FILE FORMAT INTEROPERABILITY ACT  ·  Draft v0.2  ·  April 2026
A Legislative Proposal · Open for Consultation

Your data.
Your format.
Your way out.

A legislative proposal for open file formats, consumer choice, and digital sovereignty.

I.
The Problem

The data is yours. Until it isn't.

Modern economies run on files. Contracts. Medical records. Architects' drawings. Financial models. Court bundles. The everyday output of every desk worker in the country, all of it sitting in formats designed and controlled by private vendors.

When those formats are proprietary and undocumented, the data inside them belongs, in practice, to the vendor. The customer pays for the licence, creates the content, and still cannot leave.

This isn't a side-effect of software design. It's a deliberate commercial strategy, one that quietly compounds across years until migration costs are catastrophic, switching is unthinkable, and a decade of institutional memory exists only as a binary blob nobody outside the vendor can fully parse.

Markets correct lock-in only when buyers can see and price the cost of leaving at the moment of purchase. They cannot. That is the kind of failure legislation exists to correct.

  1. Customers pay above-market prices because switching is expensive, not because the product is best in class.
  2. Competitors cannot enter markets even when they have a superior product, because no buyer can risk stranding their existing data.
  3. Public bodies become structurally dependent on vendors over which their elected representatives have no jurisdiction.
  4. Long-lived records (medical, legal, scientific, cultural) become unreadable when the originating product is discontinued or its licensing terms change.
  5. National infrastructure becomes hostage to the commercial decisions, sanctions regimes, and political preferences of foreign legislatures.
"
Hardware sovereignty without format sovereignty is a half-built bridge.
The central premise of the Act
II.
The Principles

Six principles.

  1. Data created by a customer belongs to the customer. The format in which that data is stored should not be a mechanism for asserting a claim over it.

  2. A specification, once published, is a public good. Publishing it costs the vendor little and yields the customer a great deal.

  3. Competition between vendors should turn on the quality of features, performance, support, and price. Never on the inability of customers to leave.

  4. Long-lived records of public, scientific, legal, and cultural value must remain readable beyond the commercial lifetime of any single product.

  5. National sovereignty over data infrastructure requires format sovereignty as a precondition.

  6. Innovation is not threatened by openness. It is sharpened by it.

III.
The Act

What the Act does.

  1. Publish the specification.

    Any commercial software offered in the jurisdiction must publish a complete, accurate technical specification of every file format it reads or writes. Detailed enough that a competent third party could build a fully compatible reader and writer without reverse engineering.

  2. Keep it current.

    The specification must be updated at or before the moment any change is shipped to customers. Historical versions stay published for at least fifteen years after a format is retired, so long-lived records remain readable.

  3. Grant a patent licence.

    Any party implementing a reader or writer in accordance with the specification gets an irrevocable, royalty-free, worldwide patent licence for that purpose. No bait-and-switch through patent enforcement.

  4. No contractual workarounds.

    End-user licence terms and technical measures cannot be used to prohibit, penalise, or impede customers and third parties from building or using alternative readers and writers. The right of exit is real.

  5. Light-touch enforcement.

    A designated regulator handles complaints, issues notices for non-compliance with reasonable cure periods, and escalates only on persistent or wilful disregard. The objective is publication, not punishment.

  6. Sensible exemptions.

    Hobbyist developers and small enterprises are exempt below a revenue threshold. Open-source projects with public source already comply. Genuine cryptographic primitives are protected. The targets are commercial moats, not solo builders.

IV.
The Evidence

Open formats always win.

Critics often argue that opening up file formats will harm innovation. The historical record argues the opposite. Every major transition from a proprietary format to an open one has been followed by an explosion of adoption, a wave of new entrants, and a level of interoperability the closed era could not produce. These are not edge cases. They are the foundations on which the modern internet runs.

Case Study · 1993–Present

PDF: a proprietary format that became universal once it opened.

Adobe created PDF in 1993 and controlled it as a proprietary format for fifteen years. It did well in that period, but its real ascent began in 2008, when Adobe handed the specification to ISO. PDF 1.7 became ISO 32000-1, control passed to a committee where Adobe holds one vote among many, and PDF 2.0 (ISO 32000-2, 2017) removed the last proprietary references entirely.[3]

Today the spec is freely available, and PDF is the closest thing the world has to a universal document format. Adobe still sells excellent PDF tools and competes with dozens of others on quality. The format is bigger, healthier, and more competitive than it ever was as a closed property.

Case Study · 1996–Present

PNG: open from the start, and unstoppable because of it.

PNG was designed in the mid-1990s as a deliberate open replacement for GIF, which at the time was encumbered by a software patent on its compression algorithm. The specification became a W3C Recommendation in 1996, ISO/IEC 15948 in 2003, and was updated to a third edition in 2025.[4]

Because PNG was open and patent-free from day one, every browser, every operating system, every image library and every camera manufacturer could implement it without paying a licence fee. PNG is now ubiquitous. The proprietary formats it competed against have either become open in turn, or faded away.

The Pattern

TCP/IP, ODF, OCI: the same story, told repeatedly.

The Transmission Control Protocol[1] and the Internet Protocol[2] were openly specified through the IETF, with no patent royalties and no licensing gatekeeper. They displaced a generation of proprietary networking stacks not because they were technically superior at the outset, but because anyone could implement them. The OpenDocument Format[5] did the same thing for office documents. The Open Container Initiative[6] did it for the container runtimes that power most of modern cloud computing.

The pattern is consistent enough to count as a rule. Open formats survive their creators. Closed ones do not.

V.
The Benefits

Who benefits, and how.

Business

Vendors compete on the quality of their products, not on how expensive it is to leave them. Better software wins. Lazy software loses.

Customers

A clinic can change records platforms. A studio can change CAD vendors. A school can keep twenty years of pupil work in a form any future system can read.

Progress

Every great open standard accelerated innovation rather than slowed it. Openness sharpens the edge, it doesn't dull it.

Public Records

Medical, legal, scientific and cultural records remain readable beyond the commercial lifetime of the product that created them. Files outlive vendors.

On Digital Sovereignty

You can host your own servers,
employ your own engineers,
and still be unable to read your own files.

Several governments (the United Kingdom, France, Germany, the European Union) have made reducing dependence on a small number of foreign technology providers a strategic priority. Resilience. Jurisdictional control. The ability to enforce domestic law on critical national systems.

None of those goals can be achieved while the file formats underlying public-sector data are proprietary and undocumented. A government may control every layer of its stack and still find itself unable to read its own records without licensing software from a single foreign company.

The Act fixes this without favouring any single vendor. It removes the advantage of market dominance by any single business, and lets sovereignty follow.

VI.
The Timeline

Phased rollout.

Vendors get a reasonable period to comply without disrupting ongoing business operations. The Act doesn't appear overnight; it lands in stages.

  1. Months 0–6
    Statute enacted. Designated regulator established. Consultation period for guidance documents.
  2. Months 6–18
    Public-sector procurement clauses take effect for new contracts. Vendors of widely-deployed enterprise products receive priority engagement.
  3. Months 18–36
    Disclosure obligations apply to all covered software above the small-enterprise threshold. Enforcement powers become operative.
  4. Months 36+
    Sliding-scale obligations extend down through smaller vendors. Periodic statutory review every five years.
VII.
The Alignment

Aligned with what already exists.

Several existing legal instruments touch on related concerns and would benefit from explicit alignment with the proposed Act. The proposal isn't a leap into the unknown; it's the missing piece.

EU · 2022

Digital Markets Act[7]

Establishes interoperability obligations for designated gatekeepers. The proposed Act extends a narrower obligation, format disclosure rather than full interoperability, to a wider class of vendors. Where the DMA targets the largest platforms, this Act addresses the long tail.

EU · 2023

Data Act[8]

Provides rights of access and portability for data generated by connected products. Format disclosure is the logical and necessary complement: portability rights mean little if the format the data lands in is itself closed.

EU · 2016

GDPR, Article 20[9]

Grants data subjects a right to portability of their personal data in a structured, commonly-used, machine-readable format. The proposed Act ensures such formats actually exist and remain readable across vendor boundaries.

VIII.
The Objections

Objections, answered.

Objection 01

"This will harm innovation."

It will not. Innovation happens in the visible features customers buy, not in the hidden formats that hold them hostage. Part IV walks through the historical record. Every major open-standard transition in computing, from networking to documents to container runtimes, has accelerated rather than slowed the pace of innovation.

Objection 02

"Trade secrets will be exposed."

A file format is not a trade secret in any defensible sense. It's the surface across which the product communicates with the data the customer paid to create. The clever algorithms, optimisation techniques, and product designs that constitute genuine intellectual property remain entirely within the vendor's implementation. Publishing how a file is laid out exposes none of this.

Objection 03

"Compliance will be expensive."

Internal format documentation already exists at every serious software company. It has to, or the product could not be maintained. The cost of compliance is principally the cost of cleaning that documentation for publication. For new products, the cost is essentially zero if the discipline is built in from day one.

Objection 04

"This disadvantages domestic vendors against foreign ones."

On the contrary. The Act applies to any vendor offering covered software in the jurisdiction, regardless of where they are headquartered. It levels the field by removing a structural advantage that today accrues disproportionately to incumbents and to vendors with the resources to maintain proprietary moats.

Objection 05

"The big vendors will simply leave the market."

They will not. The Act applies wherever software is sold, and the markets it covers are too large and too lucrative to abandon. The same argument was made before every major consumer-protection law of the last fifty years. Vendors complied, kept selling, and in most cases prospered.

It does one thing: it requires that the door out of every product be visible from inside it.

That single requirement, modest as it sounds, restores the basic conditions under which markets work and under which sovereign states can govern their own digital infrastructure.

It returns to citizens and businesses something they assumed they already had: ownership of the data they create.

Already endorsed by

supporters

A public list of the people and organisations who back this proposal. Add yourself by opening a pull request against endorsements.json, or via the issue template if you'd rather not make an account.

Loading endorsements…

The case for action is strong.
The case for delay grows weaker every year.

Read the full proposal. Share it with legislators, industry bodies, and civil-society organisations. Comments, drafting suggestions, and expressions of support are welcomed during the consultation period.

Read the Full Proposal Endorse the Draft

References

  1. Transmission Control Protocol, RFC 9293, Internet Engineering Task Force, August 2022. rfc-editor.org/rfc/rfc9293
  2. Internet Protocol, RFC 791, Information Sciences Institute, September 1981. rfc-editor.org/rfc/rfc791
  3. ISO 32000-2:2020, Document management, Portable document format, Part 2: PDF 2.0. Free copy hosted by the PDF Association. pdfa.org/resource/iso-32000-2/
  4. Portable Network Graphics (PNG) Specification, Third Edition, W3C Recommendation, 24 June 2025. Also published as ISO/IEC 15948. w3.org/TR/png-3/
  5. OpenDocument Format for Office Applications, Version 1.3, OASIS Standard, 2021. Also ISO/IEC 26300. docs.oasis-open.org/office/OpenDocument/v1.3/
  6. Open Container Initiative Image Specification, maintained by the Linux Foundation. github.com/opencontainers/image-spec
  7. Regulation (EU) 2022/1925 of 14 September 2022 on contestable and fair markets in the digital sector (Digital Markets Act). eur-lex.europa.eu/eli/reg/2022/1925/oj
  8. Regulation (EU) 2023/2854 of 13 December 2023 on harmonised rules on fair access to and use of data (Data Act). eur-lex.europa.eu/eli/reg/2023/2854/oj
  9. Regulation (EU) 2016/679 of 27 April 2016 (General Data Protection Regulation), Article 20 on the right to data portability. eur-lex.europa.eu/eli/reg/2016/679/oj