[License-review] Adapting the license-review process to AI
Roland Turner
roland at rolandturner.com
Tue Sep 10 03:23:58 UTC 2024
On 10/9/24 07:31, Josh Berkus wrote:
> 1. We'll need to review TOS for types of content which are not subject
> to copyright law (e.g. collections of model weights). To date, all of
> the license eval on this list has been within the framework of copyright
> law. I suspect that I lot of us would need some education on how to
> evaluate non-copyright terms; I know that I will.
I'd suggest that TOS will never be in scope, at least not in its
entirety. It's hard to see how a service provider arrangement that
doesn't permit a data transfer to the licensee could ever comply with
the OSAID. For service provider arrangements that do permit this, the
relevant instrument will be the data transfer agreement (DTA). That in a
particular contractual relationship the DTA was embedded in TOS doesn't
change this, it's still the terms of the DTA which would be relevant to L-R.
(There will be legitimate questions to ask about whether a particular
situation limits transfers more than applicable law requires, that is
that the licensor exercises its own discretion in whom in permits to
receive transfers. On its face this would appear incompatible with
OSAID, but is probably not worth worrying much about until/unless it
happens. Analogous situations already frequently arise with OSD,
including both licensor-patent-licenses not granted and anti-competitive
terms, particularly those aimed at hyperscalers.)
Note in particular that the OSAID FAQ contemplates situations where
training data can't [always] be transferred due to legal constraints. In
some of these situations — particularly those involving personal data
(confidential or not) — transfer will be possible to qualified
recipients (e.g. those holding a relevant GDPR Art. 42 certificate) so
long as an adequate DTA is in place. Evaluating such an agreement will
certainly require expertise beyond copyright law. Worse, it's
jurisdiction-specific. Copyright operates in near-identical ways
worldwide, personal data protection very much doesn't.
But to your final point, yes, we'll need far broader expertise than
copyright.
> 3. The OSAID certifies complete software systems, not just licensing
> documents. So we will need to verify that the terms submitted are
> actually applied to the software available. To date, L-R has operated
> by waiting for folks to submit documents to us; the OSAID will require
> us -- or someone else -- to perform a compliance review.
Do you have a basis for this?
As I understand the OSAID the intention is still that OSI approve the
terms under which a licensee receives a system, all that's changed is
that those terms will be spread across multiple instruments and
potentially multiple areas of law rather than simply being distribution
terms in a single copyright license/agreement. There does not appear to
be any intention to set up a per-system certification body; that would
require OSI spinning up one of the world's largest certification bodies
which would appear to be far outside OSI's scope and capabilities.
Are you perhaps thinking about the process used to develop the OSAID? As
a matter of course, that process required some proactive research, and
will likely give rise to an initial batch of own-initiative approvals,
but this does not imply an ongoing process of this type.
> We also might consider splitting the work. I believe that L-R is going
> to be much better equipped to evaluate whether the various documents
> (licenses and terms) comply with the OSD, and leave it to another team
> (staff, maybe?) to evaluate whether the AI software actually uses all
> approved documents.
I'm not sure ending the consultative nature of the process (by having
non-copyright elements reviewed by staff instead of through an open
review process) would be a desirable approach for OSI. If there's really
benefit in spinning up a separate team to deal with the broader
questions then, sure, but I'd suggest there remains real benefit in
structuring it in much the same way.
This does open another process question: to date the process to develop
OSAID has happened independently of L-R. Presumably this thread is the
start of a convergence process. I am wondering whether putting an
initial set of terms through L-W on an own-initiative basis is part of
the plan.
> Finally, I think we'll want to list approved documents which are not
> software licenses separately on the website from the software licenses.
I'd wondered about this. "Under OSD-conformant terms" looks like a
mistake. Presumably the act of approving a set of terms which includes
e.g. CC-BY on the documentation necessarily implies approving that
license for that purpose. Even if there's some reason for keeping it
separate because they're a bad fit for software, we're going to pretty
quickly implicitly approve non-software licenses for OSAID use. Not
making this public would appear to needlessly complicate proposer's
lives. So, yes, an "approved for non-software use" or similar list will
quickly make sense.
- Roland
More information about the License-review
mailing list