GLOSSARY / DEFINITION
What is a license obligation
A license obligation is a condition you must meet to keep your right to use software under its license. Open source and source available licenses grant rights in exchange for duties, and meeting those duties is what keeps the grant valid. The obligations matter because a relicense can attach new ones to software you already run.
Definition
A license obligation is a condition attached to the rights a software license grants you. The license gives you permission to use, copy, modify, or distribute the software, and in return it asks you to do certain things or refrain from others. Keeping a copyright notice, including the license text, disclosing source code, or staying within a permitted field of use are all obligations. The grant and the obligation travel together. You hold the rights only so long as you meet the conditions, which is why an obligation you have not identified is a risk you cannot see.
Common open source obligations
The lightest obligations sit with permissive licenses. The MIT License and the Apache License 2.0 ask mainly that you preserve copyright and license notices and include the license text when you distribute. Copyleft licenses ask for more. The GPL and the GNU AGPL add source disclosure duties, meaning that distributing or, for the AGPL, making the software available over a network can require you to offer the corresponding source. These are not edge cases. They are the standard terms of widely used components, and the obligation that applies depends on how you use and distribute the software, not only on which license it carries. The distinction between license families is set out in our entry on copyleft.
How source available terms add new obligations
Source available licenses layer use restrictions on top of the usual duties. The Business Source License limits competitive production use for a period before converting to an open license, and the Server Side Public License attaches conditions to offering the software as a service. These are obligations that did not exist when the same software was open source. HashiCorp moved Terraform and others to the Business Source License as of August 2023, Elastic moved to the Server Side Public License in 2021, and Redis moved to a source available model as of March 2024. In each case new obligations attached to software organizations were already running. Source available is not open source, and neither of these licenses is approved by the Open Source Initiative, which is why the obligations they carry surprise teams that assumed an open license.
Related reading
For how distribution triggers a duty under copyleft licenses, see copyleft distribution obligations explained. For why visible source does not mean unconditioned use, read our definition of a source available license. Both sit alongside the rest of our open source license risk glossary.
CONTAINMENT
Map the obligations in your stack
An open source license risk assessment identifies which components carry which obligations and what each one means for your production use. Independent, buyer side, paid only by you.
Not ready to talk? Read the free open source license risk guides first.
Start a risk assessmentCOMMON QUESTIONS
Questions buyers ask.
What is a license obligation?
A license obligation is a condition you must meet to use software under its license. Open source and source available licenses grant rights in exchange for duties, such as keeping attribution notices, disclosing source code, or limiting how the software is used. Meeting the obligation is what keeps the grant valid. Failing to meet it can put your right to use the software at risk.
What are common open source license obligations?
Common obligations include preserving copyright and license notices, including the license text with distributed copies, disclosing the source of modified copyleft components, and not removing warranty disclaimers. Permissive licenses such as the MIT License and Apache 2.0 ask mainly for attribution. Copyleft licenses such as the GPL and the GNU AGPL add source disclosure duties that depend on how the software is distributed or made available.
How do source available licenses change the obligations?
Source available licenses add use restrictions on top of the usual obligations. The Business Source License limits competitive production use for a period, and the Server Side Public License attaches conditions to offering the software as a service. These are obligations that did not exist when the same software was open source, and they apply to production you may already run. Source available is not open source, and neither license is approved by the Open Source Initiative.
Why do license obligations matter for production risk?
Because an obligation you have not mapped is one you may not be meeting. When a project relicenses, new obligations attach to software already running, and the burden shifts to you to confirm compliance. An unmet obligation can support a commercial license demand or an audit finding. Knowing which obligations apply to each component is the foundation for managing the exposure.
Is this legal advice on license obligations?
No. This is commercial and licensing risk advisory, not legal advice. For interpretation of which obligations a specific license imposes and whether you are meeting them, engage your own counsel.