[License-review] Review for the NIST Software License
McCoy Smith
mccoy at lexpan.law
Tue Mar 31 17:37:59 UTC 2026
Lucas:
OSI has a two month review and comment period for all licenses. So NIST
was in that process until earlier this month.
There has been a review at the Board of this license, at the March board
meeting, with minutes and results to be published shortly.
On 3/31/2026 9:39 AM, Hale, Lucas M. (Fed) via License-review wrote:
>
> Hi all,
>
> I’m just checking on the status of the NIST license as I haven’t heard
> anything for over two months.
>
> Lucas
>
> *From:*License-review <license-review-bounces at lists.opensource.org>
> *On Behalf Of *Hale, Lucas M. (Fed) via License-review
> *Sent:* Friday, January 9, 2026 10:06 AM
> *To:* License submissions for OSI review
> <license-review at lists.opensource.org>
> *Cc:* Hale, Lucas M. (Fed) <lucas.hale at nist.gov>
> *Subject:* [EXTERNAL] Re: [License-review] [EXTERNAL] Re: [EXTERNAL]
> Re: Review for the NIST Software License
>
> The license I submitted is for NIST software that is provided as a
> public service. There should not be anything proprietary in any
> associated code or repository.
>
> I only mentioned the contractor stuff because of the discussion in the
> original thread. It probably would depend on the specific project,
> but I could see alternatives such as
>
> * Some other (non-open source) license applying to the combined
> work, or more likely
> * A clear division between the open and proprietary components where
> the open part does not contain proprietary tools or data but can
> interface with such.
>
> Lucas
>
> *From:*License-review <license-review-bounces at lists.opensource.org>
> *On Behalf Of *Pamela Chestek
> *Sent:* Thursday, January 8, 2026 10:04 PM
> *To:* license-review at lists.opensource.org
> *Subject:* [EXTERNAL] Re: [License-review] [EXTERNAL] Re: Review for
> the NIST Software License
>
> As I understand it, there wouldn't be any license needed for use in
> the United States since the software is in the public domain in the
> US, so the license applies (1) outside of the US and (2) in the US
> where NIST could claim that the user contractually accepted the
> limitations on use (the obligation to keep the notice and the waiver
> of warranty) - but just using the software won't be enough to prove
> contract, as it does when the agreement is a true copyright license.
> But I'm generally not concerned with whether a license can be
> enforced, just that, if it can be enforced, it doesn't have any
> impermissible restrictions.
>
> I'm a little confused by this statement: "Cases where the work is
> copyright-protected would fall under other licenses." Are you saying
> that, if there is 3rd party-created software, this license won't be
> used for it? The document says "NIST-developed software is provided by
> NIST as a public service." This seems like a possible trap, that is,
> is it an advisory that there could be software in the bundle that was
> created by a contractor that isn't included under this license because
> it isn't "NIST-developed," so it's up to the user to somehow figure
> that out? It's not great to have it in the license, for that reason.
> However, it also could be construed as non-operative language, with
> the next sentences giving clear grants, even if some of the software
> was created by contractors who have copyright.
>
> In light of the fact that this is a legacy government license I'm
> inclined to overlook its flaws, since it's not trying to impose any
> unacceptable restrictions. I don't see any reason not to approve it.
>
> Pam
>
> Pamela S. Chestek
> Chestek Legal
> 4641 Post St.
> Unit 4316
> El Dorado Hills, CA 95762
> +1 919-800-8033
> pamela at chesteklegal
> www.chesteklegal.com <http://www.chesteklegal.com/>
>
> On 1/7/2026 1:35 PM, Hale, Lucas M. (Fed) via License-review wrote:
>
> Hi All,
>
> I finally managed to get meetings rescheduled after the shutdown
> and holidays to get answers to your questions.
>
> First, the primary questions for submission.
>
> 1. Describe what gap not filled by currently existing licenses
> that the new license will fill.
>
> Any open source software created at NIST using federal funding is
> required to use the NIST software license. Software that
> originates primarily from NIST-funded work must operate under US
> government public access policies, which the NIST software license
> is compliant with.
>
> 2. Compare it to and contrast it with the most similar
> OSI-approved license(s).
>
> The NIST license is close to the MIT license in that it defines
> the copyright scope, usage rights, citation guidelines, and
> liability disclaimers. It differs in that because it is the
> result of federally funded work it is not subject to copyright
> protection in the US to begin with rather than giving the
> copyright away.
>
> 3. Describe any legal review the license has been through,
> including whether it was drafted by a lawyer.
>
> The license was drafted by the NIST Office of Chief Council and
> has undergone internal review and revisions over the years.
>
> As for other discussion and questions from the thread:
>
> This license is associated with US government-sponsored work that
> is performed by government employees or others working at NIST. As
> stated above and in the license, there is inherently no copyright
> in the US with the associated work due to the US government public
> access policies. However, it does specify usage permissions, terms
> and conditions, and disclaimers to protect against legal liability.
>
> As for outside the US, the
> https://www.usa.gov/government-copyright page has this line: “The
> U.S. government may assert copyright outside of the United States
> for U.S. government works.” My guess is that this allows for
> export-control over works to target countries, but I’m not sure if
> this is currently being done on public access works.
>
> Cases where the work is copyright-protected would fall under other
> licenses. For the “contractors” exceptions, from what I heard it
> is less of a loophole and more the result of contract negotiations
> between government organizations and external
> contractors/subcontractors. The idea is that the external party
> has or is developing proprietary tools and data that the
> government wants to use, so complex contracts with special
> provisions and clauses let the external party retain copyright
> control while the government has usage rights. But, as stated,
> that is outside the scope of the license under review.
>
> Lucas
>
> *From:*License-review
> <license-review-bounces at lists.opensource.org>
> <mailto:license-review-bounces at lists.opensource.org> *On Behalf Of
> *Hale, Lucas M. (Fed) via License-review
> *Sent:* Tuesday, September 30, 2025 11:22 AM
> *To:* License submissions for OSI review
> <license-review at lists.opensource.org>
> <mailto:license-review at lists.opensource.org>
> *Cc:* Hale, Lucas M. (Fed) <lucas.hale at nist.gov>
> <mailto:lucas.hale at nist.gov>
> *Subject:* [EXTERNAL] Re: [License-review] Review for the NIST
> Software License
>
> Hi reviewers,
>
> I reached out to those in charge of the NIST software policy and
> will meet with them and our Office of Chief Council to discuss and
> bring your questions to them. We’ll hopefully get answers for
> moving forward in regards to both sides.
>
> Note that since a US Government shutdown is imminent and at this
> moment likely, progress on the NIST side may take some time and I
> won’t have email access during the down time. Hopefully it won’t
> happen or be too long, but if you need to table/withdraw the
> review after a time period feel free to do so and we can try again
> when possible.
>
> Lucas
>
> *From:*Carlo Piana <carlo at piana.eu>
> *Sent:* Tuesday, September 30, 2025 4:58 AM
> *To:* License submissions for OSI review
> <license-review at lists.opensource.org>
> *Cc:* Hale, Lucas M. (Fed) <lucas.hale at nist.gov>
> *Subject:* [EXTERNAL] Re: [License-review] Review for the NIST
> Software License
>
>
>
>
> You don't often get email from carlo at piana.eu
> <mailto:carlo at piana.eu>. Learn why this is important
> <https://aka.ms/LearnAboutSenderIdentification>
>
>
>
> Lucas,
>
> if I understand correctly, this should not technically be a
> license, since the software is not subject to copyright in the USA
> as far as it has been created by NIST employees. I think that if
> software is not given protection in the state of first publication
> is not protected even elsewhere, under the Berne Convention,
> therefore this is basically a dedication to public domain, whose
> primary scope is the liability disclaimer(s).
>
> However, the "provided that you keep intact this entire notice" is
> technically (US lawyers please help) a condition, that means this
> is a license with conditional grant, after all. The other
> condition-like provision uses the verb "should", which is more of
> an invite, at face value.
>
> I do not see anything that would prevent this text to be approved,
> maybe in the "non reusable" category. But could NIST give us their
> position on the above discussion, for the sake of clarity, please?
>
> Cheers
>
> Carlo (in his personal provisional view and capacity)
>
> ------------------------------------------------------------------------
>
> *Da: *"Hale, Lucas M. (Fed) via License-review"
> <license-review at lists.opensource.org
> <mailto:license-review at lists.opensource.org>>
> *A: *"license-review at lists.opensource.org
> <mailto:license-review at lists.opensource.org>"
> <license-review at lists.opensource.org
> <mailto:license-review at lists.opensource.org>>
> *Cc: *"Hale, Lucas M. (Fed)" <lucas.hale at nist.gov
> <mailto:lucas.hale at nist.gov>>
> *Inviato: *Lunedì, 29 settembre 2025 22:13:02
> *Oggetto: *[License-review] Review for the NIST Software License
>
> Hi OSI reviewers!
>
> I would like to submit the National Institute of Standards and
> Technology (NIST) Software license for review to be included
> in your list. This is the primary license that NIST staff are
> expected to use when releasing software.
>
> The license complies with the Open Source Definition,
> including the OSD 3, 5, 6 and 9 criteria.
>
> There are numerous projects using the NIST software. For
> instance, there are 1.3K repositories at
> https://github.com/usnistgov
> <https://github.com/usnistgov>that should all be using the
> license. As such, it falls under the legacy category.
>
> The NIST license is also listed on the main NIST website
> https://www.nist.gov/open/copyright-fair-use-and-licensing-statements-srd-data-software-and-technical-series-publications
> <https://www.nist.gov/open/copyright-fair-use-and-licensing-statements-srd-data-software-and-technical-series-publications>,
> and has an SPDX listing
> https://spdx.org/licenses/NIST-Software.html
> <https://spdx.org/licenses/NIST-Software.html>. Under both
> sites, it is titled “NIST Software License”
>
> Thank you for your time and consideration!
>
> Sincerely,
>
> Lucas Hale
>
>
> _______________________________________________
> The opinions expressed in this email are those of the sender
> and not necessarily those of the Open Source Initiative.
> Communication from the Open Source Initiative will be sent
> from an opensource.org email address.
>
> License-review mailing list
> License-review at lists.opensource.org
> <mailto:License-review at lists.opensource.org>
> http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org
> <http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org>
>
> _______________________________________________
>
> The opinions expressed in this email are those of the sender and not necessarily those of the Open Source Initiative. Communication from the Open Source Initiative will be sent from an opensource.org email address.
>
> License-review mailing list
>
> License-review at lists.opensource.org
>
> http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org
>
>
> _______________________________________________
> The opinions expressed in this email are those of the sender and not necessarily those of the Open Source Initiative. Communication from the Open Source Initiative will be sent from an opensource.org email address.
>
> License-review mailing list
> License-review at lists.opensource.org
> http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20260331/3dc5d90c/attachment-0001.htm>
More information about the License-review
mailing list