Composite Licensing as Authority Intersection

Regulatory Framework

Composite-licensing obligations arise simultaneously from three regulatory traditions whose convergence is recent and whose enforcement is now active. The first is the open-source-compliance tradition: ISO/IEC 5230 (OpenChain) standardizes the management system through which an organization tracks inbound and outbound license obligations, while ISO/IEC 18974 extends the same conformance discipline to security assurance. Both standards presuppose that the organization can enumerate, on demand, every component contributing to a delivered artifact and the license under which each component was admitted. The NTIA minimum elements for SBOMs codify this as a national-baseline expectation, and Executive Order 14028 made conforming SBOMs a procurement precondition for federal software purchasers. The EU Cyber Resilience Act extends the same SBOM expectation to all products with digital elements placed on the European market.

The second tradition is the AI-specific provider regime. EU AI Act Article 53 imposes on General-Purpose AI providers a duty to publish a sufficiently detailed summary of training content and to maintain technical documentation that downstream deployers can rely upon. Article 25 makes distributors responsible for verifying that conformity obligations have been met before placing a system on the market — a duty that is impossible to discharge without machine-readable license provenance for each composed component. NIST AI 100-2 (Adversarial Machine Learning Taxonomy) and the NIST AI Risk Management Framework's supply-chain profile identify provenance loss as a primary risk vector across the model, weights, prompt, and adaptation layers.

The third tradition is the underlying license-composition law that the technical regimes presuppose. Apache 2.0, MIT, and BSD-family permissive licenses compose freely but impose attribution and patent-grant terms that survive composition. The GPL family imposes copyleft propagation; AGPL extends propagation to network-mediated use, which is the operative scenario for hosted models. When a fine-tuning corpus contains AGPL-licensed text and the resulting weights are served behind a network API, the AGPL's source-availability obligation is plausibly triggered. Composite licensing must reason structurally over these interactions, not as an afterthought.

Architectural Requirement

What the converging regimes demand is not a richer license metadata field but a structural primitive: every artifact admitted into the system must carry a credentialed lineage identifying every authority whose policy bears on its use, and every use of the artifact must be evaluated against the intersection of those policies before admission. The lineage is not advisory; it is the operative basis of admissibility. An artifact whose lineage is incomplete is, by construction, inadmissible until the gap is closed.

Each adaptation artifact carries credentialed metadata identifying the licensing authorities relevant to its use: who licensed the training data, who licensed the fine-tuning process, who licensed the base model weights, who licensed the deployment context, who has standing to grant or deny downstream use, and what compensation routing each authority requires. The licensing decision for any specific use is the intersection of all relevant authorities' policies expressed as a composite admissibility predicate. When the consumer deploys the artifact, the admissibility gate evaluates this intersection: do all relevant authorities admit this specific use under this consumer's policy. The result is a credentialed observation — either the artifact is admissible for this use, or specific authority refusals identify the licensing gap with sufficient precision that remediation is mechanical rather than investigative.

Why Procedural Compliance Fails

Generative AI's licensing problem is structurally a multi-authority problem. The training data has hundreds to millions of source authorities. The fine-tuning corpus has its own authority and frequently its own AGPL-or-permissive admixture. The base model carries its license (often a bespoke responsible-AI license rather than an OSI-approved one). The deployment context has its policy. The downstream use has its sectoral requirements (HIPAA, FERPA, GDPR Article 22). Per-authority renegotiation does not scale to the dimensionality of the problem; even at modest scale, the combinatorial space of pairwise license interactions exceeds what legal review can clear within commercially relevant timeframes.

The current procedural pattern — opt-in licensing pilots, opt-out registries, blanket fair-use claims, content-creator class actions, and post-hoc indemnification riders — is symptom rather than architectural solution. Each pattern attempts to compress the multi-authority problem into a single-authority decision: a publisher decides for all its authors, a registry decides for all its registrants, a court decides for all similarly situated rightsholders. Each compression fails as the dimensionality grows, because the compressed decision cannot represent the differentiated policies that the underlying authorities actually hold. A spreadsheet of inbound licenses, even when diligently maintained, is not an admissibility primitive: it cannot answer, mechanically and at admission time, whether a specific composed use is permitted under the conjunction of every contributing policy. The SBOM minimum elements were specified precisely because procedural compliance had failed at scale in the conventional software supply chain; the same failure mode is now manifest in the AI supply chain, and the remedy must be structural for the same reasons.

What the AQ Primitive Provides

The Adaptive Query llm-skill-gating primitive treats authority intersection as a first-class architectural construct. Each authority signs a machine-readable policy describing what uses they admit, under what conditions, and with what compensation routing. The artifact's metadata identifies the full lineage of relevant authorities — training-data, fine-tuning, base-model, distillation, deployment, and downstream-use — with cryptographic credentials binding each authority's policy to the specific contribution it covers. The composite admissibility evaluation then evaluates each authority's policy against the proposed use; the use is admissible only if every relevant authority admits, and the credentialed observation produced by the gate carries the intersection result for downstream auditors.

Authority intersection naturally handles cases that procedural compliance handles poorly or not at all. A training-data authority that admits research use but not commercial use produces an artifact that is research-admissible but not commercial-admissible, and the gate refuses commercial deployment with a specific authority-level explanation. A deployment authority that requires per-invocation compensation produces an admissibility result that includes the compensation routing as a structural side effect of admission. An AGPL-contributing authority whose policy demands corresponding-source disclosure for network use produces an admissibility result that surfaces the disclosure obligation before the artifact is placed in service. Cross-authority disputes resolve through the same governance framework that handles other multi-authority disputes — the framework does not require a special case for licensing because licensing is, structurally, just another instance of multi-authority admission.

Compliance Mapping

The primitive maps directly onto each operative regime. ISO/IEC 5230 conformance: the credentialed lineage is the management-system artifact the standard demands, and the admissibility gate is the control point through which inbound license obligations are evaluated and outbound obligations are emitted. ISO/IEC 18974 conformance: the same lineage carries security-assurance authorities (CVE-disclosure obligations, vulnerability-handling commitments) alongside license authorities, and the gate evaluates them in the same intersection. NTIA SBOM minimum elements: the lineage encodes supplier, component, version, dependency, author, timestamp, and unique identifier as structural fields rather than as best-effort metadata.

EU AI Act Article 53: the lineage produces, on demand, the sufficiently-detailed training-content summary that GPAI providers must publish, with the granularity controlled by the authority's own policy rather than by post-hoc redaction. Article 25: distributors verify conformity by re-running the admissibility gate, which is a mechanical operation rather than a documentary review. Executive Order 14028 and the EU Cyber Resilience Act: the lineage is the SBOM, emitted in CycloneDX or SPDX form by projection from the credentialed structure rather than by separate generation. The license-composition substrate (Apache 2.0, MIT, BSD, GPL, AGPL): each license is encoded as the policy of the authority that selected it, and the AGPL's network-use trigger is evaluated by the gate at the moment the artifact is placed behind a network interface.

Adoption Pathway

The training-data lawsuits currently active against major AI vendors — NYT v. OpenAI, the music labels' actions against Anthropic, the image-generator class actions, the Getty proceedings — all share a structural pattern: rights authorities want compensation and use control that the current architecture cannot provide. The architecture has no concept of authority intersection, so settlements necessarily compress diverse rightsholder positions into single-authority terms, and the compression itself becomes a fresh source of dispute.

Adoption proceeds in three stages. First, an operator instruments its existing fine-tuning and deployment pipelines with credentialed-lineage capture, treating each existing license artifact (LICENSE files, dataset cards, model cards, opt-in registry entries, opt-out tokens) as the seed of an authority record. Bootstrapping costs are bounded because most artifacts already carry license metadata in conventional but unsigned form; the work is principally to bind that metadata to a credentialing authority, not to invent it. Second, the operator inserts the admissibility gate at the deployment boundary, beginning in shadow mode where refusals are logged but not enforced; this surfaces the real shape of the operator's lineage gaps without disrupting service, and the shadow-mode metrics become the operator's evidence base for prioritized remediation. Third, the operator transitions the gate to enforcing mode, with refusals routed to a remediation queue whose work items are mechanically actionable (request a missing authority signature, re-evaluate under an updated policy, route compensation to a newly identified rightsholder, surface an AGPL-network-use disclosure obligation before the artifact reaches production traffic).

The downstream consequences are durable. The rights-grade generative AI that the lawsuits are converging toward becomes structurally tractable because the architecture finally represents the multi-authority structure of the underlying problem. Cross-border deployment becomes mechanically discharged: an artifact admissible under one jurisdiction's authority intersection is, on movement to a second jurisdiction, re-evaluated against the second jurisdiction's applicable authorities without renegotiating with each underlying licensor. M&A diligence collapses from a multi-month documentary exercise to a replay of the admissibility gate over the target's lineage. The patent positions the primitive at the layer the rights problem actually requires, rather than at the layer where procedural compliance — opt-in pilots, opt-out registries, blanket fair-use claims, post-hoc indemnification — has been visibly failing.