License Risks & Surprises — Apex Vanguard Learn

Trap Family 1 · Copyleft

Copyleft Contamination

Copyleft licenses (the GPL family) grant you broad rights — on the condition that you pass the same freedoms downstream. When copyleft code becomes part of a larger work you distribute, that obligation can reach into your code: you may owe complete corresponding source under the same license. "Contamination" is informal shorthand; the legal pivot is whether you have created a derivative work and whether you distribute (or, for AGPL, convey over a network).

High blast radius

GPL reach into your product

GPL-2.0 / GPL-3.0 are strong copyleft. Statically or dynamically linking GPL code into your application typically makes the whole combined work GPL on distribution — meaning you must offer full source under the GPL to your recipients. The classic mitigation is the LGPL (lesser GPL), which lets you link a library without relicensing your app — but only if you respect its re-linking / replaceability terms.

You shipped a desktop app that bundles a GPL-3.0 PDF library, but… you treat your source as proprietary. On distribution you owe your customers complete corresponding source for the whole app, or you must swap the library.

SaaS-specific

AGPL's network clause

The AGPL-3.0 closes the "SaaS loophole." Ordinary GPL only triggers on distribution — and running software on your own server for users over a network is not distribution. AGPL §13 adds that if users interact with the software remotely over a network, you must offer them the complete corresponding source of your modified version. There is no "we only host it" exemption.

You shipped a hosted API that embeds an AGPL vector database you patched, but… you never published your modified source. Every network user is entitled to it. This is the single most common AGPL surprise for SaaS builders.

Boundary risk

The "derivative work" line is fuzzy

Whether linking, plugins, or inter-process calls create a derivative work is not crisply settled and varies by jurisdiction and linkage style. The FSF's interpretation (linking = derivative) is stricter than some courts might hold. Do not bet a product on a clever architecture (a "thin shim," a separate process) defeating copyleft — the safe assumption is that tight coupling triggers the obligation.

You shipped a "plugin" that talks to GPL code, but… you assumed the process boundary insulated you. The boundary may not hold; treat it as a legal question, not an engineering one.

Trap Family 2 · Permissive licenses still have duties

Attribution, NOTICE & Incompatibility

"Permissive" (MIT, BSD, Apache-2.0) does not mean "obligation-free." These licenses are easy precisely because their one real duty — carry the notices — is easy to forget. And permissive does not mean universally compatible: two permissive-ish licenses can still conflict.

Quiet but common

Attribution & NOTICE you forgot

MIT and BSD require you to reproduce the copyright notice and license text in your distributions. Apache-2.0 §4 adds a duty to propagate the NOTICE file if one exists. Shipping a minified bundle or a container image with the license headers stripped is a real (if low-drama) breach — and the easiest one to fix with a generated attributions screen / THIRD-PARTY-NOTICES file.

You shipped a slick single-file web build, but… your bundler dropped every license header. You are technically out of compliance with MIT/BSD/Apache on dozens of packages.

One-way door

GPL-2.0 vs Apache-2.0 patent clause

A notorious incompatibility: Apache-2.0 and GPL-2.0 do not mix. Apache-2.0 carries an explicit patent grant and patent-termination clause; the FSF considers these additional restrictions that GPL-2.0 forbids, so you cannot combine Apache-2.0 and GPL-2.0 code into one GPL-2.0 work. (GPL-3.0 was written to be compatible with Apache-2.0.) Direction matters too — you can often move permissive code into a GPL project, but not the reverse.

You shipped a binary linking an Apache-2.0 library against GPL-2.0-only code, but… there is no license under which that combination is distributable. You must drop one component or find a differently-licensed version.

Direction-sensitive

Compatibility is not symmetric

License compatibility flows in a direction. Permissive → copyleft is usually fine; copyleft → permissive is not. Mixing two different copylefts (e.g., GPL and certain other reciprocal licenses) often produces a combination with no valid distribution license at all. The output is not "pick the stricter one" — it can be "you cannot ship this."

You shipped a library that merged code from two reciprocal-but-different licenses, but… no single license covers the result. The combined work is undistributable as-is.

Trap Family 3 · "Open" that isn't open

Source-Available Licenses That Ban Your Use

A growing class of licenses publishes the source code but is not open-source under the OSI definition, because they restrict who may use it or how. The code is readable on GitHub — which lulls teams into treating it as free. Read the actual terms before you build a product on it.

License	What it actually restricts	Open source?	Safe for a commercial SaaS?
SSPL Server Side Public License	If you offer the software as a service, you must open-source your entire service stack (management, automation, hosting) under SSPL. Designed to stop cloud providers from reselling.	No (rejected by OSI)	No — service-layer copyleft
BSL 1.1 Business Source License	An additional use grant caps or forbids production / competing use until a Change Date (often 4 years), when it converts to an OSS license. Until then, production use can require a commercial license.	Not until Change Date	Only within the use-grant
Elastic v2 (ELv2)	Free to use — except you may not provide it as a hosted/managed service and may not circumvent license-key functionality. Targets managed-service competitors.	No	No managed-service offering
Commons Clause rider on another license	Bolted onto an OSS license to remove the right to "Sell" the software — including selling a product whose value derives substantially from it.	No (negates OSS)	No selling / hosting-for-fee
CC BY-NC Creative Commons Non-Commercial	Allows reuse only for non-commercial purposes. Frequently attached to datasets, docs, icons, and model weights — not just art. Bundling it into a paid product is commercial use.	No (non-free)	No — blocks commercial use

The SaaS killer

SSPL / ELv2: hosting is the forbidden act

The whole point of SSPL and ELv2 is to stop you from offering the software as a service. If your business model is "we host an open tool and charge for it," these licenses are aimed directly at you.

You shipped a managed analytics service built on an Elastic-v2 search engine, but… ELv2 specifically forbids providing it as a managed service. Your core offering is the prohibited use.

The time-bomb

BSL: free today, licensed tomorrow — or vice-versa

BSL flips the usual assumption: the version you adopt is restricted now and becomes open later. Teams pin an old "open" tag and miss that newer versions moved to BSL, or build on a BSL version assuming the Change Date covers them when it does not.

You shipped on the latest release of a database, but… that release relicensed to BSL with a 4-year Change Date and an additional-use-grant that excludes your production scale.

Hidden in assets

CC-NC blocking commercial use

Non-commercial Creative Commons terms ride on the assets people forget to audit: stock photos, fonts, icon packs, sound effects, documentation, and increasingly datasets and model weights. "Non-commercial" and "your paid SaaS" are mutually exclusive.

You shipped a paid app using an icon set and a fine-tuning dataset, both CC BY-NC, but… every commercial download is a violation of the NC term.

Trap Family 4 · The patent layer

Missing Patent Grants & Retaliation Clauses

Copyright permission is not patent permission. A license can let you copy and modify code while saying nothing about the patents that code might practice — leaving you exposed to an infringement claim from the very author who "open-sourced" it. And licenses that do grant patents often attach a self-defense trigger.

Silent gap

No express patent grant

Short permissive licenses like MIT and BSD-2/3 grant copyright permissions but contain no explicit patent license. Most lawyers read an implied grant, but it is narrow and untested in many courts. Licenses with explicit grants — Apache-2.0, GPL-3.0, MPL-2.0 — give you a clearer, broader patent peace.

You shipped a product on an MIT codebase that practices the author's patent, but… MIT never granted those patent rights. The copyright is clean; the patent exposure is open.

Self-terminating

Patent-retaliation clauses

Apache-2.0 §3 and the GPLv3/Apache patent-defense terms terminate the patent grant if you sue a contributor for patent infringement over that work. This is a feature (it deters patent aggression) — but if your company is in patent litigation with an upstream contributor, your license to use their code can evaporate mid-product.

You shipped on an Apache-2.0 component, then your patent team filed against its maintainer, but… §3 just terminated your patent grant to that component. Legal and engineering are now misaligned at the license layer.

Worth seeking out

Explicit grants are an asset

When you have a choice between two libraries that do the same thing, the one under Apache-2.0 / MPL-2.0 carries a defined patent grant and is usually the lower-risk pick for a commercial product. This is exactly the kind of trade-off worth deciding deliberately, not by whatever npm install happened to pull.

You shipped on the first library that worked, but… an equivalent under Apache-2.0 would have given you patent peace for free. Cheap insurance, missed.

Trap Family 5 · The new frontier

AI Model & Data Licenses

Model weights are not code, and their licenses are not OSS licenses. Many "open" models ship under behavioral / responsible-AI licenses or vendor community licenses that restrict fields of use, resale, and who may use them. Then there is a second, separate question almost everyone conflates: the rights to the training data are not the rights to the model.

Use-restricted

OpenRAIL field-of-use limits

RAIL / OpenRAIL licenses (common on Hugging Face) are permissive on distribution but attach enforceable use-based restrictions — e.g., no use for unlawful surveillance, disinformation, certain medical/legal advice, or other listed harms. These flow downstream: you must pass the same restrictions to your users. A model being "free to download" says nothing about whether your use-case is permitted.

You shipped an OpenRAIL-licensed model into a product in a restricted field, but… the use itself is carved out by the license, regardless of price.

Not open source

Llama-style acceptable-use & scale caps

Vendor "community" licenses (e.g., the Llama family, and similar from other labs) are not OSI-approved. They typically bundle an Acceptable Use Policy, may require attribution / "Built with" naming, can restrict using outputs to train competing models, and historically have imposed a monthly-active-user threshold above which you must request a separate license. Calling them "open" is marketing, not law.

You shipped a consumer app on a community-licensed model that crossed the MAU cap, but… past that line you needed a direct license you never requested.

No resale

"Weights yes, reselling no"

Some model and dataset licenses let you use the artifact but forbid redistributing or reselling the weights themselves, or restrict commercial deployment to specific tiers. Hosting a model as a paid inference API can be a different (and prohibited) act from using it internally.

You shipped a "bring-your-own-model" platform that re-hosts a restricted model for customers, but… the license permits your own use, not redistribution-as-a-service.

Two licenses, not one

Training-data rights ≠ model rights

A permissive model license does not clean the data it was trained on. If the weights were trained on data you do not have rights to (scraped, CC-NC, proprietary, or rights-uncleared), downstream copyright, privacy, and dataset-license claims can attach to your product — and indemnity for this is rarely included. Conversely, owning a dataset's license does not grant rights to a model someone else trained on it.

You shipped on a model with a clean weights license, but… its training set included rights-uncleared data, and that exposure follows the model into your app.

Trap Family 6 · Structural & over-time risk

Warranty, Drift & Relicensing

Some risks are not in any single clause — they come from what licenses omit, from your dependency tree changing under you, or from a project changing its terms after you have committed.

What's missing

"AS IS" — no warranty, no indemnity

Virtually every open-source and open-model license disclaims warranties and liability in ALL-CAPS and provides no indemnification. If an upstream component infringes a third party's IP, you are the one your customers sue — there is no vendor standing behind you. Commercial licenses and vendor indemnity programs exist precisely to transfer this risk; free components do not.

You shipped on free dependencies, but… one infringed a patent, your enterprise customer got a demand letter, and your "license" offers you exactly zero protection.

Moves under you

Transitive dependency drift

You audited your direct dependencies — but a routine version bump can pull a transitive package that changed license (MIT → BSL), added a Commons Clause, or introduced a GPL sub-dependency. Most teams have no gate catching this. License posture is not a one-time review; it drifts every time the lockfile changes.

You shipped a clean v1.0, but… by v1.4 a transitive dep had relicensed to AGPL and now your SaaS owes source. Nobody noticed because nobody was watching the tree.

Rug-pull

Relicensing traps

Projects with a CLA (contributor license agreement) can relicense future versions — the well-known pattern of open-source projects moving to BSL/SSPL/ELv2 to monetize. Old versions usually stay under the old license, but upgrades, security patches, and new features arrive under the new, restrictive terms. You either freeze on an unmaintained version or accept the new license.

You shipped on a thriving OSS project, but… it relicensed to BSL at the next major version. Now every security update forces you onto restrictive terms — or onto an aging fork.

A note on accuracy: license interpretation depends on facts (how you link, whether you distribute, your jurisdiction) and licenses evolve. The summaries above describe how these licenses are commonly understood, not a ruling on your specific situation. Treat this page as a map of where the landmines tend to be — then verify against the actual license text and your facts.

The one question that matters

"Am I legal & license-ready to sell my AI?"

Almost every trap on this page is invisible until ship day — and then it is a customer-facing crisis. A focused review turns "we think we're fine" into a documented, defensible answer before the demand letter, the enterprise procurement questionnaire, or the due-diligence data room asks for it.

✓ Copyleft & AGPL exposure across your stack ✓ Source-available / SaaS-banned components flagged ✓ Model & training-data license fitness ✓ Patent-grant & retaliation review ✓ Attribution / NOTICE obligations generated ✓ Dependency-drift & relicensing watch

Apex Vanguard AI IP consulting — $400/hour, senior IP & open-source compliance review tailored to what you actually ship. Or start continuous self-service license scanning with Vanguard IP-Researcher.

Book a compliance review → Try IP-Researcher free →