RELICENSING

Predicting the Next Projects to Relicense

By OpenSource Risk Experts · May 17, 2026

Predicting the next projects to relicense is not fortune telling. It is risk ranking. You cannot know with certainty which open source project will change its terms next, but you can rank your dependencies by how strongly they share the structural features of the projects that already did. The relicensing wave was not random. It followed a pattern, and the pattern is legible in funding, governance, and competition. This article lays out the warning signs so you can tell a high risk dependency from a stable one before the change arrives.

We write from the buyer side, as an independent advisory paid only by the buyer. This is not legal advice, and it is not a forecast of any named project. For interpretation of any license, we point you to your own counsel. What we offer is a framework for prioritizing your own attention.

The pattern behind the relicensing wave

The projects that relicensed shared a recognizable shape. Each was popular enough to attract cloud competition, controlled by a single commercial entity, and under pressure to convert a large free user base into revenue. HashiCorp moved Terraform, Vault, Consul, Nomad, and Packer to the Business Source License as of August 2023. Redis moved to the RSALv2 and the Server Side Public License as of March 2024. Elasticsearch and Kibana moved to the Server Side Public License and the Elastic License as of 2021. MongoDB moved to the Server Side Public License in 2018. Different companies, different years, the same structural conditions.

Because the conditions repeat, the risk is predictable in aggregate even when no single event is. A dependency that matches the profile is more likely to relicense than one that does not. The full sequence and the conditions that drove each move are set out in the 2023 to 2026 relicensing wave explained. The deeper question of why these companies act is treated in the companion piece on the drivers behind the trend.

The warning signs that raise the probability

Five signals carry most of the predictive weight. The first is single vendor control. A project where one company holds the copyright or a contributor license agreement that lets it change terms can relicense unilaterally. The second is funding pressure, whether venture capital seeking a return or public markets demanding profitability. The third is cloud competition, a managed service from a larger provider that monetizes the project without contributing. The fourth is a prior public statement about competitive use, which often precedes a change. The fifth is a recent acquisition, which can reset a project's commercial priorities.

Acquisition deserves its own note because it is both a cause and a marker. A change of ownership can bring new revenue targets that make relicensing attractive, and it can also signal that the prior license commitments are open to revision. We treat this case directly in relicensing triggered by acquisition. When several of these signals appear together, the dependency belongs in your high risk tier.

HIGHER RISK

Single vendor control, venture or market pressure, cloud competition, a contributor license agreement, recent acquisition.

MIXED

Commercial backing but broad contribution, or a foundation with one dominant sponsor. Watch but do not panic.

LOWER RISK

Neutral foundation governance, diverse contributors, no single party able to change the terms unilaterally.

Why governance is the strongest stability signal

The single best predictor of stability is governance. A project held by a neutral foundation with many independent contributors is structurally resistant to relicensing, because no one party owns the rights needed to change the terms and the governance is designed to make unilateral change difficult. This is exactly why the community forks that emerged from the wave moved under foundation umbrellas. OpenTofu and Valkey, the forks of Terraform and Redis, and OpenSearch, the fork of Elasticsearch, all chose neutral governance to give users the stability the original projects no longer offered. The fork story is told in the OpenTofu and Valkey fork story, and the role of foundations in relicensing and open source foundations.

The practical reading is to check who governs each critical dependency. A foundation project with diverse contributors is a low risk node. A single vendor project with a contributor license agreement is a high risk node. Most of your tree sits in between, and the ranking tells you where to focus monitoring and contingency work.

Turning prediction into preparation

A prediction is only useful if it changes what you do. The point of ranking your dependencies is to prepare the high risk ones before they change. For each high risk node, know the likely fork or alternative, estimate the cost to migrate, and set up monitoring so you learn of a change at announcement rather than months later. This converts a future relicense from a surprise into a planned contingency. The aim is not to avoid every single vendor project, which would be impractical, but to carry each one knowingly.

The full landscape of how a license change creates exposure sits in the relicensing exposure pillar. When you want your dependency tree ranked by relicensing risk and your high risk nodes given a contingency plan, our relicensing exposure review produces the ranked map and the plan that goes with it.

Questions buyers ask.

How can you predict the next projects to relicense?

You cannot predict with certainty, but you can rank risk by looking at structural signals. A project controlled by a single venture backed company, with a large free user base, facing cloud providers who monetize it, and under pressure to show revenue, carries the highest relicensing risk. Foundation governed projects with diverse contributors carry the lowest.

What are the warning signs a project may relicense?

Single vendor control, venture or public market pressure for profitability, a popular product that cloud providers resell as a managed service, a contributor license agreement that lets the vendor change terms, and prior public statements about competitive use. Each raises the probability of a future change.

Are foundation governed projects safer?

Generally yes. A project held by a neutral foundation with many contributors is far harder to relicense, because no single party controls the rights and the governance is designed to resist unilateral change. Foundation membership is one of the strongest signals of license stability.

What should an enterprise do with this prediction?

Use it to prioritize. Identify which of your dependencies sit in the high risk category, prepare a contingency for those, and monitor them more closely. The goal is not to avoid every single vendor project, but to know which ones carry relicensing risk and to have a plan ready.

Is this legal advice?

No. We provide commercial and licensing risk advisory, not legal advice. For interpretation of license terms and compliance questions, we recommend your own counsel.