GitHub: coalition demands changes to California AI Transparency Act to protect open source

GitHub, Black Forest Labs, Hugging Face, and Mozilla have joined forces in a coalition demanding amendments to the California AI Transparency Act — the California law on AI transparency known under bill numbers SB 942 and SB 1000. The coalition’s goal is not to block regulation but to remove one specific provision that, the signatories argue, would legally destabilize the entire open-source software ecosystem.

What does the law require and where is the problem?

The contested provision of the California AI Transparency Act requires AI model authors to revoke their license if a downstream user — someone who downloads the model and integrates it into their own product — fails to meet the prescribed transparency obligations. Revocation means retroactively withdrawing rights that have already been granted.

The problem is that this measure is structurally incompatible with a perpetual open-source license — a type of license (examples: Apache 2.0, MIT, GPL) that permanently grants the user rights to use, modify, and redistribute without a time limit. Revocation would retroactively nullify those rights due to a third party’s failure, meaning the model author assumes responsibility for the behavior of everyone who ever downloads their code.

The coalition proposes the EU model

Under the coalition’s proposal, the law should be aligned with the EU AI Act Transparency Code of Practice — the European framework in which accountability for transparency is fulfilled through notification and documentation, not by revoking licenses. That approach distinguishes the model author from downstream users and does not penalize original creators for the actions of third parties.

Risk to the software supply chain

GitHub emphasizes in its post that the contested provision creates legal uncertainty throughout the entire software supply chain. In practice this means: a company integrating an open-source AI model into a business tool cannot be certain its rights will remain valid if another downloader of the same model anywhere in the world fails to meet regulatory obligations. This risk particularly affects smaller businesses and academic institutions that lack the resources to monitor all downstream users.

Regulatory context

The California AI Transparency Act is part of a broader global race to regulate AI systems. Unlike the EU AI Act, which went through years of technical consultations with industry stakeholders, the California law — in the coalition’s assessment — introduces mechanisms with no equivalent in established open-source licensing models. The coalition continues to support the goal of greater AI transparency, but insists that regulatory obligations be addressed to current distributors, not through retroactive revocation against original authors.