – software built to operate with and as public infrastructure, along with the arrangements for its production – does.
We consider public code to have these core values:
- Inclusive
- Usable
- Open
- Legible
- Accountable
- Accessible
- Sustainable
Public code is open source software meant for fulfilling the essential role of public organizations. Through use, other administrations contribute back to the software, so that its development and maintenance become truly collaborative.
Being open unlocks many other things.
Local responsibility and democratic accountability are ensured when a public organization implements and maintains their own public code. By being open and with a broader contributor base, the software is more secure – it benefits from many eyes spotting potential flaws. Many contributors share the maintenance work to keep it functional and modern, which reduces future technical debt. The shared workload is more sustainable now and in the future. Its openness makes the code and its data more easily adaptable in the future – it will be easier to retool, repurpose or retire. This all results in lower risk public infrastructure.
This pooling of resources lets public administrations give extra attention to how to customize the software so it works best in each local context - creating better user experiences for their end users (residents or citizens).
Public code offers a better economic model for public organizations as well as for commercial companies. It's an alternative to traditional software procurement which increases local control and economic opportunity.
Designed from the start to be open, adaptable and with data portability, it can be developed by in-house staff or trusted vendors. Because the code is open, the public administration can change vendors if they need to. Open code increases opportunities for public learning and scrutiny, allowing the public administration to procure smaller contracts – thereby making it easier for local small and medium enterprises to bid. Public administrations can use their own software purchasing to stimulate innovation and competition in their local economy.
This can be seen as investment leading to future economic growth – more vendors will be necessary due to growing technology demand.
Public code can be used and developed by permanent in-house development teams, contractors or outsourced suppliers. Vendors to public organizations can include public code in their bids for contracts.
To use existing public code, you need to specify in your budget and project design that your new solution will use that codebase. To encourage an innovative approach to adapting the public code to your context, you could describe the service or outcome in your contract.
The Foundation for Public Code ensures that codebases under its stewardship (and not in incubation or the attic) are compliant with the Standard for Public Code. This makes clear to potential users and contributors that the codebase is of high quality, and updates will be too.
The audit performed by the Foundation for Public Code is meant to complement machine testing, as machines are great at testing things like syntax and whether outcomes align with expectations. Things meant for humans, such as testing whether documentation is actually understandable and accessible in context, the commit messages make sense, and whether community guidelines are being followed are impossible for machines to test.
The audit tests the entire codebase, including source code, policy, documentation and conversation for compliance with both the standards set out by the Foundation for Public Code and the standards set out in the codebase itself.
Every time a contribution is suggested to a codebase – through for instance a merge request – the codebase stewards of the Foundation for Public Code will audit the contribution for compliance with the Standard for Public Code. New contributions can only be adopted into the codebase after they have been approved as compliant with the Standard for Public Code, and have been reviewed by another contributor.
The audit is presented as a review of the contribution. The codebase steward gives line by line feedback and compliance, helping the contributor to improve their contribution. The merge request cannot be fulfilled until the codebase stewards have approved the contribution.
graph TD;
S0((Contributor<br>submits a<br>merge request)) --> S1{+};
S1 --> S2(Auditor team member assigns<br>merge request to themselves<br>within 2 business days);
S2 --> S3(Check changes for project governance<br>and Public Code compliance);
S3 --> S4{X};
S4 -->|Not compliant|S5(Post what needs to be<br>done so the contributor<br>can make the changes);
S5 --> S6(Set request status to<br>'Changes requested');
S6 --> S7(Make new commits to the code to<br>resolve review and audit issues);
S7 --> S8((Request<br>updated));
S8 --> S1;
S4 -->|Compliant| S9{+};
S9 --> S10(Set request status<br>to 'approved' and<br>post positively);
S10 --> S11(Merge);
S11 --> S12((End));
S1 --> S13(Maintainer check changes for usefulness,<br>value added and 'mergeability');
S13 --> S14{X};
S14 -->|Can be merged| S9;
S14 -->|Needs changes|S5(Post what needs to be<br>done so the contributor<br>can make the changes);
S14 -->|Cannot be merged|S15(Post why the request<br>cannot be merged<br>and close it);
S15 --> S16((Merge<br>request<br>rejected));
For the codebase to be completely certified every meaningful line of code, and the commits behind the code, need to meet the Standard.
If codebases have been completely audited from the first merge request they can be immediately certified as compliant with the Standard for Public Code.
If the audit process is added to an existing codebase, the new merge requests can be certified, but the existing code cannot be certified. By auditing every new merge request the codebase can move incrementally towards being completely certified.
This Standard supports developers, designers, business management and policy makers to:
- develop high quality software and policy for better public service delivery
- develop codebases that can be reused across contexts and collaboratively maintained
- reduce technical debt and project failure rate
- have more granular control over, and ability to make decisions about, their IT systems
- improve vendor relationships with a better economic model
The Foundation for Public Code helps public organizations share and adopt open source software, build sustainable developer communities and create a thriving ecosystem for public code. It does this through codebase stewardship. For this process the codebase stewards use the Standard for Public Code to make sure the code it stewards is high quality as well as collaboratively maintainable.
Potential users of codebases tested against the Standard for Public Code can expect them to be highly reusable, easily maintainable and of high quality.
The Standard for Public Code does this by:
- setting out a common terminology for public code development
- establishing measures to help develop high quality public code
- providing guidance on how to fulfill its criteria and operationalize compliance
The Standard for Public Code is meant to be time and technology independent.
The Standard for Public Code is for the people who create and reuse public code:
- policy makers
- business and project management
- developers and designers
These people work at:
- institutions, organizations and administrations in the public sector
- consultancies and vendors of information technology and policy services to public organizations
It is not aimed at public organizations' end users (residents or citizens), journalists or academics.
- "Modernising Public Infrastructure with Free Software" whitepaper by the Free Software Foundation Europe.
- Collaborative Code is the Future of Cities @ DecidimFest 2019. Talk by Ben Cerveny on the background behind the Foundation for Public Code.
- Public Money? Public Code! - Panel @ Nextcloud Conference 2019. Touches on topics like procurement, law and more.
This standard is a living document. Read our contributor guide to learn how you can make it better.