[License-review] Adapting the license-review process to AI

Roland Turner roland at rolandturner.com
Tue Sep 10 03:23:58 UTC 2024


On 10/9/24 07:31, Josh Berkus wrote:

> 1. We'll need to review TOS for types of content which are not subject
> to copyright law (e.g. collections of model weights).  To date, all of
> the license eval on this list has been within the framework of copyright
> law.  I suspect that I lot of us would need some education on how to
> evaluate non-copyright terms; I know that I will.

I'd suggest that TOS will never be in scope, at least not in its 
entirety. It's hard to see how a service provider arrangement that 
doesn't permit a data transfer to the licensee could ever comply with 
the OSAID. For service provider arrangements that do permit this, the 
relevant instrument will be the data transfer agreement (DTA). That in a 
particular contractual relationship the DTA was embedded in TOS doesn't 
change this, it's still the terms of the DTA which would be relevant to L-R.

(There will be legitimate questions to ask about whether a particular 
situation limits transfers more than applicable law requires, that is 
that the licensor exercises its own discretion in whom in permits to 
receive transfers. On its face this would appear incompatible with 
OSAID, but is probably not worth worrying much about until/unless it 
happens. Analogous situations already frequently arise with OSD, 
including both licensor-patent-licenses not granted and anti-competitive 
terms, particularly those aimed at hyperscalers.)

Note in particular that the OSAID FAQ contemplates situations where 
training data can't [always] be transferred due to legal constraints. In 
some of these situations — particularly those involving personal data 
(confidential or not) — transfer will be possible to qualified 
recipients (e.g. those holding a relevant GDPR Art. 42 certificate) so 
long as an adequate DTA is in place. Evaluating such an agreement will 
certainly require expertise beyond copyright law. Worse, it's 
jurisdiction-specific. Copyright operates in near-identical ways 
worldwide, personal data protection very much doesn't.

But to your final point, yes, we'll need far broader expertise than 
copyright.


> 3. The OSAID certifies complete software systems, not just licensing
> documents.  So we will need to verify that the terms submitted are
> actually applied to the software available.  To date, L-R has operated
> by waiting for folks to submit documents to us; the OSAID will require
> us -- or someone else -- to perform a compliance review.

Do you have a basis for this?

As I understand the OSAID the intention is still that OSI approve the 
terms under which a licensee receives a system, all that's changed is 
that those terms will be spread across multiple instruments and 
potentially multiple areas of law rather than simply being distribution 
terms in a single copyright license/agreement. There does not appear to 
be any intention to set up a per-system certification body; that would 
require OSI spinning up one of the world's largest certification bodies 
which would appear to be far outside OSI's scope and capabilities.

Are you perhaps thinking about the process used to develop the OSAID? As 
a matter of course, that process required some proactive research, and 
will likely give rise to an initial batch of own-initiative approvals, 
but this does not imply an ongoing process of this type.


> We also might consider splitting the work.  I believe that L-R is going
> to be much better equipped to evaluate whether the various documents
> (licenses and terms) comply with the OSD, and leave it to another team
> (staff, maybe?) to evaluate whether the AI software actually uses all
> approved documents.

I'm not sure ending the consultative nature of the process (by having 
non-copyright elements reviewed by staff instead of through an open 
review process) would be a desirable approach for OSI. If there's really 
benefit in spinning up a separate team to deal with the broader 
questions then, sure, but I'd suggest there remains real benefit in 
structuring it in much the same way.

This does open another process question: to date the process to develop 
OSAID has happened independently of L-R. Presumably this thread is the 
start of a convergence process. I am wondering whether putting an 
initial set of terms through L-W on an own-initiative basis is part of 
the plan.


> Finally, I think we'll want to list approved documents which are not
> software licenses separately on the website from the software licenses.

I'd wondered about this. "Under OSD-conformant terms" looks like a 
mistake. Presumably the act of approving a set of terms which includes 
e.g. CC-BY on the documentation necessarily implies approving that 
license for that purpose. Even if there's some reason for keeping it 
separate because they're a bad fit for software, we're going to pretty 
quickly implicitly approve non-software licenses for OSAID use. Not 
making this public would appear to needlessly complicate proposer's 
lives. So, yes, an "approved for non-software use" or similar list will 
quickly make sense.


- Roland





More information about the License-review mailing list