In France, a planned shift from Windows to Linux is, for now, far more limited than initially suggested. The central Interministerial Digital Directorate (DINUM) is not planning to migrate millions of desktops (yet!), but is instead targeting a much narrower goal: equipping around 250 of its own staff with Linux-based machines by the end of the year. A constrained scope, but openly acknowledged.

The project follows a gradual approach. It was first tested on around forty workstations used by system administrators (sysadmins), before being extended to roughly thirty additional users with more diverse profiles. This phased rollout lies at the core of the strategy. Rather than replacing an existing environment in one move, the aim is to validate real-world usage, identify friction points, and expand incrementally.

On the ground the main constraint is not technical, but operational. The coexistence of Windows and Linux environments creates friction points.

“What’s difficult is when half of users are on a closed system and the other half on an open one,” DINUM explains in a briefing this April attended by The Stack. Compatibility at the level of day-to-day use — rather than tools themselves — becomes the central issue.

To reduce these frictions, DINUM is prioritising browser-based applications. Shifting towards web environments reduces reliance on locally installed software and helps ensure compatibility across systems. This approach also supports a controlled scale-up, both in terms of cost and user support. 

Change management follows the same logic. The aim is not to roll out large-scale training, but to align tools with existing workflows.

 “That’s what open source brings us: the ability to adapt solutions to the day-to-day needs of public sector users,” they note. In practice, the transition is meant to be almost imperceptible.

NixOS: a distinctly “French” environment

Behind this limited rollout sits a more fundamental technical choice. DINUM has opted for a lesser-known Linux distribution, NixOS, built around a core principle: reproducibility.

Each workstation is defined through a declarative configuration stored as code, ensuring that an environment can be recreated identically regardless of the starting point. Where more traditional distributions such as Ubuntu - already deployed within the French police force - or Windows environments can lead to inconsistencies between machines, this approach aims to standardise deployments at scale.

This foundation is structured around two main components. The first, Sécurix, targets technical profiles. It is a hardened environment designed for system administrators, with enhanced security requirements. 

See also: France to scrap Zoom, Meet, Webex for homegrown rival

The second, Bureautix, is intended for more typical office use. It runs on KDE Plasma, offering a Windows-like interface to minimise disruption for users. Designed as a ready-to-use workstation, it includes multiple office suites — LibreOffice, OnlyOffice and WPS Office — to ensure compatibility with existing formats. For communication, Thunderbird is used for email, while Signal and Element replace proprietary messaging tools.

Beyond the tools themselves, the underlying approach is to treat the workstation as a software-defined object. Rather than a fixed solution, the system is designed as a flexible starting point. Each administration can adapt it to its own constraints and integrate its own business applications. The goal is clear: enable a cross-government rollout without imposing a single standardised environment, while still maintaining a shared technical foundation. In that sense, Sécurix and Bureautix are not finished products, but building blocks on which each ministry can develop its own tailored setup.

Hardened security, reduced dependencies

Sécurix builds on a NixOS configuration layer designed to meet the requirements of ANSSI, France’s national cybersecurity authority. It includes a customised Linux kernel along with reinforced security modules. One of the most visible changes concerns authentication: traditional passwords are no longer the primary method. Access is instead handled via FIDO2 hardware keys. In practice, users authenticate with a physical USB key, such as a YubiKey, although a password remains available as a fallback.

This choice makes the broader intent clear. The goal is not simply to replace an operating system, but to regain control over a workstation now seen as strategic. It is also in this context that DINUM positions its work within a wider dependency reduction plan, which it acknowledges is “influenced by the geopolitical context.”

Digital sovereignty is therefore approached in practical terms. It means retaining the ability to switch technologies when needed — whether for legal, industrial or technical reasons. It also implies having the internal capabilities to understand and operate these systems over time, rather than relying entirely on external vendors.

This logic also shapes how the state approaches the technologies it uses. The objective is not just to rely on existing components, but to actively support and influence their evolution. In other words, the state aims to play a more active role in the ecosystems it depends on, rather than remaining a passive user.

The approach remains pragmatic, though not without some contradiction. Sécurix and Bureautix are currently hosted on GitHub owned by… Microsoft. DINUM is fully aware of this, and points out that the code is released under an open-source licence, meaning it can be moved at any time to another platform.

This does not prevent the next phase from already being defined. DINUM plans to deliver, by the end of the summer, a structured roadmap for each ministry, aimed at mapping dependencies and laying the groundwork for a shared trajectory. A way of moving from an internal experiment to a broader ambition across the entire French state.

The link has been copied!