The Hidden Risks of NVIDIA’s Open Model License

Recently, regarding the open-weights AI model “Nemotron 3” released by NVIDIA, there are scattered media reports mistakenly describing it as open source. Because there is concern that these reports encourage ignoring the usage risks of the NVIDIA Open Model License Agreement (version dated October 24, 2025; hereinafter referred to as the NVIDIA License), which is the license for Nemotron 3, this document clarifies its open source status and the risks regarding the use of the model, particularly for large enterprises.

Note: This article is an English translation of a post originally written in Japanese. While it assumes a Japanese reader, I believe it may also be useful for an English-speaking audience.

Open Source Nature of the NVIDIA Open Model License Agreement

The NVIDIA License is a proprietary license applied to the pre-trained weights of the model, and it is necessary to examine whether it conforms to the definition based on the “Open Source Definition” (OSD) established by the Open Source Initiative (OSI). Superficially, the NVIDIA License certainly grants a certain degree of freedom regarding the commercial use of the model and the creation or distribution of derivative models. Furthermore, regarding the output of the model, the NVIDIA License explicitly states that NVIDIA does not claim rights. The OSD defines requirements regarding the use, modification, and redistribution of software, and does not contain clauses that directly regulate the ownership of model outputs. Generally, rights regarding deliverables depend on the nature of the deliverables themselves and the existence of third-party rights, so license conditions are not necessarily interpreted as naturally extending to outputs. However, the NVIDIA License explicitly states that “NVIDIA claims no ownership rights in outputs,” and this point is a favorable clause for users. It can be said that the NVIDIA License possesses open source-like characteristics to some extent, combined with such freedom of output.

On the other hand, the NVIDIA License contains restriction clauses regarding the purpose of use and the users, and clearly does not conform when compared against the OSD. Specifically, Article 2 of the NVIDIA License requires compliance with the ethical regulations defined by NVIDIA. In the terms of use titled “Trustworthy AI,” NVIDIA prohibits use for “unlawful surveillance,” “unlawful biometric data collection,” and “unlawful harassment or fraud purposes.” Since these are required to be complied with by reference in the NVIDIA License, revisions to the Trustworthy AI side can affect the practical content of obligations. Usage restrictions in this type of use conflict with OSD Clause 6, “No Discrimination Against Fields of Endeavor.” Furthermore, the clauses on export controls and sanctions can be said to have a tension with OSD Clause 5, “No Discrimination Against Persons or Groups.” Also, the NVIDIA License stipulates that the license automatically terminates if safety measures (guardrails) built into the model are bypassed or disabled. Such a prohibition on avoiding guardrails can be said to be in tension with the intent of OSD Clause 3, which permits the modification and distribution of derived works, and OSD Clause 4 regarding the integrity of the source code. Moreover, it is stipulated that NVIDIA can unilaterally revise the license content for the purpose of responding to laws and regulations, and the user must choose whether to follow the revised version or stop using it. Such reservation of changes to license conditions is incompatible with the premise that open source licenses are essentially immutable and publicly available in advance. Furthermore, the NVIDIA License contains provisions that strongly imply contractual acceptance, raising issues from the perspective of OSD Clause 7 regarding the prohibition of additional licenses upon redistribution.

From the points above, it can be said that the NVIDIA License clearly does not conform to the Open Source Definition, even without waiting for a formal review by the OSI. Therefore, it is incorrect to call models released under the NVIDIA License “Open Source.”

Risks Arising from the License in Corporate Model Use

The NVIDIA License is not only unapproved by the OSI but also contains unique risk factors that require caution, particularly during corporate use. Assuming use across a large enterprise forming a corporate group or provision to customers, burdens and legal risks that do not exist in open source licenses are considered to arise in the following points. Here, they are listed in order of perceived severity.

Indemnification Obligation towards NVIDIA:

Article 8 of the NVIDIA License stipulates that the user (licensee) bears the obligation to indemnify and protect NVIDIA if a claim arises from a third party related to the use of the model, derivative models, or outputs. This is likely an extremely severe transfer of liability that is not common in typical open source licenses approved by the OSI. If the text is interpreted literally, if a lawsuit or claim for damages arises due to the output of the model, the company faces the possibility of not only being the defendant itself but also bearing indemnification liability towards NVIDIA. The larger the corporate scale and the stronger the social influence of the corporate group, the more serious this risk becomes. To use models to which the NVIDIA License applies in important services, some form of additional risk hedging measure will be necessary. One would want a mechanism like insurance.

Usage Restrictions via Incorporation of Terms of Use:

As stated in the previous section, the NVIDIA License limits the use of the model by incorporating the terms of use titled “Trustworthy AI” (version dated June 27, 2024) defined by NVIDIA. Although this is a mechanism also seen in open weights of other US companies, this mechanism effectively imposes an obligation on the licensee enterprise to manage use so that it does not violate the terms, not only for use within its own company but also regarding use by customers and end users when providing products or services incorporating that model to customers.

Regarding the content of Trustworthy AI, whether use for surveillance purposes, biometric authentication, or harassment purposes is considered “unlawful” becomes an issue. Since interpretation varies depending on the context and judicial jurisdiction, it is a difficulty that room is left for it to ultimately be entrusted to NVIDIA’s judgment. for a large enterprise to use and provide this model, it will be necessary to impose prohibited matters equivalent to Trustworthy AI on downstream users in terms of use or contracts, and further establish a mechanism to monitor compliance technically or operationally. This includes recording logs, mechanisms for detecting unauthorized use, and establishing reporting windows. This not only becomes a burden on product implementation using the model, but there is also a risk that the company itself will be accused of breach of contract if inappropriate use is carried out downstream.

Automatic License Termination due to Guardrail Evasion:

Article 2.1 of the NVIDIA License stipulates that the license automatically terminates if technical restrictions or safety guardrails (and related hyperparameters, etc.) built into the model are bypassed, disabled, or their effectiveness is impaired. Not removing guardrails is an essential condition imposed on model users. Even if safety settings or filters are adjusted without malice, it is considered that it could become a breach of contract if it is deemed that “effectiveness was impaired” depending on NVIDIA’s interpretation. In other words, in cases where multiple departments in a large enterprise modify or tune the model for use, accidents may occur where this clause is unintentionally violated, inviting loss of license (automatic termination of contract). Particularly when redistributing or providing the model or derivative models to third parties, careful measures are required, including regarding violations due to setting changes at the destination of provision.

Obligation to Comply with Export Controls and Economic Sanctions:

Article 11 of the NVIDIA License “explicitly” requires compliance with all applicable import and export-related laws and regulations, including US Export Administration Regulations and economic sanctions laws. Specifically, the enterprise itself needs to confirm or guarantee that the destination country, user, and usage do not fall under regulated targets.

For large enterprises with many overseas bases or enterprises providing services globally, responding to this clause requires appropriate costs and organizational maintenance. For example, it may be required to establish access restrictions from specific countries or incorporate a process to pre-screen the customer’s end users and end use, such as so-called classification regarding export control or transaction screening. In conventional open source software, although the user has the responsibility to comply with laws and regulations, it is basically not documented to this extent as a license clause. Enterprises using models subject to the NVIDIA License must consider design and operation regarding export control additionally depending on the form of provision of the model, and if they violate it, they bear the risk of license violation. However, since that simultaneously creates a risk of legal violation, it can also be thought of as merely a constraint that is more than just explicitly stated in the license.

Unilateral Update of License Content and Governance by US Law:

The NVIDIA License stipulates that NVIDIA can unilaterally change the license clauses if it is for “compliance with laws and regulations,” and the user must choose each time whether to follow the license after the change or stop the use or distribution of the model.

Considering that a large enterprise incorporates it into its own products and operates it for a long term, the uncertainty that license conditions may be revised in the future is a risk that cannot be ignored. Depending on the content of the revision, additional restrictions or obligations may be imposed, and there is a possibility that conventional forms of use will no longer be recognized. Also, the governing law is stipulated as the law of the State of Delaware, USA, and dispute resolution is stipulated as the exclusive jurisdiction of the courts of Santa Clara County, California. For non-US enterprises, including Japanese enterprises, it is a heavy burden to have to dispute in a US court based on US law when some dispute arises, and by accepting jurisdiction, they also shoulder future litigation risk. Since the risk and cost of developing into a dispute can increase as the corporate scale increases, this is an element that cannot be overlooked in management judgment.

Broad Application to the Entire Corporate Group:

Under the definition of the NVIDIA License, “Legal Entity” includes not only the contracting party itself but also all related companies (parent companies, subsidiaries, group companies) under a control relationship. Therefore, for example, if one company in a large corporate group uses this model, the possibility arises that the entire group needs to comply with the license clauses in a unified manner. If a specific business department or subsidiary within the group uses it in a way that violates the NVIDIA License conditions, it is a structure where the problem of license violation could spread to other related companies considered as the same “Legal Entity.” In large enterprises, it is difficult to grasp usage realities or control them for each business division or subsidiary, but if operation is not thorough, the risk of violations being discovered from unexpected places increases. As a result, it is necessary to note that a system to adjust and centrally manage the feasibility of model use and policies at the group-wide level is required. This is similar to the motivation for establishing an OSPO in open source use, but the use of AI models is likely a more serious and urgent issue.

Severity of Attribution Obligation upon Redistribution:

Article 3 of the NVIDIA License also defines obligations when distributing or providing models or derivative models. Among them, what should be particularly noted is the obligation to provide credit to NVIDIA. In addition to attaching a copy of the license and the prescribed display in the Notice file (such as “Licensed under the NVIDIA Open Model License”), if the target is an NVIDIA Cosmos model, it is required to display the phrase “Built on NVIDIA Cosmos” on the product or service website, UI, documents, etc.

Although there are obligations such as copyright notices in general open source licenses, cases requiring explicit source indication on user-facing UIs or on the Web like the NVIDIA License are not common. For this reason, when incorporating it into corporate products, it is considered that additional work for license compliance will occur, including the location and method of display. However, compared to other risks mentioned above, this itself is manageable, and it is a problem that can be resolved if the internal compliance department or legal department creates guidelines and complies with them. However, since forgetting to display it can lead to a breach of contract, it should be handled without oversight together with other clauses.

Summary

This document summarized the open source nature of the NVIDIA License and risks in enterprises. Since Article 4 of the NVIDIA License stipulates the priority relationship in the case of coexistence with licenses such as Open Source in a reasonable form, it is considered that NVIDIA itself understands the relationship between the NVIDIA License and open source. Also, NVIDIA itself does not call the model open source, at least in official announcements, and it is likely the responsibility of the media that advertises it as open source and those known as sensationalists active on SNS. Nevertheless, while the NVIDIA License appears to allow free use, the burden of additional measures to deal with the risks explained in this document is heavy, particularly for enterprises, and that can be a stark contrast to use with models that apply open source licenses. It is likely that enterprises will build correct mechanisms for AI model use internally upon recognizing this point.

References

NVIDIA Open Model License Agreement (October 24, 2025 version): https://www.nvidia.com/en-us/agreements/enterprise-software/nvidia-open-model-license/ Trustworthy AI (June 27, 2024 version): https://www.nvidia.com/en-us/agreements/trustworthy-ai/terms/

Open Source Guy