As its name implies, the GNU Affero General Public License (AGPL) is part of the GNU GPL family, which also includes the LGPL License, GPL v2, and GPL v3. All of these open source licenses are part of Richard Stallman’s GNU Project, a free and open-source operating system and accompanying philosophy regarding the sharing and modification of software.
Like the GPLs, the AGPL is a strong copyleft license. The original Affero GPL was based on GPL v2 and released in 2002 — not by Richard Stallman, but by Henry Poole for his software startup, Affero, Inc. However, Stallman’s Free Software Foundation released its own version, this time based on GPL v3, in 2007, keeping “Affero” in the name as a nod to this history. The new version contained verbiage establishing compatibility between the AGPL and the GNU GPL v3. Today, version 3 is the primary version used.
AGPL is often used as a license for software that is used to provide service over a network, and like other strong copyleft licenses, it has stringent requirements. Read on to learn more about the AGPL, its terms and user obligations, and level of popularity in the OSS community.
The AGPL License: An Overview
The idea behind the AGPL License was to address the “application service provider (ASP) loophole,” which both Henry Poole and Stallman believed existed in the GPL. The ASP loophole meant that software-as-a-service (SaaS) providers and other software that ran primarily over a network were exempt (or could potentially argue exemption) from the terms of the GPL license. This is because they didn’t technically “distribute” it in the traditional sense.
To close this loophole, the GNU AGPL makes it clear that network use counts as distribution of the software. Specifically, the license states:
“The GNU Affero General Public License [...] requires the operator of a network server to provide the source code of the modified version running there to the users of that server. Therefore, public use of a modified version, on a publicly accessible server, gives the public access to the source code of the modified version.”
Let’s say you create a software program. Another developer takes and modifies it, and then provides access to that modification to paying customers through a software-as-a-service model. Under the GPL v3, that modification would essentially become proprietary because it wasn’t technically distributed. Under AGPL, however, that developer would need to make their modified source code available for download.
AGPL License Requirements
The AGPL License is based on GPL v3. It has the same requirements, plus the statement regarding remote access via a network.
Users of AGPL-licensed code must:
- Include a copy of the full license text and the original copyright notice
- State all significant changes made to the original software
- Make available the source code when you distribute any works based on the licensed software
- Include any installation information necessary to update and reinstall the software if the program is being used as part of a consumer device
These requirements are identical to those of GPL v3, other than the source code sharing requirement when the code is modified and made available remotely via a network. The AGPL adds a requirement:
- If you make access to modified software available to users over a network, you must make your source code available to those users.
| Requirement | Description |
|---|---|
| License and Copyright | Include a copy of the full AGPL license text and the original copyright notice with any distribution or network use of the software. |
| Change Documentation | State all significant changes made to the original software when distributing or making modified versions available. |
| Source Code Availability | Make available the complete source code when you distribute any works based on the AGPL-licensed software, including all modifications and derivative works. |
| Network Use (AGPL-Specific) | If you make access to modified software available to users over a network (including SaaS applications), you must make your source code available to those users. This closes the "ASP loophole" present in GPL v3. |
| Installation Information | Include any installation information necessary to update and reinstall the software if the program is being used as part of a consumer device. |
Using the Licensed Code
The AGPL License permits users of the licensed code to:
- Use the code for commercial purposes: Like both GPL v2 and GPL v3, the AGPL imposes no conditions on using the code in software that’s sold commercially.
- Modify the code: Users can change or rework the code, but if they distribute these changes/modifications in any public way (including over a server), they must release these updates in source code form under the AGPL license.
- Distribute copies or modified/updated versions of the code: As long as these modifications are also released under the GNU AGPL, they can be distributed to others.
- Place warranty: Distributors of the original code can offer their own warranty on the licensed software.
The AGPL License does not permit sublicensing of the code; that is, you cannot rework or add to the code and then close those changes off to the public. The “open source-ness” of the original code follows any update or addition. Both GPL v2 and GPL v3 contain this provision as well.
Patent Rights
Like GPL v3 (but unlike GPL v2), the AGPL License includes an explicit grant of patent rights. Essentially, this means that anyone who created or contributed to the original licensed code has “given away” their patent rights with regard to any subsequent reuse of the software under that license.
Compatibility
AGPL isn’t technically compatible with other licenses, including the GPL v3. However, as explained on GNU.org, a developer can combine separate source files and/or modules licensed under GPL v3 and AGPL into a single program.
Use of the AGPL License
Because the AGPL is quite restrictive when it comes to the reuse of the licensed code, developers must think long and hard about how they want others to interact with their software before selecting this license. Are they hoping for widespread adoption of their code by other companies? Do they want any changes to their code to remain public or “open source” in its purest sense?
The GNU Project recommends that any programmer looking to build software that would generally be run over a network consider the AGPL. However, making this decision does come with potential drawbacks. In choosing this particular license, a developer is basically ensuring that no future versions can be made proprietary, which might not make their code popular among commercial software enterprises. (For example, Google has a strict policy prohibiting any use of AGPL-licensed code.) And, with the growing popularity of SaaS as a business model, that developer might be cutting themselves out of a large swath of the market.
One well-known company that previously used AGPL is MongoDB, the popular NoSQL database program. All versions released prior to October 16, 2018, were licensed under the GNU AGPL. However, the company switched to their own Server Side Public License for everything released after that.
Frequently Asked Questions About the AGPL License
What is the AGPL license?
The GNU Affero General Public License (AGPL) is a strong copyleft license that is part of the GNU GPL family. It is based on GPL v3 but adds an additional requirement that closes the "application service provider (ASP) loophole" by requiring that source code be made available when software is accessed over a network, such as in SaaS applications.
What are the main requirements of the AGPL license?
The main requirements of AGPL include: including a copy of the full license text and original copyright notice, stating all significant changes made to the software, making source code available when distributing works based on AGPL-licensed software, making source code available when providing network access to modified versions (AGPL-specific), and including installation information for consumer devices when applicable.
How does AGPL differ from GPL v3?
The AGPL has all the same requirements as GPL v3, with one key addition: if you make access to modified software available to users over a network (including SaaS applications), you must make your source code available to those users. This network use provision is what distinguishes AGPL from GPL v3 and closes the ASP loophole.
What is the ASP loophole that AGPL addresses?
The ASP (Application Service Provider) loophole was a perceived gap in GPL v3 where SaaS providers and other software running over a network could potentially avoid GPL requirements because they didn't technically "distribute" the software in the traditional sense. AGPL closes this loophole by explicitly stating that network use counts as distribution.
Can I use AGPL-licensed code in commercial software?
Yes, the AGPL allows commercial use of the licensed code. Like GPL v2 and GPL v3, the AGPL imposes no conditions on using the code in software that's sold commercially. However, you must comply with all AGPL requirements, including making source code available when providing network access to modified versions.
Do I need to share source code if I use AGPL code in a SaaS application?
Yes, if you modify AGPL-licensed code and make it available to users over a network (including through a SaaS application), you must make your source code available to those users. This is the key requirement that distinguishes AGPL from GPL v3 and is specifically designed to prevent companies from using AGPL code in proprietary SaaS offerings without sharing modifications.
Does AGPL include patent rights?
Yes, like GPL v3 (but unlike GPL v2), the AGPL License includes an explicit grant of patent rights. This means that anyone who created or contributed to the original licensed code has granted patent rights with regard to any subsequent reuse of the software under that license.