Linus Torvalds approved AI code rules for Linux: humans bear responsibility

Linus Torvalds and Linux maintainers have established the first official rules for code written with AI assistance. The policy does not prohibit Copilot, Claude, and other tools, but places complete responsibility on the human for every line, bug, and licensing risk.

What Changed

A new section on AI Coding Assistants has appeared in the kernel documentation. The Linux team formally recognizes that developers will use generative tools anyway, so the project considers it more important to establish clear rules than to impose symbolic bans. The basic principle is simple: AI is considered a tool, not an author. This means any patch entering the kernel must still go through the normal review, discussion, and manual verification process.

The new rules require all code to remain compatible with the GPL-2.0-only license, and files must use correct SPDX identifiers. Separately, it is stated that an AI agent has no right to add a Signed-off-by tag: this tag is tied to the Developer Certificate of Origin and represents legal confirmation from a human. Only a living developer can sign such a patch, and they alone assume full responsibility for the contribution.

How to Submit Patches Now

For developers in practice, this means not a revolution, but an additional layer of transparency. By itself, the fact of using AI is no longer considered a violation if a person can explain what the tool did and how the result was verified. In short, a model can help write a patch or description, but cannot replace the author who understands the code, tests it, and is ready to defend the changes before maintainers.

• Manually verify all generated code rather than relying on the model's output
• Ensure fragments do not violate the kernel's licensing requirements
• Add your own Signed-off-by, confirming DCO on behalf of a human
• Specify Assisted-by with the tool name and model version
• Do not pass off AI contributions as ordinary tools like git, gcc, make, or editors

This approach did not emerge from nowhere. The reason for firmly establishing these rules was months of debate around "AI slop" and the quality of patches submitted by people with minimal understanding of what the model actually generated. Particular controversy arose when AI involvement was not disclosed immediately: formally, a patch looked like ordinary work from an experienced developer, but later it turned out that significant portions of text and code were written by an LLM.

The Main Unresolved Problem

Despite its practicality, the new policy does not address the most uncomfortable question: code provenance. The documentation requires a person to verify the licensing cleanliness of AI output, but provides no way to prove where a specific line came from. If a model generated a fragment too similar to someone else's code with incompatible terms, the Assisted-by tag won't solve the problem. The patch submitter remains responsible even if they physically cannot trace the entire training path of the model.

There is a second gap: the policy barely helps in fighting dishonest authors. Torvalds directly said the documentation is written for good-faith participants, and people who send garbage code won't honestly mark it as AI-generated. In other words, Linux chose not a path of prohibition, but a path of personal responsibility: if the code is good, it will be reviewed; if it's a hallucination, regression, or poorly understood patch, the person who hit send is responsible.

"Documentation is needed for good-faith participants,"

Torvalds explained his approach to AI patches.

What This Means

Linux did not declare war on AI tools and did not pretend the problem doesn't exist. The project chose an adult model: AI can be used, but not hidden, cannot sign patches, and the legal and technical consequences rest with humans. For the entire open source industry, this is an important signal: the next big debate will not be about whether to allow AI, but about how to prove the provenance and quality of generated code.