Relicensing triggered by acquisition.

Open source license risk is not only a technical question. It is a question of who controls a project and what they need it to earn. When ownership changes, the answer to both can change too. A project that was stable and openly licensed for a decade can become a monetization target the moment a new owner sets a new strategy. Understanding that link lets you watch the right signals rather than be surprised by an announcement.

How relicensing is triggered by acquisition

A license is set by the copyright holder, and for a single vendor open source project that holder is usually the company behind it. When that company is acquired, the copyright moves with it. The new owner generally cannot retroactively change the license on releases already published, but it can set new terms for future releases. Relicensing triggered by acquisition happens when a new owner decides the project should protect a commercial model rather than maximize adoption, and moves new releases from an open license to a source available one such as the Business Source License or the Server Side Public License.

The pressure is structural. An acquirer pays for a company partly on the expectation of future revenue. A dominant open source product that is heavily used but lightly monetized is an obvious place to find that revenue. Restricting competitive use is one lever available to do so. This is not inevitable, and many acquired projects stay open, but the incentive is real and worth tracking.

The HashiCorp and IBM example, read carefully

The most discussed case needs to be read in the right order. As of August 2023, HashiCorp moved Terraform, Vault, Consul, Nomad, and Packer to the Business Source License 1.1. IBM later acquired HashiCorp. So in this instance the relicense came before the acquisition, not because of it. The example still teaches the lesson, because it shows how the commercial logic around a widely used project drives both relicensing and consolidation, and how a fork such as OpenTofu emerges when the community rejects the new terms. The point is not that acquisition always causes relicensing. It is that ownership and license strategy move together, and buyers should track both.

Warning signs worth watching

Several signals raise the probability of a relicense, especially around an ownership change. A company built around a single dominant open source product carries more pressure than one with a diversified portfolio. A competing cloud service that captures revenue the project owner feels entitled to is a common catalyst. A contributor license agreement that consolidates rights in one company makes a future relicense mechanically easier. Public statements about sustainability and free riding often precede a change. And of course an acquisition, an investment round, or a leadership change can reset the strategy overnight. None of these is decisive alone. Together they tell you which dependencies deserve a contingency plan.

Why single vendor projects carry more risk

The structural fact behind acquisition driven relicensing is concentration of control. When one company holds the copyright and drives nearly all development, a single decision can change the terms for every user. A project governed by a foundation or developed across many independent contributors is far harder to relicense, because no one party holds the rights to do it. This is why the ownership model of a dependency is a risk factor in its own right. Two technically similar components can carry very different relicensing risk based purely on who controls them.

How to prepare before the terms change

Preparation is cheaper than reaction. Keep a current inventory so you know exactly where each single vendor project sits in your stack. Flag the dependencies that are both critical and single vendor controlled, because those are where a relicense would hurt most. For each, pre identify a fork or an alternative and rough out what migration would cost. You do not have to act until something changes, but having the plan ready means you respond in weeks rather than scramble for months. It also lowers the leverage a new owner holds, because a buyer with a credible exit negotiates from a stronger position than one with none.

From watching signals to containing risk

Tracking ownership driven relicensing risk is part of our relicensing exposure review. For the full picture, read our pillar on open source relicensing. To understand the license that usually follows, read the Business Source License explained. To get the dates right once a change lands, read notice and effective dates in a relicense, and for what follows, read relicensing and your compliance obligations.