GitHub
Documentation
Community
Marketplace
MOSIP Licence – Why MPL 2.0?
Policy & Legal
|
Swarathmika Kumar
|
16 MAY 2024
16 MAY 2024

At the heart of MOSIP's mission lies a commitment to openness, and that journey begins with a meticulous exploration of the open-source landscape. The pivotal decision of choosing a licence determines collaborative interactions and protection against proprietary entanglements. While choosing a licence, we aimed to strike a delicate balance, encouraging contributions both into and out of MOSIP, while adhering to our ethos of preventing vendor lock-in. 


In the landscape of digital innovation, most laws across the world permit protection in the form of copyright rather than patents. In the case of software, if no specific licences are mentioned – all rights are reserved. Essential components of the bouquet of rights that a copyright grants are the right to reproduce, distribute, perform, display or create derivative versions of the work. 


Licences act as the protectors in the software domain, determining how code is shared and utilised. Within the expansive realm of open-source licences, MOSIP considered all three types of open-source licences: permissive, middle ground, and copyleft.


01 Permissive licences


Permissive licences offer extensive flexibility in redistribution of source code by allowing all modifications to be shared under any licence of choice, including the creation of proprietary derivative works. This means that software under a permissive licence can be freely altered, copied, expanded upon, or reduced without any obligation to share those modifications under the same licence. Developers have the liberty to take permissively-licenced software, customise it through changes or additions, and choose whether to share the modified version under the same licence or switch to another open-source licence, or even migrate to a proprietary licence.


For the MOSIP platform, a more permissive licence might make it easier for external entities to take the MOSIP code, make enhancements, and keep the whole of the enhanced version proprietary. Such a trajectory would stand in contrast to our mission-driven objectives, which prioritise broad accessibility, collaboration, and a community-driven development approach. 


Since permissive licences permit the creation of proprietary derivative works without the obligation to share modifications, it raised concerns about vendor lock-in, another predicament counterproductive to our initial goals. The risk is that users may become reliant on a specific proprietary version of MOSIP, hindering interoperability and collaborative contributions. Opting for a slightly more restrictive licence helps mitigate this risk by mandating contributions back to the open-source community.


02 Copyleft licences 


A copyleft licence allows users to access and change the source code while limiting redistribution through specific restrictions. These licences dictate that modified versions must retain identical permissions as the original code, and require any derivative work to be distributed only under the same copyleft licence. In practical terms, this means developers modifying or extending the original software must share the source code of those changes under the same licence as the original source code when redistributing software that includes copyleft-licenced code.


For MOSIP, adopting a copyleft licence would necessitate private commercial players, involved in providing specific identity solution components such as biometrics or registration features, to release their entire solution under the same licence – an undertaking they might be reluctant to pursue. This requirement could also hinder their relationship with counties, as the latter would sometimes prefer to have their customisations reserved solely for their country, making copyleft an unsuitable choice. 


03 Mozilla Public licence 2.0: The Middle Ground Solution


Mozilla Public licence 2.0 is considered a weak copyleft licence, offering a middle ground that avoids the extremes at either end; complete flexibility or strict sharing policies. MPL 2.0 allows for this flexibility by placing restrictions at the file level, ensuring MOSIP's core remains open source while enabling commercial players to tailor solutions to specific needs of counties. This is done by requiring developers to redistribute the source code that was made available to them under MPL 2.0 while allowing file level changes or modifications that they added to be redistributed under any other licence of choice. In other words, MOSIP becomes a digital canvas, open for collaboration and innovation, yet tailored to the unique needs of different regions. 


Beyond the code, MPL 2.0 introduces layers of legal intricacies, including liabilities. Apart from a general disclaimer, it explicitly denies any guarantee of merchantability, fitness for a specific purpose, and non-infringement. In legal terms, if a downstream user intends to incorporate open source software into a larger product, they must ensure no losses occur and obtain permission to modify the software accordingly. The MPL 2.0 allows the downstream user to assess their rights with the licenced software while safeguarding the licensor against warranty and merchantability claims. By requiring the downstream user to secure permissions for derivative software publication, MOSIP avoids liability for potential misuse and third-party claims.


MOSIP operates within a larger open-source community, fostering collaboration through MPL 2.0. This licence ensures interoperability with various licences, enabling seamless integration of diverse projects with MOSIP. Specifically, MPL 2.0 promotes interoperability between Apache and GPL licences, facilitating integration of open-source use cases with MOSIP. In instances where direct interoperability is not present, specific permissions can be sought under other licences to encourage collaboration.


---


Sustainability for Digital Public Infrastructures (DPIs) involves allowing a robust commercial ecosystem to flourish around the core platform, necessitating a largely permissive licence. However, essential restrictions are necessary to prevent the entire platform from becoming a proprietary derivative, avoiding issues of vendor lock-in. Based on MOSIP's experiences with adoptions and integrations under the MPL 2.0, it has become evident that this licence strikes the right balance for DPIs. MPL 2.0, for MOSIP, goes beyond being a mere licence choice; it becomes a strategic decision to shape a future where DPIs are open, collaborative, and tailored to diverse user needs globally.
profile-img
Swarathmika Kumar
Associate – Legal and Policy
https://www.linkedin.com/in/swarathmika-kumar-665074a1/
Open-Source
Licence
linked-in
twitter
facebook
blog-2
Previous Post
Strengthening Women’s Access to Development via Digital ID Systems
Academia 8 min
Next Post
Securing Identities: The Role of Uniqueness Checks in Identity Systems
Technology 6 min
blog-2
Supported by:
footer images
footer images
footer images
footer images
Incubated by
Contact Us
info@mosip.io
26/C, Electronic City, Hosur
Road, Bangalore - 560100. 
+91 8041407777
Quick Links:
Privacy Policy
IP Policy
Supported by:
footer images
footer images
footer images
footer images
Contact Us
info@mosip.io
26/C, Electronic City, Hosur Road, Bangalore - 560100. 
Quick Links:
Privacy Policy
IP Policy
Incubated by