A Contributor License Agreement (CLA) defines the terms under which intellectual property has been contributed to a company/project, typically software under an open source license.
CLAs can be used to enable vendors to easily pursue legal resolution in the case of copyright disputes, or to relicense products to which contributions have been received from third parties. CLAs are important especially for corporate open source projects under a copyleft license, since without a CLA the contribution would restrict the guardian as well.
The purpose of a CLA is to ensure that the guardian of a project's outputs has the necessary ownership or grants of rights over all contributions to allow them to distribute under the chosen license, often by granting an irrevocable license to allow the project maintainer to use the contribution; if copyright is actually transferred, the agreement is more normally known as a Copyright Transfer Agreement. CLAs also have roles in raising awareness of IPR issues within a project.
When a CLA requires a contributor to assign unrestricted republishing rights to the project, contributed code can be relicensed at the discretion of the project, even when the CLA does not assign copyright to the project. Prominent open source advocates regard CLAs as dangerous to open source rights.
In 2019 MongoDB used these rights granted by its CLA to achieve a move to a non-open-source license.
In January 2021, the Elasticsearch project used such rights to move the project to a non-open-source license. Drew DeVault, a lead developer with a number of open source projects such as sway, regards this move as a loophole. Both these projects were licensed under a copyleft license, which uses copyright to protect contributions, yet the CLA negates the usefulness of copyright in achieving this protection:
Elasticsearch belongs to its 1,573 contributors, who retain their copyright, and granted Elastic a license to distribute their work without restriction. This is the loophole which Elastic exploited when they decided that Elasticsearch would no longer be open source [...]
Project Harmony was established by Canonical in 2010 to optionally avoid the problems discussed above. It provides a CLA template-builder. Based on choices made, the CLA will allow the contributor to keep copyright and assign rights to the project (as above) but with various restrictions on relicensing: using the template requires choosing one of the mutually-exclusive options, which range in restrictiveness. A real-world example is the Ubuntu project. The CLA leaves copyright with the contributor and allows the project to relicense the code but with a restriction based on the license the contribution was made under:
2.3 Outbound License Based on the grant of rights in Sections 2.1 and 2.2, if We include Your Contribution in a Material, We may license the Contribution under any license, including copyleft, permissive, commercial, or proprietary licenses. As a condition on the exercise of this right, We agree to also license the Contribution under the terms of the license or licenses which We are using for the Material on the Submission Date.
The Fedora CLA allows a contributor to use a Free license from a specific list, and agrees that the project is bound by the terms of that license. This is therefore a class of restrictive CLA.
2. Licensed Contributions. If Your Contribution is Licensed, Your Contribution will be governed by the terms under which it has been licensed.
Companies and projects that use CLAs include:
KDE uses Free Software Foundation Europe's Fiduciary Licence Agreement of which (FLA-1.2) states in section 3.3:
FSFE shall only exercise the granted rights and licences in accordance with the principles of Free Software as defined by the Free Software Foundations. FSFE guarantees to use the rights and licences transferred in strict accordance with the regulations imposed by Free Software licences, including, but not limited to, the GNU General Public Licence (GPL) or the GNU Lesser General Public Licence (LGPL) respectively. In the event FSFE violates the principles of Free Software, all granted rights and licences shall automatically return to the Beneficiary and the licences granted hereunder shall be terminated and expire.
However, it is optional and every contributor is allowed not to assign their copyright to KDE e.V.