Dimension 3 — Licence clarity (15 points)
Assesses whether the licence is clearly specified and whether it is compatible with common commercial use cases. Note: Creative Commons licences are not designed for software; their presence on a model card is treated as a flag that the author may not have considered software-licensing implications.
| Licence situation | Points |
|---|---|
| Standard permissive open-source software licence (MIT, Apache 2.0, BSD-2/3-Clause, ISC) | 15 |
| Standard copyleft software licence (GPL-2.0/3.0, AGPL-3.0, MPL-2.0, LGPL) | 14 |
| Dual-licensed (e.g. AGPL + commercial) — both clearly stated | 14 |
| Proprietary commercial licence, clearly stated | 13 |
| Open with vendor restrictions (named allow-list — see below) | 12 |
| Open licence with restrictions for software (BSL, SSPL) | 11 |
| Custom licence with full text provided | 10 |
| Creative Commons licence (CC-BY, CC-BY-SA) — flagged as inappropriate for code | 8 |
| Creative Commons non-commercial (CC BY-NC, CC BY-NC-SA) | 6 |
| Licence referenced but text not provided | 6 |
license: other with both license_name AND license_link populated (HF-spec-compliant) | 4 |
license: other with name OR link missing (spec-violating opacity) | 0 |
license: unknown (active "I don't know" declaration) | 0 |
| No licence specified | 0 |
The three license: other tiers (v0.4 onwards). Hugging Face's cardData spec says: if the author uses license: other, they MUST also populate license_name and license_link. In practice many authors set license: other and leave both detail fields empty, which is a spec violation that produces an unverifiable claim. Dokima distinguishes the three states:
license: otherwith bothlicense_nameANDlicense_linkpopulated → 4 points. The author followed the HF spec; the licence is identifiable and the text is reachable.license: otherwith name or link missing → 0 points. The author used theotherescape hatch without supplying the required detail.license: unknown→ 0 points. The author actively declared "I don't know what the licence is", which is more honest than the previous category but still leaves a downstream consumer unable to plan around the licence.
The 4-point tier exists because some legitimate licences genuinely fall outside the standard SPDX list and the spec-compliant path deserves credit; the 0-point tiers exist because an opaque licence is functionally indistinguishable from no licence at all for any consumer trying to integrate the model.
The "Open with vendor restrictions" named tier (v0.4 onwards). The Llama family, Gemma, Grok-2, and the OpenRAIL family of licences are not OSI-approved open-source licences: they restrict use cases (Llama prohibits training competitor LLMs; OpenRAIL-M restricts certain harmful applications). They are also not proprietary in the closed-source sense — they ship the weights, allow modification, and are widely deployed. Treating them as "proprietary" understates the openness; treating them as "open-source" overstates it. Dokima publishes a named allow-list of these licences and scores them at 12 points — above named restricted-OSS licences (BSL, SSPL at 11) and above custom-with-text (10), below standard copyleft (14) and standard proprietary-clearly-stated (13).
The published allow-list, lowercased to match the canonical Hugging Face licence identifier:
llama2, llama3, llama3.1, llama3.2, llama3.3, llama4, gemma, grok2, openrail, openrail++, creativeml-openrail-m, bigscience-openrail-m, bigscience-bloom-rail-1.0.
Match is case-insensitive at audit time. Authors whose model uses one of these licences and is scored in another tier should check that the licence id on their model card exactly matches the published list — the allow-list is the authoritative source. Additions to the list happen at the next quarterly recalibration as new vendor-restricted licences appear.