GLOSSARY / DEFINITION
What is a permissive license
A permissive license is the most enterprise friendly category of open source license, granting broad rights with almost no conditions. Knowing what a permissive license is, and where it sits against copyleft and source available terms, is the baseline for reading any dependency in your estate.
Definition
A permissive license is an open source license that grants broad rights to use, modify, and redistribute software while imposing very few conditions in return. The typical condition is simply that you preserve the copyright notice and the text of the license itself. Unlike copyleft licenses, a permissive license does not require you to release the source code of your own software, even when you build on or distribute the licensed component. The MIT license and the Apache 2.0 license are the two most widely used permissive licenses, and both are approved by the Open Source Initiative. In plain terms, a permissive license lets you do almost anything with the software, including using it inside proprietary products, as long as you keep the notices intact.
Permissive versus copyleft
The clearest way to understand a permissive license is to set it against copyleft. A copyleft license, such as the GPL or the GNU AGPL, attaches a reciprocal obligation: if you modify and distribute the software, you must release those modifications under the same license, and in the case of the AGPL this can extend to software you offer over a network. A permissive license carries no such reciprocity. It asks for attribution and little else. This is why permissive licenses are favored for components that enterprises want to embed in commercial products without triggering source disclosure. For the copyleft side of the comparison, see what is the GNU AGPL.
Common permissive licenses
The MIT license is the best known permissive license, valued for being short and easy to comply with. Its single substantive condition is that the copyright and permission notice accompany the software. The Apache 2.0 license is also permissive and adds two things the MIT license does not: an explicit grant of patent rights from contributors, and a clearer statement of how to handle notices and modifications. The BSD family of licenses is permissive as well. For the detail on these two, see what is the MIT license and what is the Apache License 2.0. All of them sit firmly within open source as defined by the Open Source Initiative, which distinguishes them from source available licenses.
What a permissive license means for license risk
For a buyer, a permissive license is the lowest risk category among common open source licenses. The obligations are minimal, and they are easy to satisfy with disciplined attribution. That said, low risk is not no risk. Attribution requirements still need to be met, and dropping a notice during a build or a vendoring step is a common, avoidable slip. The more material risk is change over time. A component that is permissively licensed today can be relicensed to source available terms tomorrow, exactly as happened across the relicensing wave from 2023 onward. The fact that something carries the MIT or Apache 2.0 license now does not guarantee it will keep that license, which is why the license state of each dependency should be recorded with a date and watched. Source available is not the same as open source, and a permissive license is no protection against a future move away from it.
SEE YOUR EXPOSURE
Know which licenses govern your stack
An open source license risk assessment maps every dependency and records its license state with a date, so a move away from permissive terms surfaces early. Independent, buyer side, paid only by you.
Not ready to talk? Read the free open source license risk guides first.
Start a risk assessmentCOMMON QUESTIONS
Questions buyers ask.
What is a permissive license?
A permissive license is an open source license that grants broad rights to use, modify, and redistribute software with very few conditions, typically only that the copyright notice and license text are preserved. The MIT license and the Apache 2.0 license are the most common examples. Permissive licenses do not require you to release your own source code.
How is a permissive license different from copyleft?
A permissive license imposes few conditions and does not require derivative works to be released under the same license. A copyleft license such as the GPL or the GNU AGPL requires that modifications, and sometimes the surrounding software, be released under the same terms. Permissive is the lower obligation category; copyleft carries reciprocal obligations.
Are permissive licenses low risk?
Permissive licenses carry the lowest license risk among common open source licenses, because their conditions are minimal and easy to satisfy. The main obligations are attribution and notice preservation. Risk can still arise if attribution is dropped, or if a permissively licensed component is later relicensed to source available terms, which is why the license state should be tracked over time.
Is MIT a permissive license?
Yes. The MIT license is the best known permissive open source license. It allows use, modification, and redistribution, including in proprietary software, on the single condition that the copyright and license notice are included. The Apache 2.0 license is also permissive and adds an explicit patent grant.
Is this definition legal advice?
No. This is commercial and licensing risk advisory, not legal advice. For interpretation of a permissive license against your specific use, engage your own counsel.