OpenSource Risk Experts
Map your blast radius

GLOSSARY / DEFINITION

What is copyleft

Copyleft is the open source license condition that keeps code and its derivatives open by requiring the same terms to follow the software wherever it is distributed. For enterprises that build and ship software, understanding what copyleft is and when it applies is the difference between a safe dependency and an obligation that reaches your own code.

Definition

Copyleft is a class of open source license condition that uses copyright to keep software open. A copyleft license grants you the freedom to use, study, modify, and distribute the code, on the condition that any version you distribute, including a modified one, is released under the same license. In plain terms, the openness of the original travels with the code to everyone who receives it. This is the opposite intent of a permissive license, which lets you reuse the code with few conditions. The best known copyleft licenses are the GNU General Public License and the GNU Affero General Public License, both approved as open source by the Open Source Initiative.

Strong, weak, and network copyleft

Copyleft is not a single strength. Strong copyleft, as in the GNU GPL, extends the same license condition to a work that combines with the covered code and is then distributed. Weak copyleft, as in the GNU Lesser General Public License and the Mozilla Public License, limits the reciprocity to the covered files themselves, so a larger work can link to the component without the whole work inheriting the license. Network copyleft, as in the GNU AGPL, closes what some call the service gap by treating access over a network as a form of distribution, so offering covered software to users over the internet can trigger the obligation even without shipping a copy. Knowing which kind you are dealing with is the first step in sizing the obligation.

What it means for license risk

For an enterprise, the risk in copyleft is not the license itself but the moment it is triggered. Strong copyleft obligations activate on distribution, so a component that is harmless when run internally can carry real obligations once it is shipped inside a product. The obligation that catches teams off guard usually arrives through a transitive dependency, a copyleft component pulled in several layers deep by a library chosen for an unrelated reason. Network copyleft under the GNU AGPL is sharper still, because a hosted service can trigger it without any software leaving your walls. The practical defense is a complete dependency tree that records the license of every node, so a copyleft component is caught at intake rather than in an audit. Whether a given combination or distribution actually triggers an obligation is a question for your own counsel.

Related reading

To place copyleft alongside its alternatives, read permissive, copyleft, and source available explained. For the network copyleft case specifically, see our definition of the GNU AGPL, and for the classic strong copyleft license, see the GPL. For the wider set of terms, see the rest of our open source license risk glossary.

CONTAINMENT

Find copyleft before it finds you

An open source license risk assessment maps every dependency, flags copyleft components, and shows where an obligation could reach your code. Independent, buyer side, paid only by you.

Not ready to talk? Read the free open source license risk guides first.

Start a risk assessment

COMMON QUESTIONS

Questions buyers ask.

What is copyleft?

Copyleft is a class of open source license condition that requires anyone who distributes the software, or a modified version of it, to release that work under the same license. It uses copyright to keep the code and its derivatives open, which is the opposite intent of a permissive license that places few conditions on reuse.

What is the difference between copyleft and permissive licenses?

A permissive license such as MIT or Apache 2.0 lets you use, modify, and distribute the code with minimal conditions, usually just attribution. A copyleft license such as the GNU GPL adds a reciprocity condition: distribute a derivative and you must license it under the same terms, which can reach proprietary code combined with it.

Does copyleft apply if we only run the software internally?

Traditional copyleft obligations are triggered by distribution, so software run only inside your own organization often does not trigger them. The GNU AGPL is the exception, because it treats providing access over a network as a trigger. Whether a specific use triggers an obligation is a question for your own counsel.

Is copyleft the same as source available?

No. Copyleft licenses such as the GNU GPL and GNU AGPL are open source as defined by the Open Source Initiative. Source available licenses such as the Business Source License and the Server Side Public License are not approved as open source. They are distinct concepts that are easy to confuse.

Is this legal advice?

No. This is commercial and licensing risk advisory, not legal advice. For interpretation of copyleft obligations in your specific use, engage your own counsel.