NLNet Labs LLM Policy

NLNet Labs, an open-source software organization, has adopted a strict policy prohibiting the use of large language models (LLMs) in code and documentation contributions, requiring disclosure of LLM use in all interactions, and holding contributors responsible for any LLM-generated output. The policy aims to ensure human authorship and maintain clear communication, with exceptions only for LLM-suggested fixes in vulnerability reports.

LLM POLICY Revised 26 June 2026 We restrict how Large Language Models LLMs can be used in the context of our organisation and our projects. If a submission e.g. PR, issue, comment, forum post, etc. does not comply with this policy, we may close or delete it without prior notice. Note In addition to this policy, you must also comply with our code of conduct /conduct/ and the relevant CONTRIBUTING.md file of the project. Policy No output of LLMs in code or documentation We require all code and documentation contributions to be authored by a human. You must not include content generated by LLMs or other probabilistic tools. As an exception to this rule, a suggested fix generated by an LLM as part of a vulnerability or bug report may be included, because it can help pinpoint the underlying issue during triage. Disclose LLM use We want to interact with humans, not with LLMs. In your interactions with us, be respectful of our time, and disclose the use of an LLM. This includes opening issues, sending vulnerability reports, and posting on our community forum. Translation can be helpful if English is not your native language. If you use machine translation when communicating with us, we encourage you to disclose such use to us so that both sides are aware of possible miscommunication as a result of mistranslation. Alternatively, you could also write in your native language if you cannot assess the correctness of the translation. Use of LLM translation is discouraged based on their generative attributes that would most likely confuse rather than ease the discussion. LLM output remains your responsibility Your use of LLMs for linting, analysis or review is permitted under this policy. However, you remain responsible for the output of an LLM. If an LLM assists you in finding or analysing an issue, you remain responsible to understand and verify the correctness of the information you share with us. Examples LLM-assisted vulnerability reporting We accept reports of vulnerabilities found with LLMs. With your report, you can include an LLM suggested fix to help us pinpoint the issue. To comply with this policy, after the LLM finds an issue, you as the human contributor verify the issue and the estimated severity. Then, when you send a report to sep@nlnetlabs.nl mailto:sep@nlnetlabs.nl you must disclose the use of an LLM. See the security report /security-report/ page for more information on reporting vulnerabilities to us. PR creation We do not accept LLM-generated contributions. Any code you submit cannot be generated by an LLM. When you open a PR, use your own words and be concise in the PR description. In general, you should not open PRs for new features without talking to us first. If you have ideas on how our software could change to accommodate your use-case, please share your own thoughts on our community forum https://community.nlnetlabs.nl/ .