Choosing an open source license is one of the most consequential IP decisions an AI platform builder makes. MIT, Apache 2.0, AGPL, and the new RAIL licenses each create different obligations and protections. Getting this wrong can destroy a commercial model.
Key Analysis
MIT License: permissive, requires only attribution. Anyone can use, modify, and redistribute the code — including in proprietary commercial products — without sharing source. Good for adapters and plugins where maximum adoption is the goal. Bad for core engines where maintaining a commercial moat matters.
Apache License 2.0: permissive but includes a patent retaliation clause. If someone uses Apache 2.0 code and then sues the licensor for patent infringement related to that software, they automatically lose their right to use the Apache 2.0 licensed code. This provides meaningful patent protection for downstream users and is preferred over MIT for many commercial open source projects.
AGPL (GNU Affero General Public License): the SaaS trigger license. If AGPL code is modified and access to the modified version is provided over a network — as a web service or API — the entire source code must be released under AGPL. This prevents commercial SaaS companies from building products on AGPL code without contributing back. If the core engine is AGPL, competitors who run it as a service must open-source their product.
Commons Clause: an addendum to other licenses that prevents commercial resale. Not OSI-approved and not technically 'open source' by the Open Source Definition — but legal and enforceable as a contract term. Used by Redis, MongoDB (historically), and others to prevent large cloud providers from selling the software as a managed service.
RAIL and OpenRAIL-M: new AI-specific licenses that attach ethical use conditions to model weights and code. They permit use, modification, and redistribution but prohibit specified harmful applications. Hugging Face uses OpenRAIL-M for some models. These are enforceable as license terms but challenging to enforce downstream.
What Ollama's MIT license means for Llama 3 commercial use: Ollama's MIT wrapper permits commercial use of the Ollama software. The Llama 3 model weights are under Meta's Llama Community License, which has usage restrictions for very large deployments (700M+ MAU). Check the model license, not just the framework license.
Risk Signals
Running AGPL code — some versions of ChromaDB, certain AI frameworks — in a SaaS product without legal review of whether the network service trigger applies. This can force disclosure of the entire platform's source code.
Assuming MIT license means no obligations — attribution notices must still be retained in derived products, and missing attribution notices is the most common open source license violation.
Using model weights under a non-commercial-only research license in a production commercial product without noticing the restriction.
Action Items
Audit every third-party library and model weight in the stack for its license. Build a license inventory: component, version, license, SaaS trigger applies (yes/no), commercial use permitted (yes/no). Review this inventory when adding any new dependency.
For own released code: use Apache 2.0 for product adapters and integration libraries (maximum adoption, patent protection clause). Keep core behavioral engines proprietary or under a custom RAIL-style license that attaches ethical use conditions.
Review model licenses specifically before production deployment: Llama 3, Mistral, Gemma, and Phi all have different commercial use terms. Do not assume permissive licensing because the model weights are publicly downloadable.