The EMBAG law stipulates that all public bodies must disclose the source code of software developed by or for them, unless precluded by third-party rights or security concerns. This mandate aims to ensure greater transparency, security, and efficiency in government operations by promoting the use of OSS, which allows for public scrutiny and contribution to the software code.
One of the critical aspects of this law is encapsulated in Article 9, which not only mandates the disclosure of source code but also allows public bodies to offer additional services related to support, integration, or IT security, provided these services align with public tasks and are offered at a cost-covering remuneration. This provision ensures that while fostering OSS, the government can also maintain a competitive balance and avoid market distortion.
The crux of it really comes down to public money being used for these services. An added benefit of course is that the software could be supported if the supplier goes out of business. Vendor lock-in is a major risk in public sector IT and this helps break that perception / reality. As for security it must be remembered that this is the operational code, and not user data, encryption keys, API keys, etc which always remain private.