The Document Foundation criticises the European Commission for requiring feedback in Microsoft’s XLSX format for a Cyber Resilience Act consultation, warning it undermines interoperability and disadvantages open source users.
The Document Foundation has issued an open letter to the European Commission criticising the exclusive use of Microsoft’s proprietary XLSX format for submitting feedback on guidelines related to the Cyber Resilience Act.
The Commission launched the consultation on 3 March 2026, requiring stakeholders to submit responses through an XLSX template by 31 March 2026. The Foundation argues that mandating this format contradicts the EU’s stated commitments to interoperability and open standards.
Although XLSX is standardised as OOXML (ISO/IEC 29500), the organisation says Microsoft’s implementations frequently diverge from the specification. Undocumented feature changes can complicate compatibility with open-source software such as LibreOffice.
The Foundation has called for the consultation template to also be provided in Open Document Format (ODF) before the submission deadline. The .ods spreadsheet format used by ODF is a vendor-neutral ISO standard. It also suggests offering a web-based form or plain-text option to enable broader participation.
According to the Foundation, requiring XLSX alone creates structural bias against open-source users. Editing the template in LibreOffice may cause compatibility issues with advanced formatting or macros, potentially affecting small organisations and public authorities that rely on ODF-based workflows.
The Foundation points to EU initiatives such as the European Interoperability Framework and the EU Open Source Software Strategy as commitments to open standards. It also notes that the Cyber Resilience Act itself seeks to reduce systemic risks from dependencies on non-transparent technologies.
The Act entered into force on 10 December 2024, with reporting obligations beginning on 11 September 2026 and full requirements applying from 11 December 2027.
The Foundation has invited FOSS organisations and advocates to sign the open letter. The European Commission has not yet responded.
