# What Online Licences Can Teach Us About AI-Generated Transcripts

The web has spent decades making instructions and licences easier for software to find. As AI turns speech into reusable records, a contributor's position can still be lost.

Published 2026-07-12 · By REP9 Editorial

Canonical: https://rep9.ai/insights/what-online-licences-can-teach-us-about-ai-generated-transcripts

[Audio edition](https://rep9.ai/insights/what-online-licences-can-teach-us-about-ai-generated-transcripts/listen)

![Editorial collage combining robots.txt, the Kelly v. Arriba Soft court decision, an image result, and a live transcript over a video call.](/assets/insights/what-online-licences-can-teach-us-about-ai-generated-transcripts/hero.webp)
*Websites developed several machine-readable ways to carry instructions and licence information; conversation records still lack an equivalent shared layer for contributors.*

## Where Google's "Licensable" image badge really came from

Open an image in Google Images and you may see a small badge beneath it: **Licensable**. Follow the link and Google can take you to the page a publisher says describes the licence, or to the place where one can be acquired.

The badge looks like a small feature of the interface. Underneath it sits a much bigger design decision. A website has supplied rights information in a form a machine can find, and Google has read it and carried part of that information into the search result.

It's tempting to tell a clean story about how this happened. Search engines copied creative work. Courts made them respect licences. The web gradually learned to obey. That story is memorable, but it isn't what actually happened. None of the major Google image-search cases reviewed for this article ordered the company to display image licences. A crawler instruction is not a licence. And metadata that can travel with a file often disappears along the way.

The real history is more useful precisely because it's less tidy. Over three decades, the web developed several machine-readable languages for several different jobs, and the lesson that matters here is simple: when machines use information at scale, they need a consistent way to find the instructions, licence or reservation attached to it. Without that, even a willing, compatible system cannot reliably preserve the publisher's position.

That lesson is about to matter somewhere new. AI is quietly turning conversation into the web's newest content type - transcripts, summaries and searchable archives - and there is currently no equivalent way to carry the speaker's position along with their words.

## Why robots.txt, licences and logins answer different questions

Crawler rules, indexing instructions, licence metadata and access controls are often lumped together as "machine-readable signals". They don't all say the same thing.

A `robots.txt` rule asks a crawler not to fetch a path. A `noindex` instruction asks a search engine not to include a resource in its results. Copyright metadata can name a creator. A licence link can identify permissions and conditions. A text-and-data-mining reservation can have a defined consequence under a particular law. A login can prevent access altogether. A cryptographic provenance record can help show where a file came from and whether it changed.

That distinction matters in the AI era. The question "may a bot fetch this page?" is different from "may this material be used for model training?" Both differ again from "who owns this?", "what did the parties agree?" and "can the system technically prevent access?" A protocol can make one answer legible without answering any of the others.

## What robots.txt can and cannot do

The Robots Exclusion Protocol began in 1994 as a convention for cooperative crawlers. A site owner placed instructions in `/robots.txt`; a crawler chose whether to honour them. In 2022, the Internet Engineering Task Force (IETF) standardised the protocol as [RFC 9309](https://www.rfc-editor.org/rfc/rfc9309). The document is unusually direct about its own boundary: "These rules are not a form of access authorization."

They're not a security system either. A disallowed URL may still be publicly reachable, and [Google explains that a blocked page can still be indexed](https://developers.google.com/search/docs/crawling-indexing/robots/intro) if other pages link to it. Keeping a resource out of search requires a different instruction, such as `noindex`, and protecting it from access requires an actual control, such as authentication.

None of which makes `robots.txt` unimportant. It made a publisher's operational preference readable at the same speed as automated collection. It also established an architecture the web keeps returning to: publish a predictable signal in a known place, give automated systems a shared way to interpret it, and let practice grow around it. The signal still only addresses crawling; it doesn't grant copyright permission, prove ownership or form a contract.

## Why court rulings did not create image licence metadata

The major US search cases followed a separate legal path. In 2003, the Ninth Circuit treated search thumbnails as fair use on the record in [*Kelly v. Arriba Soft Corp.*](https://www.courtlistener.com/opinion/782791/kelly-v-arriba-soft-corp/). It reached the same conclusion on the relevant thumbnail use in [*Perfect 10, Inc. v. Amazon.com, Inc.*](https://cdn.ca9.uscourts.gov/datastore/opinions/2007/12/03/0655405.pdf) in 2007, while separating files Google stored from full-size images delivered by third-party servers. In 2015, the Second Circuit held in [*Authors Guild v. Google, Inc.*](https://www.courtlistener.com/opinion/3124896/authors-guild-v-google-inc/) that book scanning, search and limited snippets were fair use in that system.

Only the narrower 2006 cache case, [*Field v. Google*](https://www.law.berkeley.edu/files/Field_v_Google.pdf), turned materially on a known technical opt-out. The plaintiff understood Google's cache controls, deliberately left them unused and intended to bring a claim. On those unusual facts, a Nevada district court found implied licence and estoppel among several independent grounds for Google. It did not create a general rule that public availability, or silence, means permission.

You don't need to be a lawyer to see the pattern. None of these cases ordered Google to display image licences. The machine-readable licensing layer grew elsewhere, through public licences, metadata standards and product design.

## How online licences became readable by machines

Creative Commons supplied one of the most influential templates. Its licences paired legal text with a simpler human-readable deed. The 2008 [Creative Commons Rights Expression Language, or ccREL](https://opensource.creativecommons.org/ccrel/), added a standard way to express copyright licensing information for machines.

The core move was simple: identify a licence with a stable URL and mark the relationship between that licence and a particular work. In HTML, `rel="license"` could tell software that a linked document described the licence for the page or object. RDFa could add structured attribution. XMP could embed related information inside a media file.

Machine readability solved a discovery problem. A tool no longer had to infer permissions from a badge, a paragraph of prose or the surrounding design. It could locate a known field, resolve a known identifier and present the result to a person or another system.

Photography developed its own mature rights-information workflows. International Press Telecommunications Council (IPTC) metadata can embed a creator, credit line, copyright notice, rights statement and licensor details inside an image. Schema.org offers page-level properties such as `license` and `acquireLicensePage`. Google's [current image-metadata documentation](https://developers.google.com/search/docs/appearance/structured-data/image-license-metadata) accepts either structured page data or embedded IPTC fields for features such as the Licensable badge.

This is where the opening badge came from. Google's [August 2020 launch announcement](https://developers.google.com/search/blog/2020/08/make-licensing-information-for-your) describes years of work with IPTC, image licensors and industry groups. Collaboration and product implementation, in other words. Not a court remedy.

Even then, discovery is not enforcement. Google can surface the licence a publisher supplied. It doesn't thereby prove that the publisher owns every relevant right, decide whether an exception applies or stop a user from ignoring the link.

Nor does the information always travel. Embedded IPTC metadata can stay attached to an image as the file moves, but only when each system along the way preserves it. [IPTC's 2019 platform test](https://www.iptc.org/standards/photo-metadata/social-media-sites-photo-metadata-test-results-2019/) found metadata removed from many downloaded or processed files. Page-level markup has a different weakness: copy the image away from its webpage and the relationship may be left behind.

A machine-readable position is not a machine-enforced position. It's a position the system has the opportunity to find.

## When a machine-readable reservation carries legal weight

Some mechanisms, such as `robots.txt`, depended primarily on voluntary implementation. Others, including public copyright licences, already operated through existing law. European copyright law later gave machine-readable reservation an express role inside a particular statutory exception.

Article 4 of the [EU Directive on Copyright in the Digital Single Market](https://eur-lex.europa.eu/eli/dir/2019/790/oj) requires member states to provide an exception for reproductions and extractions used for text and data mining where material is lawfully accessible. That exception is conditional. As implemented in national law, reliance on it can be affected where the right holder has expressly reserved the use in an appropriate manner, "such as machine-readable means" for content made publicly available online.

The qualification is the point. A suitable reservation can affect whether someone may rely on that particular EU exception. It doesn't establish that the person publishing the signal owns the material. It doesn't decide whether another licence or exception permits the use. It doesn't make every act of mining unlawful, and it doesn't create a worldwide opt-out.

The [W3C Text and Data Mining Reservation Protocol](https://www.w3.org/community/reports/tdmrep/CG-FINAL-tdmrep-20240510/) proposes shared ways to express that choice through a well-known file, HTTP response, HTML or embedded document metadata. Its own status notice is equally important: it is a Final Community Group Report, "not a W3C Standard nor ... on the W3C Standards Track." The protocol supplies syntax. The legal consequence, where one exists, comes from applicable law.

The distinction is easy to miss because law and software meet in one small field. Technically, the field may contain `tdm-reservation: 1`. Legally, its effect depends on who published it, what rights they hold, which use is proposed, which jurisdiction applies and whether the reservation satisfies that jurisdiction's rules.

## Why AI needs different controls for different uses

Generative AI has made the old distinctions visible again. Search, model training and live retrieval are different uses, and some providers now expose separate controls for each.

[Google-Extended](https://developers.google.com/crawling/docs/crawlers-fetchers/google-common-crawlers), for example, controls specified uses of content by Gemini models without affecting inclusion or ranking in Google Search. [OpenAI documents separate agents](https://developers.openai.com/api/docs/bots) for search, potential model training and some user-initiated visits. Emerging work attempts to express downstream AI-use preferences or connect machines to licensing offers.

These are signs of demand, not evidence that the industry has settled on one approach. Vendor controls have different vocabularies and scopes. Some are voluntary policies. Some may help express a legally relevant reservation in a particular context. None, simply by existing, settles whether a use is lawful.

Provenance introduces another nearby but distinct layer. [Coalition for Content Provenance and Authenticity (C2PA) Content Credentials](https://c2pa.org/specifications/specifications/) can bind signed information about an asset's origin and editing history. That can help a system answer "where did this come from?" It doesn't inherently answer "may I train on it?" A valid provenance record and a valid licence can complement each other, but neither substitutes for the other.

The pattern is consistent: automated systems need separate, explicit signals for separate uses.

## What today's meeting transcripts fail to carry

A single call can now produce several permanent machine records: the audio, a speaker-attributed transcript, a summary, an action list and a searchable archive. [Microsoft Teams](https://learn.microsoft.com/en-us/microsoftteams/meeting-transcription-captions), [Google Meet](https://support.google.com/meet/answer/14754931?hl=en) and [Zoom](https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0080354) each document parts of that workflow in current products. Those records may preserve who spoke, when they spoke and what a system inferred from them.

Our review found no widely adopted cross-platform field for a participant's asserted licence or reservation, or for carrying that assertion through transcription, summarisation and transfer. There are useful pieces: [WebVTT](https://www.w3.org/TR/webvtt1/) can identify voice spans in timed text. [SIP recording metadata](https://www.rfc-editor.org/rfc/rfc7865) can describe sessions, participants and media streams. The [Open Digital Rights Language (ODRL)](https://www.w3.org/TR/odrl-model/) can express permissions, prohibitions and duties. Verifiable credentials and signatures can package attributable claims. None of these, by itself, supplies that complete participant-level layer.

The analogy to image metadata holds in one important respect. For compatible systems to preserve a position systematically, they need a dependable way to discover it and associate it with the relevant contribution.

But a conversation is not simply another digital asset. Several people may contribute to a shared record. The speaker may not own the recording or transcript. Employment, client and platform agreements may already govern parts of the exchange. Copyright may protect some original expression, but it doesn't create ownership of facts, ideas, methods or every short phrase. Privacy, confidentiality, recording consent, performance rights and data protection introduce separate questions again.

Even a technically immaculate signal would not resolve those conflicts. It could associate an assertion with a participant reference or contribution segment without necessarily establishing that person's real-world identity. It could identify a licence URI and timestamp, state the authority the participant claims, and record whether another system discovered or acknowledged the declaration. What it could not do is manufacture rights, or decide which legal rule wins.

The missing layer isn't a field that would resolve every legal question. It's a dependable way to preserve who stated what, where it applies and what a receiving system did with it.

## Why conversations are harder than web pages and images

Imagine a meeting with ten people. One attends as an employee, another through an agency, a third under a client contract. They quote documents owned by other organisations. Their contributions overlap. Some statements are creative expression; many are facts, questions or common professional knowledge.

Now try attaching a licence assertion to every speaker, and perhaps to particular segments. Even if several participants reference the same licence, their authority, scope and surrounding agreements may differ. If other systems introduce different policies, the conflict set grows again. A summary blends them. An agent converts the summary into tasks. Another system sends those tasks into a project archive. Which assertion follows which sentence? What happens when they conflict? What authority did each participant have to publish one in the first place?

A poorly designed rights layer could produce false confidence for contributors and unusable complexity for systems. It could encourage claims over ideas that the law leaves free, or force software to treat every acknowledgement as agreement. A fragmented schema landscape would also make consistent implementation harder, especially for smaller systems.

That objection should shape the design, not be treated as resistance to it. A useful system needs narrow, versioned assertions; visible limits; clear provenance, attribution state and scope; and different states for discovered, parsed, recorded and accepted. It also needs to tolerate the honest answer: "position found, legal effect unresolved."

Most importantly, the technical state must stay visible. REP9 uses "handshake" as the umbrella term for how a declaration enters an interaction, but the differences within it matter: a one-way declaration, a resolved or signed assertion and a two-way acknowledgement are not the same thing. Receipt is not acceptance, and acknowledgement is not automatically assent.

## What REP9 provides today

REP9 starts below that future protocol layer. The public [REP9 Licence 0.1](/licenses/0.1) is a [named, versioned draft](/terms#draft-licence). To the extent a contributor holds relevant rights, it grants a limited set of ordinary conversational uses and reserves the contributor's remaining rights. It does not create rights in ideas or facts, establish confidentiality, displace superior agreements, restrict uses permitted by law without the contributor's permission or promise an outcome.

The current mechanism is a short declaration that points to that stable licence. When the declaration is added to a written exchange, its human statement and resolvable reference enter the same record as the contribution itself. Nobody else has to install REP9, and no claim is made that compatible systems already interpret it universally.

That is the available layer today: a public draft licence and a standard declaration. Personal links and spoken or TTS delivery are private-beta capabilities. API-based resolution and signed SDK assertions belong to the roadmap. Future implementations will need to preserve the exact state of an exchange and keep discovery, receipt, signature, acknowledgement and legal acceptance distinct.

REP9 doesn't need this history to prove that its declaration will have a particular legal effect. The history supports a more basic observation: automated systems use stable identifiers, shared vocabularies and preserved metadata whenever designers expect them to recognise a human position at scale.

The proposition is that a contribution inside a conversation deserves an equivalent place in the record.

## Making a contributor's position visible is the first step

Machine-readable signals are easy to overstate because their syntax looks decisive. A field contains a value. A crawler either reads it or it doesn't. But the important questions begin after parsing: who made the assertion, what did they control, what use is proposed, what other terms apply, and what consequence does the relevant law or agreement attach?

The answer won't be the same in every conversation. It may not favour the contributor. Sometimes there may be no relevant right to reserve at all. A declaration can still do one concrete thing: replace an absent position with an explicit, inspectable one.

Over decades, the web built ways to expose crawler preferences, indexing instructions, creator and licence metadata, reservations and provenance. AI-mediated conversations now produce permanent machine records too. So the next design question is not whether one sentence can stop a system. It's whether systems that preserve everything else can preserve the contributor's position as well.

[The standard REP9 declaration is available to use now.](/#standard-declaration)
