This certificate confirms that your project’s licensing has been reviewed and validated. It indicates that the software licence has been selected, verified for compatibility with all components, and is appropriately and transparently declared. It also indicates readiness for compliant distribution.

The certificate remains valid for future software versions indefinitely, provided they meet certification requirements. It does not cover patents or legal liability, although patent concerns may be addressed during the Software Licence Analysis (SLA) review.

A full specification of the Verified Software Licence certificate is also available.

Prerequisites

Ensure your software project:

• Is intended for distribution

• Has all dependencies correctly identified

• Uses a clear software licence, compatible with all dependencies, and confirmed by the GÉANT IPR Manager

Ensure that:

• Project artefacts include the required licence and copyright
• Compliance requirements of dependencies are fulfiled

Step-by-Step Process

Follow the steps below to ensure your software qualifies.

Review Dependencies

• Identify all dependencies. You may use the GÉANT Software Composition Analysis (SCA) service or obtain a Verified Dependencies Certificate.

• Address all critical vulnerabilities, typically by upgrading dependencies.

Select a Licence

• Use the GÉANT SLA service, conduct an internal review, or rely on an equivalent method.

• Confirm your selected licence with the Licence Management Team and obtain approval from the GÉANT IPR Manager.

Verify Compatibility

• Confirm that all dependency licences are compatible with your selected licence.

• Document any conflicts, resolutions, and rationale.

Prepare Required Artefacts

Use the GÉANT SLA service or the Software Artefacts Checklist and related templates to prepare the following files:

Mandatory:

• LICENSE – Full text of the selected licence

• COPYRIGHT – Copyright notices and attributions

• README – Must include licence declaration and copyright

If applicable or required by the licence:

• NOTICE – Third-party notices and attributions

• CHANGELOG – Version history, including licence-related changes

• CONTRIBUTING – Contribution guidelines

Ensure these artefacts clearly and explicitly declare the licence and copyright,
and reflect full compliance with the terms of all dependencies.

Declare Licence in Metadata and Interface

Ensure the licence is declared in:

• Repository settings or project metadata

• User interface (if required by the licence)

• Documentation, help files, and release notes

Submit Request

Send a request to the Licence Management Team, including:

• Results of the SLA or equivalent review

• Access to the repository with all relevant artefacts

• Any clarifications or supporting notes

See the Contact us section for getting information how to communicate with the Team.

Respond to Review Feedback

Cooperate with the Licence Management Team to:

• Provide requested clarifications

• Remediate licence conflicts or vulnerabilities

• Update artefacts and documentation as needed

Use Certificate

Upon approval, your project will receive the Verified Software Licence certificate, which will be visible in the GÉANT Software Catalogue.

You may reference the certificate in your documentation, metadata, project page, or communications. The Licence Management Team will provide guidance on how to do this.

After Certification 

Keep It Valid

Maintain compliance by:

• Keeping licensing artefacts and documentation up to date

• Reviewing new dependencies for licence compatibility

• Avoiding licence changes without review and re-approval

• Informing the Licence Management Team of any major changes

• Responding to user or third-party compliance-related queries

Fundamental changes to software architecture or licensing model may require certificate revalidation.

Optional: Set Up Dependency and Licence Scanning

Integrate SCA scanning into your development pipeline to detect issues early.