COMPARISON / LICENSE FAMILIES
BSL vs SSPL vs AGPL compared.
This BSL vs SSPL vs AGPL comparison sets the three licenses side by side so you can see what each one restricts, when its obligations trigger, and which of them are open source at all. The right license to worry about is the one whose restriction intersects how you actually use the software.
In a BSL vs SSPL vs AGPL comparison the first thing to fix is that these three licenses are not variants of one idea. The Business Source License and the Server Side Public License are source available licenses, not approved by the Open Source Initiative. The GNU Affero General Public License is an approved open source license. They each restrict something different, and they each trigger under different conditions. Treating them as a single category leads to either false alarm or false comfort. This page separates them.
BSL vs SSPL vs AGPL at a glance
The table below summarizes the three licenses on the dimensions enterprises care about. Read it as a starting frame, not a substitute for mapping your own use.
| Dimension | Business Source License | Server Side Public License | GNU AGPL |
|---|---|---|---|
| Open source? | No. Source available, not approved by the Open Source Initiative. | No. Source available, not approved by the Open Source Initiative. | Yes. Approved open source, strong copyleft. |
| Core restriction | Competitive production use of the software. | Source disclosure when offering the software as a service. | Source for network users of modified versions. |
| When it triggers | When your use competes with the licensor's offering, during the delay period. | When you make the software available to third parties as a service. | When you modify and let users interact over a network. |
| Time behavior | Converts to a stated open license after a delay, commonly four years. | No conversion. Terms persist for that version. | No conversion. Terms persist for that version. |
| Reach into your code | Limited. Restricts use, does not compel source release. | Broad. Disclosure can reach the service operation stack. | Moderate to broad. Covers derivative works exposed to users. |
| Example projects | Terraform, Vault, Consul, Nomad, Packer (HashiCorp). | MongoDB, Elasticsearch, Redis (with Elastic License or RSAL). | Various network applications and libraries. |
The Business Source License
The Business Source License restricts competitive production use. You may read the source, modify it, and use it for most purposes, but you may not use it to offer a product or service that competes with the licensor, for a delay period set by the project. After that delay, commonly four years, each version converts to a stated open license. As of August 2023, HashiCorp moved Terraform, Vault, Consul, Nomad, and Packer to the Business Source License 1.1. The risk this license creates concentrates in companies whose use could be read as competitive, which is why the definition of the additional use grant matters so much. We cover the mechanics in the Business Source License explained.
The Server Side Public License
The Server Side Public License is built around offering the software as a service. When you make the licensed software available to third parties as a service, the license attaches a source disclosure condition that reaches beyond the software to the programs you use to operate it as a service. For internal use the condition typically does not fire. MongoDB adopted it in 2018, and Elasticsearch and Kibana moved to it, alongside the Elastic License, in 2021. Redis adopted it as part of a dual model as of March 2024. The exposure concentrates in companies that resell or host the functionality, which is the use the license was written to reach. The detail is in the Server Side Public License explained.
The GNU AGPL
The GNU Affero General Public License is the outlier here, because it is a genuine open source license, approved by the Open Source Initiative. It is strong copyleft with a network clause: if you modify the software and let users interact with it over a network, you must offer those users the corresponding source under the same terms. The AGPL is not new and not part of the recent relicensing wave, but it sits in this comparison because enterprises often lump it together with source available licenses out of caution. The distinction matters: the AGPL gives you the four freedoms of open source, with a copyleft obligation attached, while the source available licenses restrict use outright.
Which license should you worry about?
The answer is the one whose restriction intersects your actual use. If you offer a competing product, the Business Source License is your concern. If you offer the software as a service to others, the Server Side Public License is. If you modify an AGPL component and expose it over a network, the AGPL is. For most enterprises, only one or two of these intersect real use, and the rest are noise. The way to tell which is to map where each license sits in your estate and how each instance is used, which is the foundation of an open source license risk assessment. For the wider frame, read our pillars on relicensing and open source license risk. Interpretation of any of these licenses against your use is a question for your own counsel.
COMMON QUESTIONS
Questions buyers ask.
What is the difference between the BSL, the SSPL, and the AGPL?
The Business Source License restricts competitive production use for a delay period, then converts to an open license. The Server Side Public License attaches a broad source disclosure condition when you offer the software as a service. The GNU AGPL is an approved open source copyleft license that requires source for network users. The BSL and SSPL are source available and not approved by the Open Source Initiative; the AGPL is.
Is the BSL an open source license?
No. The Business Source License is source available, not open source, and is not approved by the Open Source Initiative. It restricts competitive production use for a delay period, commonly four years, after which each version converts to a stated open license.
Is the SSPL an open source license?
No. The Server Side Public License is source available and not approved by the Open Source Initiative. Its central condition is source disclosure when you offer the licensed software to third parties as a service, reaching beyond the software itself to the programs used to operate it.
Is the AGPL an open source license?
Yes. The GNU Affero General Public License is an approved open source license. It is strong copyleft: if you modify the software and make it available to users over a network, you must offer those users the corresponding source under the same terms.
Which license is the highest risk for my enterprise?
It depends on how you use the software. The BSL matters most if you offer a competing product. The SSPL matters most if you offer the software as a service. The AGPL matters most if you modify and expose it over a network. The right question is which restriction intersects your actual use, which a mapping exercise answers.
Is this comparison legal advice?
No. This is commercial and licensing risk advisory, not legal advice. For interpretation of how any of these licenses applies to your specific use, we recommend your own counsel.
ASSESSMENT
Find out which license actually reaches you.
Our open source license risk assessment maps each license to your real use. Independent, buyer side, paid only by you.
Not ready to talk? Read the free open source license risk guides first.