OpenPCC: True Openness

We are open-sourcing OpenPCC because we believe real AI privacy infrastructure must be built in the open, and we’re doing so in a way that cannot be rewritten after the fact. Before I explain the specifics, I want to describe the problem: open-source has had some rugpulls recently. So, let’s go back to the beginning…

What Open-Sourcing Means to Us

Richard Stallman formalized the concept of copyleft, a cheeky inversion of copyright, in his GNU Manifesto of 1985. The intention of copyleft was to afford the redistribution of modified open code, with the requirement that modified code must be shared with the same openness as the original - a “viral” guarantee of openness. As the open-source movement professionalized in the 1990s, companies wanted to participate without surrendering the ability to manage misuse of their software. Contributor License Agreements (CLAs) emerged as the balance between open contribution and legally enforceable contributor accountability, allowing companies to accept open patches from volunteers while preserving the right to defend or relicense their work.

CLAs, though intended to nurture open-source flourishing, violate a core principle of copyleft: participant parity. As CLAs have evolved in complexity, new clauses allow project authors to change the licenses of their projects at any time. CLAs have become a loophole for businesses to claim their projects’ openness, only to walk these principles back when convenient. For example:

• HashiCorp did this with Terraform, moving to the Business Source License 
• Elastic and MongoDB followed similar paths with SSPL variants, defending their decisions with legal logic while abandoning the principles that built their user base
• Redis, moving from BSD-3 to SSPL/RSAL, prompted users to fork Valkey under the Linux Foundation to preserve a truly open-source alternative

These relicensing decisions are enabled by CLAs. While legally entitled to do so, each of these companies has violated the trust of their users, who assumed immutable use conditions. One could argue that these users should have read the fine print of these licenses; we find this argument condescending. Again, Stallman’s intention for copyleft was a guarantee of openness, parity, and trust between contributor and maintainer.

How We’re Open-Sourcing OpenPCC

True to our values, OpenPCC does not have CLAs. Confident Security cannot renege on our promise of open-source access to OpenPCC. Our protocol, shared libraries, and client implementations will remain Apache 2.0. Our compute server implementation will remain under the Functional Software License. Finally, we’re moving OpenPCC under a nonprofit entity and charter so that it remains independent and mission-aligned.

Why not AGPL? Or SSPL? 

Licenses like AGPL or SSPL enforce open collaboration with that “viral” guarantee of openness. Users who touch AGPL and SSPL code are not only required to reveal their own code but also to relicense their codebase to these standards. This requirement creates a chilling effect: organizations that might otherwise adopt or contribute to a project steer clear to avoid legal entanglement. Paradoxically, these licenses meant to guarantee freedom have suppressed the collaboration they try to encourage.

The Apache 2.0 License is a permissive, or Berkeley Software Distribution (BSD)-style, license and doesn’t have that problem. Projects like Kubernetes, Airflow, Beam, and countless machine learning frameworks have been licensed under Apache 2.0 and have flourished as building blocks for open-source communities as a result.

Companies that walk back openness or use coercive licenses often justify these decisions as survival. We believe these products’ value is fragile. When a company’s moat is their license, the product has already failed. Our confidence in OpenPCC comes from the opposite view: that its strength increases when others can inspect, expand, and challenge it. Real standards emerge when anyone can engage with them in their fullest capacity. And we intend for OpenPCC to become the default standard for private AI infrastructure.