Source URL: https://simonwillison.net/2025/Apr/19/llama-eu-ai-act/#atom-everything
Source: Simon Willison’s Weblog
Title: Maybe Meta’s Llama claims to be open source because of the EU AI act
Feedly Summary: I encountered a theory a while ago that one of the reasons Meta insist on using the term “open source” for their Llama models despite the Llama license not actually conforming to the terms of the Open Source Definition is that the EU’s AI act includes special rules for open source models without requiring OSI compliance.
Since the EU AI act (12 July 2024) is available online I decided to take a look for myself.
Here’s one giant HTML page containing the full text of the act in English. I checked the token count with ttok (which uses the OpenAI tokenizer, but it’s close enough to work as a good estimate for other models):
curl ‘https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ:L_202401689’ | ttok
241,722 tokens. That should fit nicely into Gemini 2.5 Flash (or GPT-4.1 or Gemini 2.5 Pro).
My Gemini API key was playing up so I ran it via OpenRouter (and llm-openrouter) instead:
llm -f ‘https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ:L_202401689’ \
-m openrouter/google/gemini-2.5-flash-preview:thinking \
-s ‘Summary of mentions of open source here, including what the document defines open source to mean’
Here’s the full answer. Relevant extract:
Recital (89) states that third parties making accessible “tools, services, processes, or AI components other than general-purpose AI models" under a free and open-source licence should not be mandated to comply with upstream provider responsibilities towards those who integrate them. It also encourages developers of such resources to implement documentation practices like model cards and data sheets to promote trustworthy AI.
Recital (102) acknowledges that software and data, including models, released under a free and open-source licence can contribute to research and innovation and provide growth opportunities.
I tracked down Recital 89 and Recital 102 to check. Sure enough, 89 says:
Third parties making accessible to the public tools, services, processes, or AI components other than general-purpose AI models, should not be mandated to comply with requirements targeting the responsibilities along the AI value chain
And in 102:
General-purpose AI models released under free and open-source licences should be considered to ensure high levels of transparency and openness if their parameters, including the weights, the information on the model architecture, and the information on model usage are made publicly available. The licence should be considered to be free and open-source also when it allows users to run, copy, distribute, study, change and improve software and data, including models under the condition that the original provider of the model is credited, the identical or comparable terms of distribution are respected.
Gemini 2.5 Flash also pointed me to Article 2(12), which reads:
12. This Regulation does not apply to AI systems released under free and open-source licences, unless they are placed on the market or put into service as high-risk AI systems or as an AI system that falls under Article 5 or 50.
I asked a follow-up question:
llm -c ‘so it says specific licenses but does it clarify which specific licenses count?’
And got back this response:
No, the document does not list specific names of licenses that qualify as "free and open-source".
Instead of listing names (like GPL, MIT, Apache, etc.), the Regulation defines what kind of terms a license must grant for it to be considered "free and open-source" for the purposes of the Regulation.
According to Recital (102), such a license must essentially allow software and data, including models, to be:
Openly shared.
Where users can freely access, use, modify and redistribute them or modified versions thereof.
The Recital further clarifies that a license can still be considered free and open-source even if it includes standard conditions like requiring attribution (crediting the original provider) or respecting identical or comparable terms of distribution.
I am very obviously not a lawyer, but based on the above I do find the theory credible that Meta are using "open source" in their marketing around Llama partly because the EU AI act has special exemptions for "open source" models that have nothing to do with the OSI definition of that term.
Total cost to use Gemini 2.5 Flash for this? 5.1 cents for my first question and 4.3 cents for the follow-up. That second question was cheaper even though it built on the first because output tokens are more expensive than input tokens and the second answer was shorter than the first – using the "thinking" model output is charged at $3.50/million tokens, input is just $0.15/million.
Using an LLM as a lawyer is obviously a terrible idea, but using one to crunch through a giant legal document and form a very rough layman’s understanding of what it says feels perfectly cromulent to me.
Tags: meta, ai-ethics, open-source, generative-ai, llama, ai, llms, openrouter, long-context, gemini, llm
AI Summary and Description: Yes
**Summary:** The text explores the implications of the EU’s AI Act on open-source AI models, particularly concerning Meta’s Llama models. It highlights the advantages and regulatory exemptions for open-source models while critiquing the term “open source” as used by Meta. It uses AI tools to analyze and summarize a lengthy legal document, revealing insights into compliance implications that security, privacy, and compliance professionals should consider.
**Detailed Description:**
The text discusses the intersection of AI, regulation, and open-source licensing in relation to the European Union’s AI Act, which comes into effect on July 12, 2024. Here are the key points and their significance:
– **Contextual Background**:
– The conversation revolves around Meta’s approach to marketing their Llama models as “open source” and the possible motivation behind this, noting that the licensing may not fully comply with the Open Source Definition but could benefit from the EU AI Act’s regulatory framework for open-source software.
– **EU’s AI Act**:
– The act outlines specific provisions in Recitals 89 and 102 that pertain to free and open-source AI models:
– Recital 89 states that third parties providing tools or components under a free open-source license are exempt from certain compliance responsibilities typically required of AI providers.
– Recital 102 emphasizes that transparency and documentation (e.g., model cards, data sheets) are critical for open-source AI models.
– **Regulatory Insights**:
– The discussion reveals that while the AI Act does not specify which licenses qualify as open-source, it defines the characteristics that such licenses must encompass, assisting compliance professionals in understanding the regulatory landscape without relying on specific license names (such as GPL or MIT).
– **Usage of AI Tools**:
– The author uses AI tools (notably Gemini 2.5 Flash and OpenRouter) to parse complex legal text and derive comprehensible summaries, showcasing practical applications of AI in legal and regulatory contexts.
– **Practical Implications**:
– The mention of using an LLM to aid comprehension of legal documents illustrates how compliance and security professionals can leverage AI for efficient analysis of regulations affecting AI deployments.
**Bullet Points**:
– **Regulatory Exemptions**: Open-source models may bypass some compliance burdens under the EU AI Act.
– **Transparency Requirements**: Emphasizes the necessity for clear documentation practices.
– **AI for Regulatory Analysis**: AI tools can facilitate understanding of lengthy and complex legal texts, improving compliance efforts.
– **Credibility of Marketing Claims**: Challenges the marketing strategies of major companies regarding open-source compliance; a consideration important for professionals assessing risks in vendor relationships.
The intersection of open-source AI and regulatory frameworks such as the EU AI Act will be of vital interest to security, privacy, and compliance professionals as they navigate the evolving landscape of artificial intelligence and its governance.