[License-review] Request for approval of new "MGB 1.0" license

Barksdale, Marvin mbarksdale at mgb.org
Fri Sep 19 18:56:17 UTC 2025 

Pam:

Thanks for the mark-up version.  By way of our previous submissions, MGB has been explicit in the fact that it  "looks forward to putting the full weight of its internal and external resources behind its Open Science Program Office, the MGB Open Science Digital Hub, and an OSI approved open-source License. "

We hope that it is clear that we remain consistent in viewing the OSI as a welcome partner in this work in supporting our researchers and innovators open source activities.  Although we have consulted with several of our must influential labs  and researchers in the open source community  on MGB 1.0's iterations and received cross-functional institutional approval to implement the latest version, our approach remains to ideally gain OSI approval before announcing the license as default to our workforce that currently spans over 300 individual repository owners on Github.


As the license has not yet gone in production or been announced by our OSPO, we are not creating another license; simply modifying our latest submission to the OSI, as it has now been approved by the institution.


__________________

Marvin Barksdale, JD



________________________________
From: Pamela Chestek <pamela at chesteklegal.com>
Sent: Friday, September 19, 2025 1:56 PM
To: License submissions for OSI review <license-review at lists.opensource.org>
Cc: Barksdale, Marvin <mbarksdale at mgb.org>
Subject: Re: [License-review] Request for approval of new "MGB 1.0" license


        External Email - Use Caution

To the list:

For easier reference, I'm attached a copy marked up with what has changed from the Apache license. The definitions were re-ordered in this license, so a mechanical comparison didn't work, meaning there may be errors in my manual markup.

Strikethrough is what in the Apache license was removed and the highlighting is for the strickethroughs and newly added language.

To Marvin:

I am confused by the naming. You previously submitted "MGB 1.0," which, if I recall correctly, you said was already in use. Are you creating a second "MGB 1.0" license with different text? That's not workable, you'll need to have different names to distinguish the two licenses.

Pam (in my personal capacity)

Pamela S. Chestek
Chestek Legal
4641 Post St.
Unit 4316
El Dorado Hills, CA 95762
+1 919-800-8033
pamela at chesteklegal.com<mailto:pamela at chesteklegal.com>
www.chesteklegal.com<http://secure-web.cisco.com/1clJXsJA3txq3qKrshpwCCn9f_PyQ8wfhhGi-55LIC3_FQjcCa1REvvrPw5ImUgAC6_9yHJ5uWKre7tqcBNMMtIc5Fdc3W1zL9WQEqI0LPFjgn0MIG4KvovpkzmjTwot2T34uhw7BD5MPbrcI4PL4BCbLvfyGTmRgN9swDmSumghPtjkatWISp1Z8kXXKzkkE4AyyO-MutN0AHd0qtQJyeaOcfRH5YZplmyiZSxrrfimOsNd7pDgnyHhX_c4Cwe_hbC0ymPslM92BXYQLkowHC33nl6JVy1w1Cu94lK_OUZhK5GHNgwvZ4XthOC6tjqsl/http%3A%2F%2Fwww.chesteklegal.com>

On 9/19/2025 9:03 AM, Barksdale, Marvin via License-review wrote:
I Marvin Barksdale JD, the license steward and license submitter, attests that this new “MGB 1.0” license complies with the Open Source Definition, including:
OSD 3 – The license must allow modifications and derived works and must allow them to be distributed under the same terms as the license of the original software.
OSD 5 – The license must not discriminate against any person or group of persons.
OSD 6 – The license must not restrict anyone from making use of the program in a specific field of endeavor.
and OSD 9 – The license must not place restrictions on other software that is distributed along with the licensed software. For example, the license must not insist that all other programs distributed on the same medium must be open source software.
License Rationale
The MGB Open Source License 1.0 (“MGB 1.0”) is a permissive open source license that was created to catalyze open source distribution and open science among the health care innovator and research development community, particularly those employed at Academic Medical Centers (AMCs) receiving federal grant funding, such as Mass General Brigham Incorporated (MGB).  AMCs are collectively organized hospitals and laboratories that are integrated with a medical school, featuring a federally regulated mission to provide patient care, train healthcare professionals, and conduct innovative research.  In recent years these complex organizations have evolved to perform several ancillary commercial functions including IP co-development, administration, and out-licensing, all of which aimed to support their central mission of the advancement of medicine.  Aligned with this central mission is the proliferation of open science activity at AMCs, in that many of their researchers and developers have shifted to open collaborative approaches where research data, methodologies, source code and findings are shared at no cost to spur innovation. But, despite the alignment with system goals, AMCs have been slow to adopt open source best practices.    At Mass General Brigham, for example, despite receiving over $77M in NIH funding over the past 10 years to support 200+ software research projects in yielding fruitful open source communities and innovations, instead there is a large silo of health care researchers, clinicians, and developers who operate in the grey areas of open source, NIH, Open Access Journal, and MGB compliance.
The goal of MGB 1.0 is to provide developers who are building innovative technology within highly regulated health care environments with a permissive open source license that incorporates the best practices of digital health licensing, enabling compliant open source collaboration both across and external to AMCs.
Beyond addressing the open data, open source, and open access approaches of digital health researchers and software developers, MGB 1.0 also looks to support the rise of open AI model development that often utilizes sensitive health data for training purposes. Thus, although MGB 1.0 uses a similar licensing approach as Apache 2.0, it expands its applicability to AI models and other shared works and derivatives spanning “model architecture, code, data descriptions, data, and the model weights.” This expanded scope is important because there are few open source licenses in current use that are suitable for releasing AI models and their related artifacts.
Through internal cross-functional approval MGB 1.0 is now the default open source license for emerging MGB research and innovations involving open science, and for over 500 active GitHub repositories authored and / or controlled by MGB clinicians, researchers, labs, and developers. The MGB Open Science Program Office manages the MGB IP Policy pertaining to open source licensing and drives compliance through the promotion of open science best practices.
Legal Analysis
Although MGB 1.0 uses a pro-commercialization, pro-modification, highly compatible licensing scheme similar to Apache 2.0, it is critically different in three ways: clarified patent terms, coverage of AI artifacts, and clarified interaction with data regulation. Licensors of open source software have long struggled with the ambiguities of the patent license grant in Apache 2.0. In this license each Contributor grants a no-charge patent license to the Work, applying to “patent claims that are necessarily infringed by their Contribution(s) or by the combination of their Contribution to the Work.”  As evidenced by the AFL, and later, the GNU v3 licenses, all approved by OSI, there has been a shift in OSI license patent grants to language that “applies only to specific set of patent claims…that are embodied in the in the Original Work as furnished by the Licensor. [They are] not license[s] to the Licensor’s entire patent portfolio.“ [Lawrence Rosen “Open Source Licensing – Software Freedom and Intellectual Property Law” p 189].
As Apache 2.0’s patent grant features a broad patent grant application extending to those claims infringed by the combination of the original Work and a Contribution,  MGB 1.0 builds on Rosen’s focused approach: “claims embodied by the original work,” to explicitly apply to patent claims claiming inventions embodied in contribution. The license also leverages clarifying patent language from Section 2.3 of the Mozilla Public License version 2.0 also approved by OSI.
MGB 1.0 was co drafted by myself, Marvin Barksdale JD, Preston Regehr Esq. of Tech Law Ventures PLLC, and Heather Meeker Esq. of Tech Law Partners LLP before being reviewed and approved for system use by Mass General Brigham’s Office of General Counsel’s IP Group.
Summary
MGB 1.0 provides express licensing provisions that are best practice in digital health, while explicitly preserving opportunities for commercial activity by licensors who are patent portfolio holders and innovators.   To these ends, MGB 1.0 utilizes a clearer approach than the MIT, BSD and Apache 2.0 licenses. Furthermore, MGB 1.0, explicitly contemplates the inclusion of AI model artifacts in the licensed work. Beyond the clarified patent grant, MGB 1.0 also adds HIPAA acknowledgement language that will provide AMC’s and other open source innovators sharing models trained on health data comfort that they can release materials under this license and still comply with law in a heavily regulated field. MGB 1.0 provides developers who are building innovative software within highly regulated health care environments with a permissive open source license that incorporates the best practices of digital health licensing, catalyzing compliant open source collaboration.







The information in this e-mail is intended only for the person to whom it is addressed.  If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Mass General Brigham Compliance HelpLine at https://www.massgeneralbrigham.org/complianceline<https://secure-web.cisco.com/12nLMa0ntuAGIOEuIBXpNjxHJFmn-9q_t3vS2rm1yX25BXFS3mFAnpXqPDdsdVkS0gSZcTKOi4wmeT9LQjmMLntDB96ds3lp-TZparu-8wUdMfW7Htxn_9NyElPYCiJ00DQ_XXu6X9iDihbHeZhM8d3NW0AZejzA7TLCw6vdpfcBrosuAiqf5rT1rvFFIQsLeYz46V4AdYL7Pxcgz04lqNOgJ4hSrkTWoyE_YtfvOIpPTWkkjkbo4hXTkDIgLLCgLnNnuQpcUw2qokgEmZzmGYsgYpLR896OqRyhVkH6xmznPFK4ho13tRrcQAZOIvT-d/https%3A%2F%2Fwww.massgeneralbrigham.org%2Fcomplianceline> .


Please note that this e-mail is not secure (encrypted).  If you do not wish to continue communication over unencrypted e-mail, please notify the sender of this message immediately.  Continuing to send or respond to e-mail after receiving this message means you understand and accept this risk and wish to continue to communicate over unencrypted e-mail.



_______________________________________________
The opinions expressed in this email are those of the sender and not necessarily those of the Open Source Initiative. Communication from the Open Source Initiative will be sent from an opensource.org email address.

License-review mailing list
License-review at lists.opensource.org<mailto:License-review at lists.opensource.org>
http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org<http://secure-web.cisco.com/1WS-KFozntvEXPX81G7vX-kmaP1gZdboBYFNF8pHwcG1RMKius24DSzSSZNTDya3ovOwkgaNf4xEzdLOVC9r_cXqocMsjsX8cmUpQiLtCz_nOhoiR8lnsh_Npe0p52SrtbwMJkIU9qADxhUoHJjsGN8ZoJ7mlxGkkGYQSlFYRx5VPmY5VL646y-NkgeKCdqM0P6fXKfkbVXAs1ffleHiwZkGBEIRVCZIDZDihg-8og4OoF0Djzr6wOwf8RyjEPlxl_e4QlUBoVrvZAkrSmojTliwfDeZfDESdj4XPgJ6mliqFjlXgDXrHV-9bmHUc63GZ/http%3A%2F%2Flists.opensource.org%2Fmailman%2Flistinfo%2Flicense-review_lists.opensource.org>


The information in this e-mail is intended only for the person to whom it is addressed.  If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Mass General Brigham Compliance HelpLine at https://www.massgeneralbrigham.org/complianceline <https://www.massgeneralbrigham.org/complianceline> .
Please note that this e-mail is not secure (encrypted).  If you do not wish to continue communication over unencrypted e-mail, please notify the sender of this message immediately.  Continuing to send or respond to e-mail after receiving this message means you understand and accept this risk and wish to continue to communicate over unencrypted e-mail. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20250919/15d496c5/attachment-0001.htm>

More information about the License-review mailing list