As more software is delivered through the cloud, traditional open source licenses like the GPL have shown a major gap: the SaaS loophole. This refers to a scenario where companies use open source software to power a web-based service without ever distributing the software itself — and therefore avoid the obligation to share their modifications.
What Is the SaaS Loophole?
Under most classic copyleft licenses, such as the GPLv2 or GPLv3, the requirement to share source code is only triggered when the software is distributed. In a Software-as-a-Service (SaaS) model, the software runs on a company’s servers, and users access it over the web — without any distribution of the code. This allows companies to benefit from OSS while keeping their improvements proprietary.
Licenses That Close the Loophole
To address this, new license models have emerged that specifically target cloud use cases.
1. Affero General Public License (AGPL)
- Key Feature: Requires companies to share source code if users interact with the software over a network, not just when it’s distributed.
- Use Case: Common in backend tools like databases, CMS platforms, and developer frameworks where companies might offer hosted versions.
- Impact on Business: Using AGPL-licensed software internally is fine, but if you provide public access (e.g., via a web app or API), you may need to publish your code — which can conflict with closed-source business models.
2. Server Side Public License (SSPL)
- Created By: MongoDB, as a stricter alternative to the AGPL.
- Key Feature: Requires not just the release of source code for the core software, but also for any infrastructure code used to offer it as a service.
- Impact on Business: SSPL is intentionally incompatible with most commercial SaaS strategies. It’s not considered an open source license by the OSI, which limits its adoption but makes it an effective business protection tool for vendors.
3. Business Source License (BSL)
- Created By: MariaDB and others.
- Key Feature: Code is source-available but not open source under OSI definitions. After a set period (e.g., 3 years), it becomes open source under a permissive license.
- Impact on Business: BSL gives companies more control during early product cycles while committing to eventual openness. It blocks competitors from offering hosted versions without a commercial agreement.
What This Means for SaaS Companies
If you operate a SaaS business or plan to offer any kind of hosted service, it’s essential to:
- Review all OSS dependencies for AGPL or SSPL licenses
- Avoid integrating OSS with viral SaaS-trigger clauses unless you’re ready to open source your own platform
- Consider the strategic use of source-available licenses if you’re releasing your own software
Final Thoughts
The SaaS loophole reflects the changing realities of software delivery. While open source remains a cornerstone of innovation, newer licenses are evolving to protect creators in the cloud era. Whether you’re consuming or producing OSS, understanding these modern licensing approaches is key to managing risk and aligning with your business goals.
Leave a Reply