COMPARISON / LICENSE FAMILIES
Permissive vs copyleft licenses compared.
This permissive vs copyleft comparison sets the two open source families side by side so you can see what each one asks of you, when its obligations trigger, and where the real enterprise risk sits. Both are open source. The difference is whether the freedoms come with a duty to share back.
In a permissive vs copyleft comparison the first point to settle is that both families are open source. A permissive license and a copyleft license both grant the four freedoms to use, study, modify, and share the software. What separates them is reciprocity. A permissive license asks for little in return, usually attribution. A copyleft license asks that when you pass the software on, you pass on the source under the same terms. Treating the two as opposites is a mistake. They are two settings on the same open source dial, and the right one to worry about is the one whose condition intersects how you build and ship.
Permissive vs copyleft at a glance
The table below summarizes the two families on the dimensions enterprises care about. Read it as a starting frame, not a substitute for mapping your own use.
| Dimension | Permissive | Copyleft |
|---|---|---|
| Open source? | Yes, when the specific license is approved by the Open Source Initiative. | Yes, when the specific license is approved by the Open Source Initiative. |
| Core condition | Attribution and notice retention. | Share derivative source under the same license on distribution. |
| When it triggers | On use and redistribution; conditions are light. | On distribution of the software or a derivative; AGPL adds network use. |
| Reach into your code | Minimal. Your additions can stay closed. | Reaches derivative works you distribute; scope varies by license. |
| Typical concern | No protection against a later relicense of new versions. | Accidental obligation when distributing modified code. |
| Example licenses | MIT License, Apache License 2.0, BSD licenses. | GNU General Public License, GNU LGPL, Mozilla Public License, GNU AGPL. |
What a permissive license asks of you
A permissive license imposes the lightest conditions in open source. Under the MIT License or the Apache License 2.0 you may use, modify, and redistribute the software, including inside a closed product, as long as you keep the copyright notice and, for Apache 2.0, the license text and any notice file. You are not required to share your own modifications. That freedom is why permissive licenses dominate libraries and frameworks. The catch for a buyer is the flip side of that freedom: a permissive license places no barrier in front of a future relicense. Whoever holds the copyright can change the terms on new versions, and several projects that moved to source available terms started life under permissive or otherwise open licenses. Low obligation today does not mean low exposure tomorrow.
What a copyleft license asks of you
A copyleft license grants the same freedoms and adds reciprocity. When you distribute the software or a work derived from it, you must make the corresponding source available under the same license. The strength of that reach varies. The GNU Lesser General Public License and the Mozilla Public License are weak copyleft, scoping the obligation to the licensed component rather than your whole application. The GNU General Public License is strong copyleft, reaching derivative works more broadly. The GNU AGPL extends the trigger to network use, so a modified version offered to users over a network can carry the obligation even without traditional distribution. For most internal deployments the condition does not fire, but a product you ship or a service you expose can cross the line. The risk is rarely the license itself. It is shipping modified copyleft code without realizing the obligation came with it.
Where source available licenses sit
Neither permissive nor copyleft describes the source available licenses driving the recent relicensing wave. The Business Source License and the Server Side Public License publish readable source but restrict use itself, which an open source license never does. As of August 2023 HashiCorp moved Terraform, Vault, Consul, Nomad, and Packer to the Business Source License. MongoDB adopted the Server Side Public License in 2018, and Elastic and Redis followed in 2021 and 2024. Those licenses are not approved by the Open Source Initiative, so the permissive versus copyleft question does not apply to them at all. Confusing a copyleft obligation with a source available use restriction leads to the wrong remediation. The first is a condition on sharing. The second is a limit on what you may do with the software. We separate the three license types in BSL vs SSPL vs AGPL compared.
Which one should you worry about?
The answer is the family whose condition intersects how you use the component. If you embed a permissive library in a product, your obligation is little more than attribution, but you carry relicensing exposure on future versions. If you modify and distribute copyleft code, the sharing obligation is the live question, and the GNU AGPL widens it to network exposure. For most enterprises only a handful of components sit in the sensitive zone, and the way to find them is to map where each license lives and how each instance is used. That mapping is the foundation of an open source license risk assessment. For the wider frame, read our pillars on open source license risk and relicensing. Interpretation of how any license applies to your use is a question for your own counsel.
COMMON QUESTIONS
Questions buyers ask.
What is the difference between permissive and copyleft licenses?
A permissive license lets you use, modify, and redistribute the software with few conditions, usually only attribution and a notice. A copyleft license grants the same freedoms but adds a reciprocity condition: when you distribute the software or a derivative, you must offer the source under the same license. Both are open source. The difference is whether the freedoms carry an obligation to share back.
Are permissive and copyleft both open source?
Yes. Both families are open source when the specific license is approved by the Open Source Initiative. The MIT License and Apache License 2.0 are permissive and approved. The GNU General Public License and the GNU AGPL are copyleft and approved. Source available licenses such as the Business Source License and the Server Side Public License are neither permissive nor copyleft open source, because they restrict use rather than only conditioning sharing.
Which is riskier for an enterprise, permissive or copyleft?
Neither is inherently riskier. Permissive licenses carry low obligation but offer little protection if a component is later relicensed. Copyleft licenses carry sharing obligations that matter most when you modify and distribute the software, and the GNU AGPL extends that to network use. The risk depends on how you use the component, not on the family label alone.
Does copyleft mean I have to release my source code?
Only under specific conditions. Copyleft obligations typically trigger when you distribute the software or a derivative work, and for the GNU AGPL when you make a modified version available to users over a network. Internal use without distribution usually does not trigger the obligation. Whether your specific deployment triggers it is a question for your own counsel.
How does the permissive vs copyleft choice relate to relicensing risk?
A permissive license offers no barrier to a future relicense, because anyone holding the copyright can change terms on new versions. Several projects that relicensed to source available terms began under permissive or open licenses. The permissive vs copyleft distinction governs obligations today, but it does not protect you from a vendor changing the license tomorrow, which is a separate exposure to map.
Is this comparison legal advice?
No. This is commercial and licensing risk advisory, not legal advice. For interpretation of how a permissive or copyleft license applies to your specific use, we recommend your own counsel.
CONTAINMENT
Map where each license lives in your stack.
An open source license risk assessment maps permissive, copyleft, and source available terms across your estate. Independent, buyer side, paid only by you.
Not ready to talk? Read the free open source license risk guides first.