In today’s post, we’ll explore the details of a popular permissive open source license: the Apache License 2.0. While the MIT license and the Apache License 2.0 are quite similar, there are some key differences. Read on to learn more about the license, how it compares to potential alternatives, and what users are permitted to do with the licensed code.
Apache License 2.0 Provisions
Open source licenses come in two flavors: permissive and copyleft. The Apache License 2.0 is in the permissive category, meaning that users can do (nearly) anything they want with the code, with very few exceptions.
However, unlike that of the MIT license, the text of the Apache License 2.0 is quite dense and difficult to read. You can read it here, but be warned — it’s fairly heavy on the legal terminology. Below, we’ll break it down into more digestible language.
What Are Apache License 2.0 Requirements?
Anyone who uses open source software licensed under Apache 2.0 must include the following in their copy of the code, whether they have modified it or not:
- The original copyright notice
- A copy of the license itself
- If applicable, a statement of any significant changes made to the original code
- A copy of the NOTICE file with attribution notes (if the original library has one)
The third requirement listed above is a major differentiator between the Apache License 2.0 and other permissive licenses. If you make any major modifications to the licensed code, you must disclose those changes in any updated version that you distribute.
However, you do not need to release the modified code under Apache 2.0. Simply including any modification notifications is enough to comply with the license terms.
Using the Licensed Code
The Apache License 2.0 outlines what users are allowed to do with the licensed code. Under this license, users can:
- Use the code commercially: Companies can include the licensed code in proprietary software that they then sell to customers.
- Alter the code: Developers are permitted to make modifications to the original code.
- Distribute any copies or modifications of the code: An individual or organization is allowed to copy and/or update the code, then make that version available to others (even commercially).
- Sublicense the code: A company can distribute their reworked version of the code under a stronger license.
- Use patent claims: Under the terms of the Apache License 2.0, contributors to the code explicitly grant patent rights to users (although experts believe that the language of other permissive licenses also grants such rights).
- Place warranty: Users of the open source code can place a warranty on the licensed software.
And while there are no restrictions on the code, there are a few caveats to keep in mind. For example, the license states that users cannot hold contributor(s) legally liable for any reason. Also, the license does not grant you any rights to use the trademarks of the licensor.
Apache License 2.0 vs. Other Permissive Licenses
Let’s compare Apache to two popular alternatives: the MIT license and the BSD license.
What's the Difference Between Apache License 2.0 and the MIT License?
These two OSS licenses are extremely similar. One exception is that Apache 2.0 requires users to state any significant changes they make to the original code. They don’t need to reveal their source code, but must include modification notifications.
Another difference between the two is the express patent license. While there is some ambiguity about whether a non-explicit patent license exists under MIT, there is none when it comes to the Apache License 2.0. The language of the license makes the grant of patent rights extremely clear.
What's the Difference Between Apache License 2.0 and the BSD License?
Here’s a bit of interesting history: An earlier version of the Apache License (Apache License version 1.1) was virtually identical to the BSD License. In 2004, however, the current 2.0 version came out, with two key additions: the explicit grant of patent rights and clear definitions of each term (“Work,” “Contributor,” “Licensor,” etc.). The resulting license leaves less room for ambiguity than both the MIT and BSD licenses.
Using the Apache License 2.0
The Apache License 2.0 offers a number of permissions and protections that make it appealing to developers and commercial enterprises alike.
For Developers
Why might an open source developer select the Apache License 2.0 for their project? Like the MIT license, the Apache License 2.0 is easy to add to your code, letting you get your OSS out into the market ASAP. Plus, companies are able to use your code in their commercial applications without major disruption, meaning you could get your project into the hands of big-time software companies.
Another major incentive is the clear grant of patent rights, which gives users a sense of security and comfort. The license is also backed by the well-respected Apache Software Foundation. The name alone gives potential users peace of mind, and the license’s popularity means that your target audience likely already understands and trusts the protections it affords. Finally, the thoroughly defined terms of the license lay out exactly what one can and can’t do with the software, fostering confidence and clarity for users.
The main reason developers choose permissive licenses other than Apache 2.0 is a controversy about whether it is compatible with GPL v2. When developers create code to be used in a GPL v2 product, they usually choose MIT instead.
For Companies
Companies incorporate OSS licensed under Apache 2.0 for several reasons. One is the explicit grant of patent rights, which provides additional legal protection and reduces the risks of lawsuits. For startup companies that can’t afford an expensive legal challenge, this is especially important.
And, of course, the Apache License 2.0 does not require a company to release their code modifications, just list the significant changes. Most organizations want to keep their software’s “secret sauce” out of competitors’ hands, and this license allows them to do so.
Well-Known Uses of the Apache License 2.0
Kubernetes, one of the most popular open source software options for container management, scaling, and deployment, is licensed under Apache 2.0. Other notable OSS projects that use this license include iOS programming language Swift, JavaScript-based PDF rendering platform PDF.js, and machine learning library TensorFlow.
Frequently Asked Questions About the Apache License 2.0
What is the Apache License 2.0?
The Apache License 2.0 is a permissive open source software license that allows users to freely use, modify, and distribute code with minimal restrictions. It's one of the most popular open source licenses, used by projects like Kubernetes, TensorFlow, and Swift.
Can I use Apache 2.0 licensed code in commercial software?
Yes, the Apache License 2.0 explicitly allows commercial use. You can incorporate Apache-licensed code into proprietary software, modify it, and sell it, as long as you include the copyright notice, license text, and any required modification statements.
Do I need to share my modifications to Apache 2.0 licensed code?
No, you don't need to share your source code modifications. However, you must include a statement describing any significant changes you made to the original code when you distribute your version. You don't need to release your modifications under Apache 2.0.
Is the Apache License 2.0 compatible with GPL?
Apache 2.0 is compatible with GPL v3, but there's controversy about its compatibility with GPL v2. The Free Software Foundation considers Apache 2.0 incompatible with GPL v2 due to patent termination clauses. For GPL v2 projects, developers often choose MIT instead.
What are patent rights in the Apache License 2.0?
The Apache License 2.0 explicitly grants patent rights to users, meaning contributors grant a license to any patents they hold that are necessary to use the code. It also includes a defensive termination provision that terminates patent rights if you file a patent lawsuit against the code.
What is a NOTICE file in Apache 2.0?
A NOTICE file contains attribution notes that must be included when you distribute Apache 2.0 licensed code. If the original library includes a NOTICE file, you must include it (or relevant portions) in your distribution, even if you modify the code.
Why is the Apache License 2.0 popular?
The Apache License 2.0 is popular because it provides explicit patent protection, is backed by the respected Apache Software Foundation, offers clear legal definitions, and allows commercial use while maintaining some attribution requirements. It's widely trusted by both developers and enterprises.
For more information on software licensing trends, you can check out this recent webinar with leading OSS license compliance expert Heather Meeker on the intersection between AI and license compliance.