Three-Tier License Framework for Open Source Data

A risk-based classification for evaluating open source datasets for enterprise use:

Tier 1: Public Domain — No Restrictions

• CC0 1.0, U.S. Government Works, ODC-PDDL
• No attribution required, no compliance workflow needed
• Lowest legal risk; prioritize these

Tier 2: Attribution Required — Simple Compliance

• CC BY 4.0, Apache 2.0, BSD 3-Clause, Open Government licenses
• Must credit source in documentation
• Straightforward compliance; establish a standard attribution workflow

Tier 3: ShareAlike — Requires Legal Assessment

• CC BY-SA, ODbL 1.0
• Derivatives must use same license
• The hard question: does internal enrichment constitute a “derivative work”?

The framework enables rapid triage. Tier 1 datasets can deploy immediately. Tier 2 needs a workflow. Tier 3 needs lawyers.

Related: 04-atom—data-governance, 04-molecule—reference-data-multiplier