Disclaimer: I am not a lawyer, and nothing here is legal advice. What follows is my reading of what these license texts actually say in plain language, and the patent implications that seem to follow from that text. For any real IP decision, take it to a qualified patent attorney. On a public page a wrong legal claim is worse than a cautious one, so I am going to stay close to the words on the page.
Picture the moment a patent attorney goes through your requirements.txt line by line, asking which licenses are in your dependency tree. Not "can we ship this." A different question, one almost nobody asks before it matters: does using this code constrain my ability to assert a patent later?
I was not in a courtroom when this clicked for me. I was building, the way I always am, late, with a dependency list I had grown the lazy way, one pip install at a time, each one chosen by an engineer who was thinking about getting the thing to run, not about what happens in 2027 when a competitor ships a similar feature. And then the question landed and I realized I was about to do archaeology on my own decisions.
Here is the trap in one line. Most engineers treat open-source licenses as a shipping question. Can I include this in a commercial product, can I keep my changes private. The GPL-versus-proprietary boundary gets all the attention. The patent question is different, and it is the one that quietly waits.
Plaintiff one day, infringer the next
The stakes are concrete. GPL v3 code in your dependency tree means that asserting a patent against someone using the same GPL v3-covered functionality could, by the plain text of the license, terminate your own license to that code. You go from plaintiff to infringer in a single filing.
The mechanism is a patent retaliation clause, text that is deliberately written to make patent assertion legally expensive for anyone who incorporated the protected code. It is not an accident or a side effect. The license was drafted to do exactly this. And it sounds abstract right up until someone with a law degree is reading your lockfile out loud.
So let me walk the actual sections, because the whole thing lives in the text, not in the vibe.
The core mechanism: sections 10, 11, and 8 in combination
GPL v3's retaliation works through three sections acting together. None of them does the job alone.
Section 10 imposes a condition on every licensee. In its own words, you may not initiate litigation, including a cross-claim or counterclaim in a lawsuit, alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it.
Section 11 is the grant. Each contributor hands every downstream user a license to that contributor's essential patent claims. That is the thing of value you are holding.
Section 8 is the trigger. Violate the license and your rights terminate automatically, and that termination reaches the patent grants made under Section 11.
Now stack them. The sequence the text creates runs like this. You incorporate GPL v3 code into your system, a library, a component, even a small utility you copied and adapted. A competitor ships something you believe infringes a patent you hold. You file suit, alleging infringement of the program or a portion of it. That filing is the Section 10 violation. Section 8 then terminates your rights, including the Section 11 patent grants, as of the date you filed. And now you are distributing GPL v3 code without a license, which is its own infringement.
The uncomfortable step is the one in the middle. "Any patent claim infringed by making, using, selling the Program or any portion of it" is not a precisely bounded phrase. Patent claims are written broadly on purpose. The GPL code's contribution to your system might be peripheral to your core invention, and that does not automatically insulate you. What matters, as I read it, is whether the patent you are asserting can be characterized as one infringed by making or using the GPL v3 work. If opposing counsel can draw that line, the text says the sequence can fire. Whether a court agrees in your specific case is exactly the kind of question I am not qualified to answer, which is the point of the disclaimer at the top.
AGPL widens it, GPL v2 does not have it
Two siblings are worth naming because people assume they all behave the same, and they do not.
AGPL v3 carries the same Section 10 and Section 11 language, plus the extra reach of Section 13. Providing the software as a network service, without ever shipping a binary, triggers the same source-disclosure obligations as distribution. For patent strategy that means the full retaliation exposure travels with the network-use surface. If you are building an AI inference service on an AGPL-licensed library, you are inside the AGPL's reach whether or not anyone ever downloads a binary from you. That one catches people who think "I never distribute, so I am fine."
GPL v2 is the other direction. It has no equivalent patent retaliation mechanism. Its Section 7 prohibits adding further restrictions to GPL'd code, which can complicate certain downstream patent assertion strategies, but it does not contain the automatic license-termination trigger that v3 introduced. v2 and v3 are not equivalent on patent risk, and treating them as one thing is its own quiet error.
What "using" GPL code does to your position
The danger is not confined to wholesale copying. I think of it as a gradient, and the middle of the gradient is where the real trouble lives.
At one end, you use a GPL v3 utility that parses files, and your patent covers an optimization on the parsed data. The GPL code touches none of the claimed functionality. As I read the clause, it is looking for an allegation that the GPL work itself constitutes infringement. If you are not making that allegation, the text gives it nothing to grab.
At the other end, you copied GPL v3 code in, modified it, and ship it as part of a system your patent claims cover. You have incorporated the work, and your claims arguably allege that the combined system, which is the work, does the patented thing. That one is almost certainly a problem.
The middle is the one that should scare you, and it is the reason I am writing this. You use a GPL v3 library that does something adjacent, say an approximation method, and your patent claims a system that uses approximation methods to get a result. You assert against a competitor. Their counsel argues your claimed functionality is intertwined with the GPL library's behavior. Whether that argument wins is a legal question, but you are then paying attorneys to litigate it either way. "Adjacent" is decided by how your claims are written and how good the other side's lawyer is. The risk is fuzzy and front-loaded. You cannot fully know at filing time whether a court will find the connection, and by then the GPL code has been in your tree for eighteen months.
LGPL v3 belongs in this conversation too. It is "lesser" only in the copyleft sense, you can link against it without your application becoming GPL'd, but it incorporates the GPL v3 patent framework by reference. It is not lesser on retaliation. Same Section 10, 11, and 8 story.
The safe operating rule I landed on
After sitting with the text, the rule I actually run is simple, and deliberately conservative. No GPL v3, AGPL v3, or LGPL v3 code in any codebase where I intend to file or assert patents covering the same functional area. And "same functional area" gets read broadly, because patent claims are written broadly.
The good news, and it is genuine good news, is that this almost never costs you anything in modern AI work. The permissive ecosystem covers nearly everything you would actually reach for. The scientific Python stack is BSD-licensed. The major deep-learning frameworks are BSD or Apache-2.0. The big transformer libraries are Apache-2.0. The GPL libraries you bump into are usually legacy data tools or specialized components that predate the Apache-and-MIT-everything norm, and they have permissive alternatives in almost every case. The work of finding the alternative is small next to the work of defending the decision not to.
If you discover a GPL v3 dependency late, it is not a death sentence, just deliberate work. Re-implement the functionality clean-room, from the interface contract and not the source, and document that you did. Or wrap it as a separately deployed service you call over a network instead of linking it in, with the loud caveat that AGPL v3's Section 13 specifically addresses that pattern, so confirm with counsel before leaning on it. Or, if the component is peripheral, just drop it and carry the small technical debt instead of the legal debt. Every one of those paths is cleaner than explaining the dependency to an attorney three years from now.
The principle
None of this is original to me. The retaliation mechanism is right there in the license text, drafted by people who understood patents far better than I do, and IP counsel have been reasoning about it for years. The engineering distinctive, the part that is actually mine, is small and boring and saves you anyway: treat the license as a property of a dependency you check before adoption, not a footnote you reconstruct under adversarial scrutiny after you file.
The check costs about thirty seconds per dependency. Reconstructing a clean development history while opposing counsel reads your commit log costs a great deal more. The license is sitting in the repository the whole time. Read it before the import statement is in your tree, not before the filing is on the docket.
I am still not a lawyer. If any of this maps onto a real decision you are about to make, that is precisely the moment to put it in front of one.