contributor license agreement (CLA)

A legal instrument allowing contributors to grant IP rights to a company or foundation. In licensing innovation, increasingly paired with governance controls.

A CLA clarifies that you own the code or content you are contributing and grants the project maintainer a broad, usually irrevocable license to use, modify, and redistribute your contribution under the project’s license (and sometimes in commercial products). It may also confirm that you are not providing warranties and that you cannot later withdraw permission to use your contributions.​

Why projects use CLAs

Projects adopt CLAs to ensure they have clear rights to relicense, dual-license, or include community contributions in commercial offerings without future legal uncertainty. This helps protect both the maintainers and contributors by documenting ownership, permissions, and responsibilities in a single agreement.​ Common variations include:

1. Individual CLA: Signed by a person contributing in their own name.​
2. Entity/Corporate CLA: Signed by a company so its employees can contribute on its behalf with company-owned IP.​
3. Some ecosystems instead use a Developer Certificate of Origin (DCO), which relies on signed-off-by statements in commits rather than a separate contract.​

COSS organizations require contributors to sign a CLA before they can merge code or documentation into certain projects. Many of these CLAs are managed via automated GitHub workflows (e.g., EasyCLA, CLA assistant) that check whether a contributor has signed before allowing a pull request to be merged