France’s 2.5M Linux desktop migration: what IT leaders must know

TL;DR:

• DINUM ordered a national move away from Windows: ministries must map extra‑European dependencies and submit plans by fall 2026; ~2.5 million civil‑servant desktops are in scope.
• France plans an Ubuntu LTS‑based desktop (building on GendBuntu) and a homegrown collaboration stack, La Suite Numérique, to replace Microsoft/US tooling.
• Big wins: stronger digital sovereignty and licensing savings. Big risks: legacy Windows apps, retraining, helpdesk scale, and tight timelines.
• Immediate action for IT leaders: inventory apps, prioritize pilots, and design hybrid remediation paths (virtualization, compatibility layers, or reengineering).

Quick 10‑minute checklist

1. Start an application inventory and tag Windows‑only critical apps.
2. Identify user groups with specialized software (lab, CAD, tax systems, etc.).
3. Choose a pilot cohort (500–2,000 users) spanning helpdesk, admin, and field teams.
4. Map identity and SSO dependencies (ProConnect or equivalent).
5. Estimate helpdesk capacity: prepare for a surge in first‑month support tickets.
6. Confirm hosting and data residency requirements (SecNumCloud or equivalent).
7. Set KPIs: app compatibility rate, helpdesk calls/user, and time‑to‑task completion.

Why this matters beyond France

DINUM’s order is a practical application of digital sovereignty: moving control of core software and data to EU‑centric, open‑source alternatives reduces geopolitical and vendor concentration risk. That matters to any enterprise or public CIO managing supplier risk, compliance with local data laws, or the costs of long‑running vendor lock‑in.

“The State can no longer simply acknowledge its dependence; it must break free. We must become less reliant on American tools and regain control of our digital destiny.”

— David Amiel, minister of public action and accounts

It’s also a logistics problem at national scale. Reimaging 2.5 million endpoints is not an update — it’s a coordinated, multi‑year migration program touching procurement, legal, training, operations, and service delivery. The choices France makes will be watched across the EU and by vendors that supply cloud and endpoint ecosystems.

What exactly was ordered?

On April 8, 2026, DINUM required ministries to map non‑European technology dependencies and submit migration plans toward a Linux‑based, sovereign desktop by fall 2026. The plan builds on the Gendarmerie’s long‑running GendBuntu deployment (in production since 2008 on 100,000+ PCs) and pairs the desktop migration with La Suite Numérique — a French cloud collaboration suite already serving around 600,000 civil servants.

“Digital Sovereignty is a strategic necessity … and France is leading the way by accelerating the shift towards sovereign, interoperable, and sustainable solutions.”

— Anne Le Hénanff, minister delegate for AI and digital technology

High‑level stack and ecosystem

The blueprint is pragmatic: reuse proven components rather than invent everything. Key elements include an Ubuntu LTS base, Wayland as the graphics server, and GNOME as the desktop shell. The project also mandates a sovereign collaboration stack to replace Microsoft 365/Google Workspace.

Short glosses on terms you’ll see often:

• Wayland — the modern graphics server that replaces the older X11 protocol for rendering windows and compositing.
• ProConnect SSO — the single sign‑on service used across the French state to centralize identity and access.
• SecNumCloud — a French certification for cloud providers that meet high‑assurance security and residency standards.

La Suite Numérique (the suite) includes secure messaging, conferencing, collaborative docs and spreadsheets, file storage, email, and a large file transfer tool. The suite is designed with ProConnect single‑sign‑on and compatibility bridges to reduce friction when exchanging documents with external partners.

La Suite Numérique — quick functions

• Tchap — Matrix‑based secure messaging.
• Visio — LiveKit WebRTC conferencing, designed to scale to webinars and replace Teams/Zoom for state services.
• Docs — a collaborative BlockNote‑based editor compatible with ODF.
• Grist — collaborative spreadsheets/no‑code relational tool for structured workflows.
• Fichiers — Nextcloud storage hosted on SecNumCloud‑certified infrastructure.
• Messagerie — Open‑Xchange email and calendar integrated with ProConnect.
• France Transfert — state large‑file transfer (up to 10GB).

“A Linux desktop future for public administrations may still come, but only at the end of that conversation.”

— Thierry Carrez, Linux Foundation Europe GM (at KubeCon)

Carrez’s point is operational: secure, sovereign back‑ends must be dependable before forcing every endpoint to change. France’s plan tries to pair a new desktop with back‑end services already in production to avoid brittle transitions.

Key risks and operational challenges

• Legacy, Windows‑only applications: Many government workflows rely on bespoke Windows executables, ActiveX controls, or vendor tools without Linux ports.
• User adoption & productivity: Expect helpdesk surges, initial efficiency drops, and training costs when users swap UI paradigms and apps.
• Scale and logistics: Imaging, packaging, security hardening, and staged rollouts across 2.5M endpoints demand large operations teams and automation tooling.
• Support & SLA models: Replacing Microsoft contracts means building new support relationships (commercial Linux support, SecNumCloud hosting SLAs, or in‑house ops).
• Tight timeline: Fall 2026 planning deadlines and 2027 rollouts compress discovery, testing, and remediation windows.

How realistic are the savings?

GendBuntu reports roughly €2 million/year savings versus Windows 11 for the Gendarmerie, and DINUM projects potential national savings on the order of €40 million. Those headline figures are plausible for licensing avoidance but must be offset against these one‑time and recurring costs:

• Migration tooling and packaging (imaging, MDM/endpoint management adjustments).
• Reengineering or maintaining Windows fallback pools (virtual desktops or retained Windows images).
• Retraining and change management for millions of users.
• Helpdesk scale‑up and longer average call times initially.
• Commercial support contracts with Linux vendors or sysadmin payroll increases.

Net savings require a realistic modeling window (3–5 years) and careful accounting for hybrid costs. Licensing savings are immediate; human and integration costs are front‑loaded.

Practical migration strategies and tradeoffs

There is no single path. Expect hybrid models combining several approaches:

• Virtual desktop / retained Windows pools: Keep mission‑critical Windows apps running in controlled VDI or RDP environments while users run a Linux native desktop. Pros: minimal app changes; cons: continued Microsoft dependency and hosting costs.
• Compatibility layers: Use WINE/CrossOver for some apps. Pros: low friction for certain apps; cons: fragile for complex software and unsupported by many vendors.
• Containerization & app packaging: Package complex services into containers or remote application delivery. Pros: modern, repeatable; cons: requires refactoring and ops maturity.
• Replatform/rewrite: Rebuild critical apps on web or cross‑platform stacks to eliminate reliance on Windows binaries. Pros: long‑term sovereignty and maintainability; cons: highest immediate cost and time.

Pilot plan and success metrics

Suggested pilot design:

1. Pick 500–2,000 users across roles: admin, field, and specialist users.
2. Run a 3‑month pilot focusing on identity/SAML, core productivity, and three representative legacy apps.
3. Measure: app compatibility rate (% of apps running native or via approved remediation), helpdesk calls per user, user‑reported time‑to‑complete key tasks, and security incident rate.
4. Gate to broader rollout only after meeting thresholds (e.g., ≥90% app compatibility, helpdesk calls within 25% of baseline after training).

Market and political implications

The program is a bargaining chip. Large US vendors may counter with EU‑hosted, compliance‑backed offers, localized support contracts, or hybrid arrangements to retain business. At the same time, France’s coordination with Netherlands’ CommonGround and Germany’s Sovereign Cloud Stack suggests potential convergence on EU‑level interoperability standards that could reshape procurement across public sectors in Europe.

Security and AI/automation implications

Switching endpoints changes the attack surface but also offers opportunities:

• Patch cadence & supply chains: Linux distributions can offer predictable LTS patch schedules, but supply‑chain and package repo integrity must be enforced.
• SecNumCloud hosting: Using certified providers reduces third‑party risk for hosted collaboration services.
• AI tooling: The new stack must support enterprise AI agents, LLM integrations, and MLOps pipelines. That generally means ensuring Python runtimes, container orchestration, and secure model serving are available in the target environment or via certified cloud connectors.

7‑step playbook for IT leaders

1. Inventory everything: Apps, data flows, integrations, users, and external partners. Tag Windows‑only and compliance‑critical assets.
2. Prioritize by risk and value: Triage which apps must be refactored, which can be virtualized, and which can be retired.
3. Design identity & access: Map SSO dependencies and multi‑factor workflows; test ProConnect integrations or equivalents.
4. Build a pilot and run it well: Measure concrete KPIs and use them to de‑risk the next wave.
5. Plan hybrid operations: Accept a mixed environment during transition and budget for continued Windows resources where necessary.
6. Invest in training: Pair role‑based training with “super‑user” programs to accelerate adoption.
7. Lock in support SLAs: Confirm patching, incident response, and backup/recovery contracts with cloud and vendor partners.

FAQs

How will Windows‑only legacy apps be handled?

Most organizations will use a hybrid approach: virtualization/VDI for critical Windows applications, compatibility layers for lightweight cases, and reengineering for strategic systems. Expect retained Windows pools for specialized workloads.

Can fall‑2026 planning and the 2027 rollout targets be met?

Plans can be submitted by fall 2026, but timelines are aggressive. Ministries with existing GendBuntu deployments or La Suite Numérique adoption will move faster; others will need extended discovery and phased rollouts.

Are the claimed savings realistic?

Licensing savings are believable, but net savings depend heavily on migration tooling, retraining, hybrid hosting costs, and new support contracts. Use a 3–5 year financial model to assess net benefit.

Will interoperability with external partners be seamless?

Compatibility bridges and SSO ease basic exchanges, but edge cases (proprietary document features, supplier workflows) will require bespoke interoperability solutions.

Technical appendix (reported details)

• Desktop base: reported Ubuntu 26.04 LTS upstream, Linux kernel 7.0.
• Display stack: Wayland replacing X11; GNOME 50 desktop environment.
• Default apps (reported versions): LibreOffice (reported 26.2.2), Firefox ESR (reported 140), Thunderbird ESR (reported 140), GIMP (reported 3.0.6).
• La Suite Numérique hosting: Fichiers (Nextcloud) hosted on SecNumCloud‑certified Outscale infrastructure.
• Identity: ProConnect SSO used across suite; bridges to Microsoft 365 and Google Workspace planned.

France’s migration is an operational test of whether an EU‑centric, open‑source desktop and cloud stack can meet the security, usability, and scale needs of a modern state. For IT leaders, the takeaway is simple: inventory now, pilot smart, and design remediation paths that accept hybrid realities while pursuing long‑term sovereignty goals.

Next step: Start an app inventory and select your pilot cohort this quarter. If you need a template checklist to run the discovery, use your procurement lead’s calendar to schedule that conversation this week.