Computer Software License: Types, Terms, and Compliance
Understand computer software licenses, from proprietary to open source. Learn license types, key terms, compliance obligations, and how to choose.
A computer software license is the legal framework that governs how software can be installed, used, modified, and distributed. Every piece of software you use, from the operating system on your laptop to the SaaS tools your team relies on, operates under a license agreement. Understanding these licenses is essential for any business that builds, buys, or integrates software.
This guide covers the major categories of computer software licenses, the key terms you need to understand, compliance obligations, and how to choose the right license for your own software. This content is educational and does not constitute legal advice. Consult a qualified attorney for guidance specific to your situation.
What Is a Computer Software License
A computer software license is a legally binding agreement between the software creator (or rights holder) and the end user. It defines what the user is permitted to do with the software and what is prohibited.
Under the Berne Convention, which 181 countries have signed, the creator of a work holds exclusive copyright automatically. Without a license, anyone who obtains software has no legal right to use it beyond what is implied by the purchase. The license is what grants permission.
Every computer software license answers these fundamental questions:
- Who can use it? A single person, a set number of users, an entire organization, or anyone.
- How can it be used? Personal use, commercial use, educational use, or without restriction.
- Can the code be modified? Some licenses allow full modification. Others prohibit any changes.
- Can it be redistributed? Proprietary licenses forbid redistribution. Open-source licenses permit it, sometimes with conditions.
- What liability does the creator accept? Nearly all licenses disclaim warranties and cap liability.
- When does the license expire? Perpetual licenses last indefinitely. Subscription licenses end when payments stop.
The specific answers to these questions vary enormously depending on the license type, which is why understanding the categories matters.
Types of Computer Software Licenses
Computer software licenses fall into distinct categories, each with different rights, obligations, and use cases. Choosing the wrong license, whether for software you are acquiring or software you are publishing, can create significant legal and operational problems.
Proprietary licenses
Proprietary licenses are the most restrictive category. The source code is not shared, modification is prohibited, and redistribution is forbidden. The user receives only the specific rights the vendor grants.
Common proprietary licensing models:
- Per-user (per-seat): Each individual user needs a separate license. Microsoft 365 and Adobe Creative Cloud follow this model.
- Per-device (node-locked): The license is tied to a specific machine. Common for embedded systems, industrial software, and point-of-sale applications.
- Enterprise (site license): A single agreement covers all users within an organization. These are typically negotiated directly with the vendor and include volume discounts.
- OEM (Original Equipment Manufacturer): Software is bundled with hardware and cannot be transferred to a different device. The Windows license that comes with a new laptop is a common example.
- Concurrent (floating): A set number of licenses are shared across a larger user pool. Any user can access the software, but only the licensed number can use it simultaneously.
Permissive open-source licenses
Permissive licenses grant broad rights with minimal obligations. They allow commercial use, modification, and redistribution, typically requiring only that the original copyright notice and license text are preserved.
The most widely used permissive licenses:
- MIT License: The most popular license on GitHub. Allows virtually any use with a single requirement: include the copyright notice and license text.
- Apache License 2.0: Similar to MIT but adds an explicit patent grant protecting users from patent claims by contributors. Requires a NOTICE file and documentation of changes.
- BSD Licenses: The 2-clause BSD allows broad use with attribution. The 3-clause version adds a non-endorsement clause preventing use of the project's name for promotion without permission.
Copyleft open-source licenses
Copyleft licenses allow the same freedoms as permissive licenses but add a critical condition: derivative works must be distributed under the same license terms. This ensures that modifications remain open.
Key copyleft licenses:
- GNU General Public License (GPL) v3: Permits commercial use and modification but requires that distributed derivative works also carry the GPL. Source code must be made available.
- GNU Lesser General Public License (LGPL): Designed for libraries. Applications that link to an LGPL library can remain proprietary, but modifications to the library itself must be released under the LGPL.
- GNU Affero General Public License (AGPL): Extends the GPL to network use. If you modify AGPL software and offer it as a web service, you must release your source code even though you never distribute a binary.
- Mozilla Public License (MPL) 2.0: A file-level copyleft. Modified files must stay under the MPL, but they can be combined with proprietary code in a larger project.
Public domain and dedication licenses
These licenses waive all restrictions entirely:
- CC0 (Creative Commons Zero): The creator waives all rights to the fullest extent permitted by law. Anyone can use the software for any purpose. SQLite, one of the most deployed databases in the world, uses a public domain dedication.
- Unlicense: Similar to CC0, explicitly placing the software in the public domain with a fallback permissive license for jurisdictions that do not recognize public domain dedication.
Key Terms in a Computer Software License Agreement
Whether you are reviewing a license for software your business will use or drafting one for software you are building, these clauses carry the most weight.
Grant of rights
This clause defines exactly what the user may do. A well-drafted grant specifies:
- Whether the license is exclusive or non-exclusive
- The number of authorized users, devices, or installations
- Whether commercial use is permitted
- Whether modification and redistribution are allowed
- Geographic or industry-specific restrictions, if any
Restrictions and prohibited uses
Most proprietary computer software licenses include a list of prohibited activities:
- Reverse engineering, decompiling, or disassembling the software
- Removing or altering copyright notices or license headers
- Using the software to build a competing product
- Sublicensing or transferring the license without permission
- Exceeding the authorized number of users or installations
Note that in the EU, the Software Directive (2009/24/EC, Article 6) allows decompilation for interoperability purposes regardless of what the license states. This right cannot be contractually waived.
Intellectual property ownership
A license grants permission to use, not ownership. The licensor retains all intellectual property rights in the software. This distinction matters in bankruptcy proceedings, corporate acquisitions, and IP litigation. If the licensor goes bankrupt, the licensee's rights depend on the terms of the agreement and applicable law (such as Section 365(n) of the US Bankruptcy Code, which provides some protection for intellectual property licensees).
Warranty disclaimers and liability limitations
Nearly every computer software license, whether open source or proprietary, includes a warranty disclaimer. The standard formulation is "AS IS" with no warranties of any kind. Liability is typically capped at the amount paid for the license, or excluded entirely for indirect, consequential, and incidental damages.
For consumer-facing software in the EU, the Digital Content Directive (2019/770/EU) limits how far vendors can disclaim warranties. Digital content must conform to the contract and be fit for purpose for at least two years.
Termination provisions
Licenses specify the events that end the agreement:
- Material breach of any license term
- Non-payment for subscription or maintenance agreements
- Insolvency or dissolution of the licensee
- Expiration of the license period
Post-termination obligations typically require the licensee to stop using the software, delete all copies, and certify destruction. Some agreements allow a data export period before access is cut.
Audit rights
Enterprise software vendors frequently include audit clauses allowing them to inspect the licensee's usage. Oracle, SAP, IBM, and Microsoft all actively enforce these rights. Non-compliance discovered during an audit can result in back-licensing fees that reach millions of dollars, plus penalties and legal costs.
How to Choose the Right Computer Software License
If you are publishing software, the license you choose should align with your goals for the project.
Maximum adoption
Choose a permissive license (MIT, Apache 2.0, or BSD). These impose the fewest restrictions, which encourages integration into both open-source and commercial projects. Companies are more willing to adopt MIT-licensed code because there is no copyleft obligation that could affect their proprietary codebase.
Privacy Policy Generator
Create a comprehensive privacy policy for your website or app. Create yours in minutes with TermsBox.
Generate NowKeeping derivatives open
Choose the GPL or AGPL. The copyleft requirement ensures that anyone who distributes a modified version must release their source code. The AGPL is particularly important for server-side software because it closes the "SaaS loophole" where companies modify GPL software, offer it as a hosted service, and never distribute a binary.
Library protection
The LGPL strikes a balance for libraries. Other developers can link against your library in proprietary software without triggering copyleft for their entire application. Only modifications to the library itself must be shared.
Full commercial control
Use a proprietary license. This gives you complete control over distribution, modification, and pricing. Proprietary licenses should be drafted or reviewed by a legal professional, especially if you sell to enterprises, handle personal data, or operate across jurisdictions.
If your software collects any user data, you will also need a compliant privacy policy. Laws like GDPR Article 13 and the CCPA (California Civil Code Section 1798.100) require clear disclosure of data collection practices, and a software license alone does not satisfy those requirements.
Computer Software License Compliance for Businesses
Using software without complying with its license terms creates real legal and financial risk. License compliance is not just a legal obligation; it is an operational discipline.
Common compliance failures
- Exceeding seat counts: Installing per-user software on more devices than licensed. This is the most frequent finding in vendor audits and the easiest to prevent with proper tracking.
- Ignoring copyleft requirements: Incorporating GPL-licensed code into a proprietary product without releasing source code. The Software Freedom Conservancy and the Free Software Foundation both pursue enforcement actions.
- Mixing incompatible licenses: Combining code under licenses with conflicting terms. For example, GPL v2-only code cannot be combined with Apache 2.0-licensed code because the patent clause in Apache 2.0 is considered an "additional restriction" under GPL v2.
- Using terminated or expired licenses: Continuing to run software after a subscription lapses or after a license has been terminated for breach.
- Stripping attribution: Most open-source licenses require preserving copyright notices and license text in distributions. Removing them violates the license even if you comply with every other term.
Building a compliance program
Effective license compliance requires ongoing effort, not a one-time audit:
- Maintain a software inventory: Track every piece of software in use, the license type, seat count, and renewal dates. Update the inventory when new tools are adopted or old ones retired.
- Use automated scanning tools: Products like FOSSA, Snyk, and Black Duck scan your codebase for open-source dependencies and flag license conflicts before they become legal issues.
- Establish an approval workflow: Require developers to get approval before adding new open-source dependencies, especially those with copyleft licenses that could affect your proprietary code.
- Conduct regular internal audits: Review your software inventory at least annually. Dependencies change as developers add libraries, update packages, and integrate third-party services.
- Document everything: Retain records of all license purchases, agreements, approvals, and audit correspondence. These records are your primary defense during an external audit.
Computer Software Licenses and Data Privacy
Software licensing and data privacy intersect in ways that many businesses overlook.
Data collection by licensed software
Many software products collect telemetry data, usage analytics, crash reports, and diagnostic information. The software license may reference this, but the details typically appear in a separate privacy policy or data processing agreement.
Under GDPR Article 13, the software vendor must inform users about what personal data is collected, why it is collected, who processes it, and how long it is retained. Under CCPA Section 1798.100, California residents have the right to know what personal information a business collects and to request its deletion.
Data processing agreements
If you use cloud-based software that processes personal data on your behalf, GDPR Article 28 requires a Data Processing Agreement (DPA) between you and the vendor. The DPA should specify:
- Categories of personal data processed
- Purpose and duration of processing
- Security measures in place
- Sub-processor lists and notification procedures
- Breach notification timelines
SaaS and cross-border considerations
Cloud software raises additional questions about data sovereignty. GDPR Chapter V restricts transfers of personal data outside the EU/EEA unless adequate safeguards exist (such as Standard Contractual Clauses or an adequacy decision). When evaluating a SaaS vendor, ask where your data is stored, whether you can choose a data region, and what happens to your data if you cancel.
If your own website or application uses third-party software that sets cookies or processes visitor data, you need to disclose that in your privacy policy and cookie policy. A compliance platform like TermsBox can scan your site to identify these third-party integrations and help you generate accurate compliance documents reflecting your site's actual behavior.
Open-Source License Comparison Reference
Understanding the differences between major open-source licenses helps you make informed decisions about which components to use and which to avoid.
Permissive licenses (MIT, BSD, Apache 2.0)
- Include the original copyright notice and license text in all distributions
- Apache 2.0 specifically: include a NOTICE file if one exists, document changes to licensed files, receive an explicit patent grant
- No requirement to share source code of derivative works
- Commercial use, modification, and redistribution all permitted without restriction
Weak copyleft (LGPL, MPL 2.0)
- Modified files of the licensed component must be released under the same license
- LGPL: applications that only link to the library without modifying it can remain proprietary
- MPL 2.0: copyleft applies at the individual file level, not the entire project
- Must provide source code of the licensed component upon request
Strong copyleft (GPL v2, GPL v3, AGPL)
- Any distributed derivative work must carry the same GPL version (or a compatible one)
- Source code of the entire combined work must be made available to recipients
- GPL v3 adds an explicit patent grant and anti-tivoization provisions
- AGPL extends the source code requirement to software offered over a network, even without traditional distribution
- Commercial use is fully permitted, but copyleft obligations follow the code
Emerging Trends in Software Licensing
The software licensing landscape continues to evolve as business models and technology change.
Source-available licenses
Several high-profile open-source projects have adopted "source-available" licenses that allow viewing and limited use of the source code but restrict commercial hosting by competitors. Examples include the Business Source License (BSL) used by MariaDB and HashiCorp, and the Server Side Public License (SSPL) used by MongoDB. These licenses are not approved by the Open Source Initiative and cannot be called "open source," but they represent a growing middle ground.
License changes and community impact
When established projects change their license, the impact ripples through the ecosystem. Redis switched from BSD to a dual license (RSALv2 + SSPLv1) in 2024. HashiCorp moved Terraform from MPL 2.0 to BSL in 2023, which led to the community fork OpenTofu under the Linux Foundation. These events underscore the importance of evaluating license stability when choosing dependencies.
AI and software licensing
The use of AI-generated code raises unresolved licensing questions. If a code generation model was trained on GPL-licensed code, does its output carry the GPL? Courts have not yet provided definitive answers. The safest approach is to review all AI-generated code for license compliance before integrating it into production, treat it as you would any other third-party contribution, and document its origin.
Frequently Asked Questions
What is a computer software license?
A computer software license is a legal agreement between the software rights holder and the user that defines how the software may be installed, used, copied, and distributed. Without a license, default copyright law applies, which generally prohibits any use beyond what was explicitly purchased. The license establishes the scope of permitted use, restrictions, warranty terms, and liability limitations.
What are the main types of computer software licenses?
The main types are proprietary licenses (per-user, per-device, enterprise, OEM), permissive open-source licenses (MIT, Apache 2.0, BSD), copyleft open-source licenses (GPL, LGPL, AGPL), and public domain dedications (CC0, Unlicense). Proprietary licenses restrict usage to what the vendor grants. Open-source licenses allow use, modification, and redistribution under varying conditions.
Can I use open-source software in a commercial product?
Yes, but the obligations depend on the license type. Permissive licenses (MIT, Apache 2.0, BSD) allow commercial use with minimal requirements, usually just attribution. Copyleft licenses (GPL, AGPL) also allow commercial use but require you to release the source code of derivative works under the same license. Always review the full license text before integrating any open-source component into a commercial product.
What happens if you violate a computer software license?
Consequences range from license termination to copyright infringement lawsuits. Under US copyright law (17 U.S.C. Section 504), statutory damages for willful infringement can reach $150,000 per work. In the EU, Directive 2004/48/EC allows for injunctions, damages, and seizure of infringing copies. Companies like the Software Freedom Conservancy actively enforce GPL violations, and enterprise vendors such as Oracle conduct license audits that can result in back-licensing fees of millions of dollars.