[License-review] [EXTERNAL] Re: Review for the NIST Software License
Pamela Chestek
pamela at chesteklegal.com
Fri Jan 9 03:04:01 UTC 2026
As I understand it, there wouldn't be any license needed for use in the
United States since the software is in the public domain in the US, so
the license applies (1) outside of the US and (2) in the US where NIST
could claim that the user contractually accepted the limitations on use
(the obligation to keep the notice and the waiver of warranty) - but
just using the software won't be enough to prove contract, as it does
when the agreement is a true copyright license. But I'm generally not
concerned with whether a license can be enforced, just that, if it can
be enforced, it doesn't have any impermissible restrictions.
I'm a little confused by this statement: "Cases where the work is
copyright-protected would fall under other licenses." Are you saying
that, if there is 3rd party-created software, this license won't be used
for it? The document says "NIST-developed software is provided by NIST
as a public service." This seems like a possible trap, that is, is it an
advisory that there could be software in the bundle that was created by
a contractor that isn't included under this license because it isn't
"NIST-developed," so it's up to the user to somehow figure that out?
It's not great to have it in the license, for that reason. However, it
also could be construed as non-operative language, with the next
sentences giving clear grants, even if some of the software was created
by contractors who have copyright.
In light of the fact that this is a legacy government license I'm
inclined to overlook its flaws, since it's not trying to impose any
unacceptable restrictions. I don't see any reason not to approve it.
Pam
Pamela S. Chestek
Chestek Legal
4641 Post St.
Unit 4316
El Dorado Hills, CA 95762
+1 919-800-8033
pamela at chesteklegal
www.chesteklegal.com
On 1/7/2026 1:35 PM, Hale, Lucas M. (Fed) via License-review wrote:
>
> Hi All,
>
> I finally managed to get meetings rescheduled after the shutdown and
> holidays to get answers to your questions.
>
> First, the primary questions for submission.
>
> 1. Describe what gap not filled by currently existing licenses that
> the new license will fill.
>
> Any open source software created at NIST using federal funding is
> required to use the NIST software license. Software that originates
> primarily from NIST-funded work must operate under US government
> public access policies, which the NIST software license is compliant with.
>
> 2. Compare it to and contrast it with the most similar OSI-approved
> license(s).
>
> The NIST license is close to the MIT license in that it defines the
> copyright scope, usage rights, citation guidelines, and liability
> disclaimers. It differs in that because it is the result of federally
> funded work it is not subject to copyright protection in the US to
> begin with rather than giving the copyright away.
>
> 3. Describe any legal review the license has been through, including
> whether it was drafted by a lawyer.
>
> The license was drafted by the NIST Office of Chief Council and has
> undergone internal review and revisions over the years.
>
> As for other discussion and questions from the thread:
>
> This license is associated with US government-sponsored work that is
> performed by government employees or others working at NIST. As stated
> above and in the license, there is inherently no copyright in the US
> with the associated work due to the US government public access
> policies. However, it does specify usage permissions, terms and
> conditions, and disclaimers to protect against legal liability.
>
> As for outside the US, the https://www.usa.gov/government-copyright
> page has this line: “The U.S. government may assert copyright outside
> of the United States for U.S. government works.” My guess is that this
> allows for export-control over works to target countries, but I’m not
> sure if this is currently being done on public access works.
>
> Cases where the work is copyright-protected would fall under other
> licenses. For the “contractors” exceptions, from what I heard it is
> less of a loophole and more the result of contract negotiations
> between government organizations and external
> contractors/subcontractors. The idea is that the external party has or
> is developing proprietary tools and data that the government wants to
> use, so complex contracts with special provisions and clauses let the
> external party retain copyright control while the government has usage
> rights. But, as stated, that is outside the scope of the license under
> review.
>
> Lucas
>
> *From:*License-review <license-review-bounces at lists.opensource.org>
> *On Behalf Of *Hale, Lucas M. (Fed) via License-review
> *Sent:* Tuesday, September 30, 2025 11:22 AM
> *To:* License submissions for OSI review
> <license-review at lists.opensource.org>
> *Cc:* Hale, Lucas M. (Fed) <lucas.hale at nist.gov>
> *Subject:* [EXTERNAL] Re: [License-review] Review for the NIST
> Software License
>
> Hi reviewers,
>
> I reached out to those in charge of the NIST software policy and will
> meet with them and our Office of Chief Council to discuss and bring
> your questions to them. We’ll hopefully get answers for moving forward
> in regards to both sides.
>
> Note that since a US Government shutdown is imminent and at this
> moment likely, progress on the NIST side may take some time and I
> won’t have email access during the down time. Hopefully it won’t
> happen or be too long, but if you need to table/withdraw the review
> after a time period feel free to do so and we can try again when possible.
>
> Lucas
>
> *From:*Carlo Piana <carlo at piana.eu>
> *Sent:* Tuesday, September 30, 2025 4:58 AM
> *To:* License submissions for OSI review
> <license-review at lists.opensource.org>
> *Cc:* Hale, Lucas M. (Fed) <lucas.hale at nist.gov>
> *Subject:* [EXTERNAL] Re: [License-review] Review for the NIST
> Software License
>
>
>
>
> You don't often get email from carlo at piana.eu <mailto:carlo at piana.eu>.
> Learn why this is important
> <https://aka.ms/LearnAboutSenderIdentification>
>
>
>
> Lucas,
>
> if I understand correctly, this should not technically be a license,
> since the software is not subject to copyright in the USA as far as it
> has been created by NIST employees. I think that if software is not
> given protection in the state of first publication is not protected
> even elsewhere, under the Berne Convention, therefore this is
> basically a dedication to public domain, whose primary scope is the
> liability disclaimer(s).
>
> However, the "provided that you keep intact this entire notice" is
> technically (US lawyers please help) a condition, that means this is a
> license with conditional grant, after all. The other condition-like
> provision uses the verb "should", which is more of an invite, at face
> value.
>
> I do not see anything that would prevent this text to be approved,
> maybe in the "non reusable" category. But could NIST give us their
> position on the above discussion, for the sake of clarity, please?
>
> Cheers
>
> Carlo (in his personal provisional view and capacity)
>
> ------------------------------------------------------------------------
>
> *Da: *"Hale, Lucas M. (Fed) via License-review"
> <license-review at lists.opensource.org
> <mailto:license-review at lists.opensource.org>>
> *A: *"license-review at lists.opensource.org
> <mailto:license-review at lists.opensource.org>"
> <license-review at lists.opensource.org
> <mailto:license-review at lists.opensource.org>>
> *Cc: *"Hale, Lucas M. (Fed)" <lucas.hale at nist.gov
> <mailto:lucas.hale at nist.gov>>
> *Inviato: *Lunedì, 29 settembre 2025 22:13:02
> *Oggetto: *[License-review] Review for the NIST Software License
>
> Hi OSI reviewers!
>
> I would like to submit the National Institute of Standards and
> Technology (NIST) Software license for review to be included in
> your list. This is the primary license that NIST staff are
> expected to use when releasing software.
>
> The license complies with the Open Source Definition, including
> the OSD 3, 5, 6 and 9 criteria.
>
> There are numerous projects using the NIST software. For
> instance, there are 1.3K repositories at
> https://github.com/usnistgov <https://github.com/usnistgov>that
> should all be using the license. As such, it falls under the
> legacy category.
>
> The NIST license is also listed on the main NIST website
> https://www.nist.gov/open/copyright-fair-use-and-licensing-statements-srd-data-software-and-technical-series-publications
> <https://www.nist.gov/open/copyright-fair-use-and-licensing-statements-srd-data-software-and-technical-series-publications>,
> and has an SPDX listing
> https://spdx.org/licenses/NIST-Software.html
> <https://spdx.org/licenses/NIST-Software.html>. Under both sites,
> it is titled “NIST Software License”
>
> Thank you for your time and consideration!
>
> Sincerely,
>
> Lucas Hale
>
>
> _______________________________________________
> The opinions expressed in this email are those of the sender and
> not necessarily those of the Open Source Initiative. Communication
> from the Open Source Initiative will be sent from an
> opensource.org email address.
>
> License-review mailing list
> License-review at lists.opensource.org
> <mailto:License-review at lists.opensource.org>
> http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org
> <http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org>
>
>
> _______________________________________________
> The opinions expressed in this email are those of the sender and not necessarily those of the Open Source Initiative. Communication from the Open Source Initiative will be sent from an opensource.org email address.
>
> License-review mailing list
> License-review at lists.opensource.org
> http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20260108/cd749bb2/attachment-0001.htm>
More information about the License-review
mailing list