{"componentChunkName":"component---src-templates-blog-template-js","path":"/blog/ai-open-source-and-intellectual-property","result":{"data":{"markdownRemark":{"html":"<h1>AI, Open Source and Intellectual Property</h1>\n<p>Open source has always been based on a simple but powerful exchange: you may use, study, modify, and share the code, but\nyou must respect the license. That bargain created Linux, Kubernetes, PostgreSQL, Python, countless security libraries,\nand the infrastructure behind much of the modern internet.</p>\n<p>Generative AI puts pressure on that bargain.</p>\n<p>Large AI models are trained on enormous amounts of text, images, audio, video, and source code. A significant part of\nthat material was made publicly available by people who wanted to share, collaborate, document, teach, or publish. Public\navailability, however, is not the same as permission for every possible commercial use. A repository on the internet is\nnot automatically a waiver of copyright. An open source license is not an invitation to ignore attribution, copyleft,\nnotice, source-sharing obligations, or restrictions in dependency licenses.</p>\n<p>That is the core dilemma: AI companies often argue that training is analysis, learning, or fair use. Many creators and\nopen source maintainers argue that model training involves copying protected work at industrial scale, often without\npermission, compensation, attribution, or a practical way to opt out.</p>\n<h2>Why open source is especially exposed</h2>\n<p>Open source code is easy to collect. It is structured, searchable, versioned, and hosted in public repositories. It also\ncontains comments, tests, issue discussions, examples, commit history, documentation, and configuration files.</p>\n<p>For AI model builders, this is extremely valuable training material. For maintainers, it creates several risks.</p>\n<ul>\n<li>License obligations can disappear between training input and generated output.</li>\n<li>Attribution is usually not preserved when a model suggests code.</li>\n<li>Copyleft code can influence generated snippets without the user knowing the source license or the obligations attached\nto it.</li>\n<li>Maintainers may see their work used to build commercial tools that compete with their consulting, support, or hosted\nproducts.</li>\n<li>Security-sensitive code patterns can be reproduced without context.</li>\n<li>Vulnerable or outdated code can be made easier to copy at scale.</li>\n</ul>\n<p>This is not only a question of whether a model can output a perfect copy of a function. That happened more visibly in\nearly AI coding tools, where prompts could sometimes reproduce recognizable code. As products matured, providers became\nmore careful about filters, similarity checks, and output controls. But avoiding obvious verbatim reproduction does not\nsolve the deeper issue. The training process may still have depended on code whose license terms were never carried\nforward.</p>\n<p>In other words, the copyright problem does not disappear just because the evidence becomes harder to detect in the\noutput.</p>\n<p>This is especially important for reciprocal licenses such as the GPL and AGPL. These licenses are not just permission\nslips. They grant broad freedoms, but they also require that derivative works, or software distributed under the relevant\nconditions, preserve those freedoms. If a model was trained on GPL code and then produces code that is substantially based\non that GPL input, the user may unknowingly introduce GPL obligations into their own project. If that project is closed\nsource, proprietary, or distributed under an incompatible license, the result can be a license violation.</p>\n<p>The practical problem is that the user usually cannot know. The AI assistant does not say: \"this suggestion was derived\nfrom GPL-licensed code\", \"this pattern came from an AGPL project\", or \"this output resembles Apache-licensed code and\nrequires preserving notices\". The license context was present in the training data, but it is missing from the answer.\nThat breaks the compliance chain that open source licensing depends on.</p>\n<h2>The uncomfortable difference between reading and training</h2>\n<p>Developers learn from open source all the time. We read code, understand patterns, and write our own implementation. That\nis normal and healthy. Open source depends on this kind of learning.</p>\n<p>AI training is different in scale, automation, and market effect. A human developer reading a project does not usually\ncopy millions of repositories into a training pipeline, compress their statistical patterns into a commercial model, and\nsell access to code generation as a product. The model may not store files like a database, but the business value still\ncomes from extracting patterns from other people's work.</p>\n<p>This is why the discussion is so difficult. If every act of machine learning from public code requires individual\npermission, many AI systems become impractical to train. If no permission is required, the economic and moral rights of\ncreators become much weaker. Both extremes create problems.</p>\n<h2>EU vs US: two very different legal instincts</h2>\n<p>The legal landscape is not uniform. Countries are still trying to fit AI into copyright systems that were not written for\nlarge-scale model training.</p>\n<h3>European Union</h3>\n<p>The EU has a more explicit framework. The <a href=\"https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32019L0790\" rel=\"nofollow\">Directive on Copyright in the Digital Single Market</a>\ncontains text and data mining exceptions. Article 3 covers research organizations and cultural heritage institutions.\nArticle 4 allows text and data mining more broadly, including commercially, but lets rights holders reserve their rights,\nfor example through machine-readable means.</p>\n<p>The EU <a href=\"https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai\" rel=\"nofollow\">AI Act</a> adds another layer for\ngeneral-purpose AI models. Providers have transparency and copyright-related obligations, including policies to comply\nwith EU copyright law and summaries of training content. This does not fully answer whether a specific training run was\nlawful, but it moves the EU toward a model where AI providers must document more and rights holders have clearer tools to\nobject.</p>\n<p>The weakness is practical enforcement. Opt-out mechanisms are fragmented. <code>robots.txt</code> was designed for web crawlers, not\nfor nuanced copyright reservations across source repositories, package registries, mirrors, datasets, and forks. A small\nopen source maintainer may have a legal right to reserve use but no realistic way to audit whether a frontier model\nrespected it.</p>\n<h3>United States</h3>\n<p>The US has no equivalent AI-specific copyright exception for training. The debate largely revolves around fair use,\nlitigation, licensing deals, and market harm. The <a href=\"https://www.copyright.gov/ai/\" rel=\"nofollow\">US Copyright Office</a> has been studying\nAI and copyright in multiple reports, including digital replicas, copyrightability of AI outputs, and generative AI\ntraining. Its <a href=\"https://www.copyright.gov/fair-use/\" rel=\"nofollow\">fair use guidance</a> emphasizes that fair use is case-specific and\ndepends on factors such as purpose, amount used, and market effect.</p>\n<p>That makes the US more flexible but less predictable. AI companies can argue that training is transformative. Rights\nholders can argue that mass copying is commercial, substitutes licensing markets, and damages the value of their work.\nCourts are still shaping the boundaries.</p>\n<p>For open source, the US approach creates uncertainty. A company may believe model training on public repositories is fair\nuse, while maintainers may believe the company ignored license conditions. Until courts or legislation provide clearer\nanswers, the practical result is an imbalance: large companies can absorb legal risk, while individual maintainers often\ncannot.</p>\n<h3>United Kingdom</h3>\n<p>The UK is between these positions. The government has consulted on a copyright and AI framework that would combine a text\nand data mining exception, rights reservation, licensing, and stronger transparency. The official consultation recognizes\nthat current UK law is disputed and that both creators and AI developers lack certainty.</p>\n<p>This is an attempt to find a middle path: allow AI training at scale where rights are not reserved, but give rights\nholders more control and better visibility. Whether that can work depends on the technical details. An opt-out that only\nlarge publishers can use is not a fair system for independent developers, musicians, writers, and small open source\nprojects.</p>\n<h3>Japan and Singapore</h3>\n<p>Japan is often described as more permissive for information analysis and machine learning, although the details are still\nsubject to interpretation and guidance. Japan's Agency for Cultural Affairs has published a general understanding of AI\nand copyright, making clear that the topic remains legally nuanced.</p>\n<p>Singapore also has a relatively broad computational data analysis exception. The policy goal is to support innovation and\nAI development, but the tradeoff is familiar: broader training permissions can weaken the bargaining position of rights\nholders unless paired with transparency, licensing markets, or other safeguards.</p>\n<h2>This is bigger than source code</h2>\n<p>The open source debate is part of a wider conflict over digital identity and creative labor.</p>\n<p>Actors are fighting against AI systems that copy faces, body movement, and performances. Voice actors and singers are\nfighting against cloned voices that can produce new performances without consent. Writers and journalists are fighting\nmodels trained on books, articles, and archives. Visual artists are fighting image generators that can imitate their\nstyle or flood the market with derivative-looking work.</p>\n<p>The pattern is similar in each case:</p>\n<ul>\n<li>Creative work is collected at scale.</li>\n<li>The model learns from it without a direct relationship with the creator.</li>\n<li>A product is sold using the resulting capability.</li>\n<li>The creator has little transparency, little bargaining power, and limited ability to prove what happened.</li>\n</ul>\n<p>For actors and singers, the issue is not only copyright. It is also personality rights, publicity rights, labor law,\ncontract law, consumer protection, and consent. A voice can be a performance, a biometric marker, a brand, and a personal\nidentity all at once. A face can be an artistic asset, but also the person themselves.</p>\n<p>Open source developers may not think of themselves as performers, but the economics are comparable. Their work becomes\ntraining material for a system that can compete with them, reduce attribution, and shift value from many small creators to\na few large model providers.</p>\n<h2>The problem with \"it was public\"</h2>\n<p>One of the weakest arguments in the AI debate is that public access equals unrestricted use. The web has never worked\nthat way. A blog post is public, but not free to republish as a book. A photo is public, but not free to use in an ad. A\nGitHub repository is public, but still governed by copyright and license terms.</p>\n<p>Open source licenses are built on this distinction. They grant broad permissions, but those permissions come with\nconditions. MIT, Apache, BSD, GPL, AGPL, MPL, and other licenses make different choices about attribution, patent grants,\nsource distribution, network use, and derivative works. Treating all public code as raw material erases these choices.</p>\n<p>That is dangerous because license diversity is not an accident. It is how maintainers express intent.</p>\n<h2>What would a fairer system look like?</h2>\n<p>There is no simple solution, but several principles would make the ecosystem healthier.</p>\n<h3>1. Transparency by default</h3>\n<p>AI providers should publish meaningful summaries of training data sources. Not every individual file must necessarily be\nlisted publicly, but broad statements like \"trained on public data\" are not enough. Developers, artists, publishers, and\nusers need to know what types of material were used and under what legal theory.</p>\n<h3>2. Respect for machine-readable rights</h3>\n<p>If the law depends on opt-outs, they must be standardized, accessible, and enforceable. A small project should not need a\nlegal department to say \"do not train on this\". Repositories, package registries, websites, and content platforms need\nclear mechanisms that AI crawlers actually respect.</p>\n<h3>3. License-aware AI tooling</h3>\n<p>Code assistants should help users understand licensing risk. If generated code is similar to known open source code, the\ntool should warn the user and surface the relevant license. Hiding similarity problems may reduce lawsuits in the short\nterm, but it increases downstream compliance risk for developers and companies using the tool.</p>\n<h3>4. Better compensation models</h3>\n<p>Some training uses should be licensed. This could include direct licensing, collective licensing, dataset marketplaces,\nor revenue-sharing models. The details will differ between source code, music, film, journalism, and visual art, but the\nprinciple is the same: if a commercial AI product depends on high-quality human work, the people who created that work\nshould not be invisible.</p>\n<h3>5. Strong protection against impersonation</h3>\n<p>Digital replicas of voices, faces, and performances should require consent. Labelling alone is not enough if a fake voice\nor face can be used to mislead, harass, defraud, or replace someone commercially. This is where copyright is only one part\nof the answer.</p>\n<h2>What open source maintainers can do today</h2>\n<p>The legal situation is unsettled, but maintainers still have practical options.</p>\n<ul>\n<li>Choose licenses deliberately and document the reason.</li>\n<li>Add clear repository notices about AI training preferences if that matters to the project.</li>\n<li>Support foundations and organizations that advocate for open source rights in AI policy discussions.</li>\n</ul>\n<p>None of this fully solves the problem. It simply reduces risk while law and industry practice catch up.</p>\n<h2>The real danger for open source</h2>\n<p>The greatest danger is not that AI learns from open source. Learning from open source is part of why the software world\nworks.</p>\n<p>The danger is that AI turns open collaboration into one-way extraction. If maintainers contribute code, documentation,\nbug reports, examples, and community knowledge, while the commercial value is captured elsewhere without attribution,\nlicense compliance, or support for the commons, the social contract weakens.</p>\n<p>Open source depends on trust. AI companies need open source, but they also risk damaging the very ecosystem they rely on.\nRespecting licenses, publishing meaningful data transparency, supporting maintainers, and building opt-out and licensing\nmechanisms are not anti-AI positions. They are pro-sustainability positions.</p>\n<p>AI can be a useful tool for developers, artists, writers, singers, actors, and companies. But usefulness does not erase\nproperty rights, consent, or credit. If society wants AI systems trained on the work of millions of people, it must also\ndecide how those people retain agency over what they created.</p>\n<p>That decision cannot be left only to the companies that already copied the data.</p>","frontmatter":{"date":"July 06, 2026","slug":"ai-open-source-and-intellectual-property","title":"AI, Open Source and Intellectual Property","description":"How AI training challenges open source, copyright, licensing, and the wider fight over creative work, voices, faces, and digital identity.","author":"Sascha Pfeiffer","featuredImage":null}}},"pageContext":{"slug":"ai-open-source-and-intellectual-property","lang":"en","langPathPrefix":""}},"staticQueryHashes":["2149092236","3128451518","3192060438"]}