Llama, Mistral, DeepSeek, and Qwen are the four most deployed open-weight model families right now. All of them get called “open source” routinely. None of them are, in any consistent legal sense, and each one carries different commercial restrictions.
Here’s the thing about that badge on Hugging Face: it’s metadata, not a legal grant. Research from February 2026 found that 96.5% of datasets and 95.8% of models are missing the licence text needed to make their permissive label actually mean anything. Only 3.2% of models satisfy both requirements.
This article compares the actual licence terms: what’s permitted commercially, what thresholds trigger obligations, which models qualify for EU AI Act open-source exemptions, and what to check before you approve anything for production. For the foundational context, see open AI supply-chain licensing risk and permissive-washing in AI explained.
Why does “open source” mean different things for Llama, Mistral, DeepSeek, and Qwen?
“Open source” has a specific legal meaning from the Open Source Initiative (OSI): free redistribution, access to source, the right to create derivative works, no prohibited use cases. MAU thresholds and commercial agreement requirements above a user count are not compatible with that definition.
What most “open” AI models actually offer is open weights — publicly downloadable parameters. That’s not the same thing.
- Llama (Meta) — Llama Community Licence: custom, not MIT, Apache, or OSI-recognised. 700M MAU threshold above which commercial use requires a separate Meta agreement.
- Mistral — Apache 2.0 for some models (Mistral 7B); MNPL for others (Mistral Large). Fundamentally different grants under the same brand name.
- DeepSeek R1 — MIT label, genuine and OSI-approved. But the label is metadata; the operative document is the licence text in the repository.
- Qwen (Alibaba) — Mix of Apache 2.0 and the custom Tongyi Qianwen Licence. Which applies depends on the model version.
The distinction that matters is between a permissive label (a badge on Hugging Face) and a permissive grant (legally operative text conveying rights). Stefano Maffulli, executive director of the OSI, puts it simply: companies assume openness and get caught by restrictive provisions they never read.
What does the Llama Community Licence actually restrict for commercial use?
Llama is not open source by any standard definition. It is the model most commonly mislabelled as such.
The Llama Community Licence permits commercial use below 700 million monthly active users. Above that threshold, you need a separate Meta agreement. Beyond the MAU threshold, the licence prohibits using Llama outputs to train competing models and restricts certain military and surveillance applications.
Fine-tune a Llama model and your derivative is a covered work — the MAU threshold and prohibited use cases propagate to it. There are approximately 27,000 Llama derivative models on Hugging Face already carrying these restrictions, most of them unknowingly. There is also a naming requirement: Llama 3-based models must be prefixed “llama3”, and 85.8% of Llama 3-licensed models on Hugging Face are currently failing to meet it.
Llama does not qualify for the EU AI Act open-source exemption. Meta monetises through enterprise licensing, which is the disqualifying condition. EU deployments must comply with Article 53 GPAI obligations. For a complete overview of how these obligations apply across your full AI stack, see the open AI supply-chain licensing risk guide.
Bottom line: Commercially usable for most current-scale deployments, but not open source. Legal review required, especially for fine-tuned derivatives.
Is Mistral Apache 2.0 genuinely permissive for commercial use?
The brand name does not determine the licence. Two Mistral models can have fundamentally different commercial rights.
Apache 2.0 variants (Mistral 7B, Mixtral 8x7B) are genuinely permissive — commercial use without user thresholds. Apache 2.0 still requires the NOTICE file and full licence text preserved in all distributions, and modifications documented. Attribution is a binding condition, not optional.
MNPL variants (Mistral Large, Mistral Medium) restrict use to development and evaluation only. Deploying in commercial production is a licence violation. The name says it: non-production.
Some Mistral models may also cross the GPAISR threshold (10^25 FLOPs), which makes them ineligible for EU AI Act open-source exemptions regardless of what their licence says.
Bottom line: Apache 2.0 variants are permissive when the compliance requirements are met. MNPL variants are not commercially deployable. Verify which licence applies to the specific model version — do not assume from the brand name.
Is DeepSeek truly open source and can it be used without licence restrictions?
DeepSeek generates the most questions and the most frequently wrong answers. There are two separate assessments to make here.
The licence question (answered): MIT label, and it’s genuine. Commercial use is permitted. Preserve the copyright notice and full licence text in distributions. That is all. But verify the repository — not just the badge — since only 3.2% of models actually provide both. The reasons why metadata labels routinely mislead are covered in detail in permissive-washing in AI explained.
The training data provenance question (unresolved): DeepSeek was trained on Chinese internet data. Robots.txt compliance, copyright clearance, and data licensing for the training corpus are not publicly documented. The model licence does not retroactively clean the training data. As Mike Lieberman, CTO of Kusari, puts it: with open models, if the training data turns out to be legally or ethically problematic, the liability shifts to you, not the vendor. The broader pattern of how licence risk compounds across the dataset, model, and application layers is covered in how AI licence risk compounds across your stack.
DeepSeek’s EU AI Act classification depends on capability thresholds (GPAI/GPAISR), not the MIT licence.
Bottom line: MIT is genuine and commercially permissive for the weights. Training data provenance is a separate unresolved risk. These are two distinct assessments — keep them separate.
What does the Qwen licence require and when does the commercial threshold trigger?
Qwen has the largest derivative ecosystem of any open-weight model family — 113,000+ derivative models on Hugging Face — and two different licence types depending on which model version you’re looking at.
Apache 2.0 variants (Qwen 3, Alibaba’s flagship) are commercially permissive with standard attribution requirements.
Tongyi Qianwen Licence variants require a commercial agreement with Alibaba above user thresholds — similar in concept to Llama’s MAU cliff. The specific thresholds are not publicly documented. If you cannot determine the threshold, you cannot tell when you have crossed it. This licence sits in Hugging Face’s “Other” category and does not appear in standard licence filter searches.
Any restriction propagates through those 113,000+ downstream projects, most of which have not verified the applicable licence. ModelScope (Alibaba) is the primary alternative platform for Qwen artefacts — check both, since metadata conventions may differ.
Bottom line: Apache 2.0 variants are commercially permissive. Tongyi Qianwen variants require a commercial agreement above undocumented thresholds. Verify the specific model version and check both platforms.
What does a genuinely open AI model look like and why does it matter?
OLMo from AI2 (Allen Institute for AI) is the reference point. Apache 2.0 with a full open training data release, training code, and evaluation framework. It qualifies for the EU AI Act open-source exemption because AI2 does not monetise it. The four criteria for genuine openness are: OSI-compliant licence + full training data disclosure + no commercial use restrictions + no user thresholds. None of the four comparison models meet all four.
On the data side, the Common Pile from EleutherAI is the equivalent reference — 8TB with explicit licence verification for every included work. That is what legally clean training data actually requires.
OLMo is not a drop-in replacement — capability benchmarks differ. But it establishes what “genuinely open” means and makes the gaps in each commercial model’s licence visible.
Which models qualify for EU AI Act open-source exemptions and which do not?
The EU AI Act provides partial exemptions from GPAI obligations for open-source models. It is not automatic. The key condition: the model provider must not monetise commercially.
- Llama — Does not qualify for commercial deployers. Meta monetises through enterprise licensing.
- Mistral (Apache 2.0 variants) — May qualify if non-monetised. MNPL variants do not qualify.
- DeepSeek — Depends on regulatory classification (GPAI/GPAISR thresholds), not the MIT licence.
- Qwen (Apache 2.0 variants) — May qualify if Alibaba does not monetise. Tongyi Qianwen variants likely fail.
- OLMo (AI2) — Qualifies. AI2 does not charge for commercial use.
Models crossing the 10^25 FLOPs GPAISR threshold are never exempt. And qualifying for the exemption does not eliminate all obligations — EU copyright compliance and a training data summary are still required. For a full breakdown of the GPAI category, GPAISR thresholds, and what these mean for procurement, see EU AI Act and Cyber Resilience Act supply chain obligations explained.
How should you evaluate any AI model’s licence before approving it for production?
Four independent assessments before any production approval. Do not skip any of them.
Layer 1 — Licence text verification: Does the repository contain the full licence text and copyright notice? Not the badge — the file. Only 3.2% of models satisfy both.
Layer 2 — Commercial use restrictions: MAU thresholds (Llama), production restrictions (Mistral MNPL), undocumented user thresholds (Qwen Tongyi Qianwen). If you fine-tune, does the original licence propagate? Llama’s does. MIT and Apache 2.0 require attribution only.
Layer 3 — Training data provenance: The model licence governs the weights, not what was in the training data. Non-commercial dataset licences (CC BY-NC) can bind downstream uses even if the model carries MIT or Apache 2.0.
Layer 4 — Regulatory classification: Does the model trigger GPAI or GPAISR obligations under the EU AI Act? Does it qualify for the open-source exemption? The licence badge does not answer this.
Before production approval, get answers in writing:
- Does the repository contain a LICENSE file with the full licence text?
- Does the repository contain a copyright notice?
- What are the specific commercial use restrictions?
- Is there an MAU, user count, or revenue threshold that triggers additional obligations?
- What are the prohibited use cases?
- What is the training data provenance and is it documented?
- Does any training data carry a non-commercial licence?
- If we fine-tune this model, what restrictions propagate to our derivative?
- Does this model trigger GPAI or GPAISR obligations under the EU AI Act?
- Does it qualify for the EU AI Act open-source exemption, and does that matter for our use case?
Treat AI model procurement with the same legal review process as any other critical infrastructure dependency. A benchmark score does not resolve a licence question. For a comprehensive framework covering all aspects of AI supply-chain licensing risk — from model selection through to ongoing governance — see the full AI licensing risk picture.
Frequently Asked Questions
Can I use Llama commercially without paying Meta?
Yes, if your application stays below 700 million monthly active users. Above that threshold you need a separate commercial agreement. The Llama Community Licence also prohibits training competing models and restricts certain military and surveillance applications.
Does DeepSeek’s MIT licence mean I can use it for anything?
The MIT licence permits commercial use — preserve the copyright notice and licence text. But it only covers the model weights. Training data provenance is a separate and unresolved question the MIT label does not address.
What is the difference between open weights and open source for AI models?
Open weights means the model parameters are publicly downloadable. Open source, per the OSI definition, requires full freedoms: training data access, unrestricted commercial use, the right to modify and redistribute. Most “open” AI models are open weights with custom restrictions, not open source.
Which AI model licence is safest for commercial enterprise use?
No single model is universally safest. Apache 2.0 models (some Mistral variants, some Qwen variants, OLMo) offer the most permissive terms when the full licence text is preserved. DeepSeek’s MIT is similarly permissive for the weights but carries unresolved training data provenance questions.
What does Apache 2.0 actually require me to do when I deploy an AI model?
Preserve the NOTICE file, include the full licence text in distributions, and document any modifications. Attribution is a binding licence condition, not optional.
Do I need a separate licence if I fine-tune a Llama model?
Yes. Fine-tuned Llama models are derivative works under the Llama Community Licence. The 700M MAU threshold and prohibited use cases propagate to your derivative.
What is the Tongyi Qianwen Licence and how does it differ from Apache 2.0?
It is Alibaba’s custom licence for certain Qwen models. Unlike Apache 2.0, it requires a commercial agreement above specified user thresholds. Not all Qwen models use it — some are Apache 2.0. Check the specific model version.
Does the EU AI Act open-source exemption apply to Llama or DeepSeek?
The exemption requires the model provider not to monetise commercially. Meta monetises Llama, so Llama does not qualify for commercial deployers. DeepSeek’s eligibility depends on regulatory classification (GPAI/GPAISR thresholds), not the MIT licence.
What is the Common Pile and why does it matter for AI licensing?
The Common Pile is a pre-training dataset from EleutherAI built with explicit licence verification for each included source — 8TB of texts in the public domain or under Open Definition-compliant licences. It is the reference standard for legally clean training data.
How do I check if an AI model on Hugging Face actually has a valid licence?
Check the repository — not just the badge — for a LICENSE file with full licence text and a copyright notice. The badge is metadata that may not reflect actual repository contents. Only 3.2% of models satisfy both requirements.
What happens if I deploy a model trained on non-commercial data?
If training data carries a non-commercial licence (e.g., CC BY-NC), that restriction may bind downstream uses of the model even if the model is labelled MIT or Apache 2.0. Both must be evaluated independently.
Is there a truly open-source AI model with no commercial restrictions?
OLMo from AI2: Apache 2.0 licence, full training data release, training code, and evaluation framework. Qualifies for the EU AI Act open-source exemption. Capability benchmarks differ from the four commercial-scale models in this article.
