Relicensing and Cloud and Managed Service Use

The relicensing wave was not a random tightening of terms. It was a direct response to a business pattern: large providers building managed services on top of open source that someone else maintained. The license changes were drafted to reach exactly that pattern. For a buyer, this means the question is rarely whether you run a relicensed component. It is how you run it. Internal use, embedded use, and offering the software as a service to customers sit in very different places under the new terms, and the difference decides your exposure.

Why cloud and managed service use is the focal point

The motivation behind both license families is the same concern: a third party packaging the software as a hosted service and capturing value the licensor wanted to keep. The Business Source License responds with a competitive use restriction. The Server Side Public License responds with a service obligation that reaches the broader stack used to provide the service. Both are aimed at the managed service pattern. That is why a managed service provider, or any enterprise that resells access to a covered component, carries far more concentrated exposure than one that runs the same software quietly inside its own walls.

The detail of the service obligation matters here, and it is set out in the Server Side Public License explained. The competitive restriction under the other family is set out in is your Terraform use competitive under the BSL.

Cloud hosting alone is not the trigger

A common misreading is that running a relicensed component in the cloud is itself the problem. It is not. Both license families turn on what you do with the software, not on where the servers are. Running a covered component in your own cloud account for your own internal purposes is a different question from wrapping that component in a product and selling access to customers. The infrastructure is incidental. The deployment pattern is the deciding fact. A buyer who conflates the two will either panic over internal use that is fine or overlook a service offering that is not.

Where managed service exposure tends to hide

The exposure is rarely in the obvious place. It hides where a covered component sits inside a customer facing service without anyone framing it as offering that component as a service. A data platform that exposes search to customers may depend on a relicensed engine. A product that gives customers their own managed instance of a database may be offering the database as a service in all but name. These patterns were adopted as ordinary engineering choices, long before the license changed, and they only become exposure when the terms shift underneath them. As of 2021 Elasticsearch and Kibana moved to the Server Side Public License and the Elastic License, and as of March 2024 Redis moved to a dual model including the Server Side Public License. Each change reached running services that were built years earlier.

Because the obligation can reach the surrounding stack, the blast radius of a managed service exposure is often wide. The way that reach turns into a number is covered in quantifying open source license exposure, and the way procurement should treat a covered component before it lands is covered in relicensing and procurement approval processes.

How to assess cloud and managed service relicensing risk

The method is to separate use from hosting. Map where covered components run, then classify each deployment: internal use, embedded use, or offering the software as a service to third parties. Test each service pattern against the competitive condition of the Business Source License and the service condition of the Server Side Public License, dated against primary sources because this area moves quickly. Where a pattern crosses a condition, size the cost to cure across the usual paths: a pre change version, a fork such as OpenSearch or Valkey, a commercial license, or removal. A relicensing exposure review produces this map, and the wider landscape sits on the relicensing pillar.

We are independent and buyer side. We take no vendor fees and resell no software, so our read of your cloud and managed service exposure reflects your risk and nothing else. This is commercial and licensing risk advisory, not legal advice. For interpretation of specific license terms and your compliance position, engage your own counsel.