Who Owns AI-Generated Code? Copyright, GitHub Copilot & the 2026 Legal Landscape

Introduction

If you've used GitHub Copilot, Cursor, or ChatGPT to write code in 2026, you've probably wondered: who actually owns that code? Can you copyright it? Is your company safe using AI-generated code in production products?

These aren't hypothetical questions anymore. The GitHub Copilot class-action lawsuit is grinding through federal court. The US Copyright Office has weighed in on AI authorship. And businesses shipping AI-assisted code are navigating a legal gray zone with real financial stakes.

In this guide, we'll break down the current state of AI-generated code copyright — what developers, startups, and enterprises need to know in 2026.

The Core Legal Question: Can AI-Generated Code Be Copyrighted?

The short answer: it depends on how much human input was involved.

Under US copyright law, only "original works of authorship" by a human creator qualify for copyright protection. The US Copyright Office made this abundantly clear in Part 2 of its AI Report (published January 2025): works created entirely by AI — without meaningful human creative input — are not copyrightable.

But code is rarely entirely AI-generated in practice. Developers prompt, edit, refine, and integrate AI outputs. So the line gets blurry fast.

Where the Copyright Office Draws the Line

The key framework from the Copyright Office's Part 2 Report works like this:

| Scenario | Copyrightable? |

|---|---|

| AI writes all code with zero human changes | ❌ No |

| Human writes a prompt, AI generates code, human uses as-is | ❌ Unlikely |

| Human writes prompt, AI generates code, human substantially edits/rewrites | ✅ Yes (the human-authored portions) |

| Human designs architecture, AI fills in boilerplate, human reviews and integrates | ✅ Likely (human authorship in selection, arrangement, and edits) |

The operative concept is human authorship. If a human makes creative choices — selecting what to include, rewriting logic, restructuring modules — those elements are copyrightable. The raw AI output is not.

In practice, this means your copyright covers the final codebase as edited by humans, not the raw Copilot completions.

The GitHub Copilot Lawsuit: Where It Stands in 2026

The most consequential case for AI-generated code is Doe 1 v. GitHub, Inc., filed in November 2022 by Matthew Butterick and the Joseph Saveri Law Firm. It's a class action on behalf of open-source developers.

What the Plaintiffs Allege

The lawsuit claims that GitHub Copilot and OpenAI Codex were trained on billions of lines of publicly posted code from GitHub repositories — much of it under open-source licenses (MIT, GPL, Apache 2.0, and others) that require attribution and copyright notices.

When Copilot generates code, the plaintiffs argue, it reproduces code from these training repositories without including the required license information. This, they contend, violates:

• The Digital Millennium Copyright Act (DMCA § 1202), which prohibits removal of copyright management information
• GitHub's own Terms of Service and Privacy Policy
• The California Consumer Privacy Act
• Various open-source license terms requiring attribution

Key Developments (2022–2026)

• November 2022: Initial complaint filed in the Northern District of California
• January 2023: GitHub filed a motion to dismiss, arguing fair use and challenging the plaintiffs' standing
• May 2023: Judge Jon Tigar largely denied GitHub's motion to dismiss, allowing the DMCA § 1202 claims to proceed
• 2024–2025: Discovery and class certification proceedings; the case survived multiple dismissal attempts
• 2026: The case continues toward trial, with significant implications for all AI code tools

The court has so far refused to dismiss the core claim — that training on licensed code and generating it without attribution violates § 1202 of the DMCA. If the plaintiffs prevail at trial, the implications for every AI coding tool (Copilot, Cursor, Codeium, Tabnine, Amazon CodeWhisperer, Claude Code, ChatGPT, etc.) would be profound.

What's at Stake

If the court rules against GitHub/Microsoft/OpenAI, AI code tools could be required to:

1. Track the provenance of every training data source

2. Include attribution when generating code substantially similar to training data

3. Allow developers to opt out of having their code used for training

4. Pay licensing fees or damages for past unlicensed use

For the AI industry, a plaintiff win could mean a fundamental redesign of how code-generation models are trained and what they output.

Practical Risks for Developers and Businesses

Beyond the courtroom drama, there are concrete risks that developers and companies need to manage when using AI-generated code.

1. Accidental License Violation

The most immediate risk: Copilot (or any AI coding tool) might generate code that's substantially similar to copyrighted code from its training set — without including the required open-source license.

If you incorporate that code into your product, you could be:

• Violating the GPL (which can "infect" your entire codebase with copyleft obligations)
• Violating attribution requirements of MIT/Apache/BSD licenses
• Exposing your company to copyright infringement claims

GitHub's own research found that Copilot reproduces training data verbatim in roughly 1% of cases — which sounds low, but across millions of completions per day, it adds up.

2. Uncertain Ownership of Your Codebase

If parts of your codebase were generated by AI and incorporated without substantial human edits, those parts may not be protected by copyright. This creates problems for:

• Startups seeking investment — investors want IP that's defensible
• Companies filing patents — unclear inventorship can invalidate claims
• Open-source projects — if you can't prove authorship, you may not have standing to enforce your chosen license
• M&A due diligence — acquirers will scrutinize code provenance

3. Trade Secret Exposure

When developers paste proprietary code or business logic into AI tools (ChatGPT, Claude, Copilot Chat), that code may be used for future training. Some enterprise plans (GitHub Copilot Business/Enterprise) now offer data isolation guarantees, but not all tools do.

4. Copyright Registration Challenges

If you try to register your software with the US Copyright Office, you must now disclose AI involvement in the creation process. The Office's 2025 guidance requires applicants to identify AI-generated elements and disclaim them from the registration.

This means your copyright registration may only cover the human-authored portions of your code — creating documentation gaps that could matter in an infringement suit.

How Companies Are Managing AI Code Risk in 2026

Smart organizations aren't waiting for the courts to sort this out. Here's what best practices look like right now:

1. Mandatory AI Code Policies

Companies are adopting policies that require developers to:

• Review all AI-generated code before committing (no copy-paste-and-ship)
• Flag AI-assisted code with comments or metadata markers
• Run plagiarism/license checks on AI-generated code (tools like FOSSA, Snyk, and Black Duck are adding AI-specific features)
• Never paste proprietary code into public AI tools

2. Using Enterprise-Grade AI Tools

Enterprise versions of coding assistants now offer:

• Training data opt-outs — your code won't be used to improve the model
• Data isolation — your prompts and code stay in your tenant
• Indemnification — Microsoft/GitHub offer IP indemnity for Copilot users (with conditions)

3. Accepting Copilot's "Code Referencing" Filter

GitHub Copilot now includes a filter that checks generated code against public GitHub repositories. If it finds a match, it can either block the suggestion or show you the source. Most enterprise policies require this filter to be enabled.

4. Separate Documentation of Human Authorship

Companies building patent portfolios or registering copyrights are keeping records of:

• What code was AI-generated vs. human-written
• What creative decisions humans made in the integration
• Design documents, architecture decisions, and code review records

This documentation matters for both copyright registration and litigation defense.

Global Perspectives: How Different Jurisdictions Handle AI Code

The US isn't the only game in town. Different countries are taking different approaches:

United States

• Copyright Office: AI-only works = no copyright. Human-authored portions can be protected.
• Pending legislation: Multiple bills in Congress aim to codify the human authorship requirement
• Courts: The GitHub Copilot case will set the first major precedent

European Union

• The EU AI Act (now in force) requires transparency about training data for general-purpose AI — which includes code models
• EU copyright law generally requires human authorship, similar to the US
• GDPR implications: training on public code repositories that may contain personal data (email addresses in commit logs, etc.) is under scrutiny

United Kingdom

• The UK has a unique provision: Section 9(3) of the CDPA 1988 provides for computer-generated works without a human author, with a reduced 50-year term
• However, this applies to the arrangement of the generation, not the AI itself as author
• The UK is reviewing whether to update this provision for the AI era

China

• China has been more permissive about AI-generated content copyright in some rulings
• The Beijing Internet Court (2023) recognized copyright in an AI-generated image where the human provided "intellectual investment" through prompts and curation
• However, code-specific rulings remain limited

Practical Takeaway

If you're distributing software globally, assume the most restrictive standard (US/EU approach) — that only human-authored portions are protectable. Document your human creative process accordingly.

5 Steps to Protect Your AI-Generated Code

Here's a practical action plan:

Step 1: Enable Copilot's Duplicate Detection

Go to your GitHub Copilot settings and enable the "Suggestions matching public code" filter. Set it to "Block" rather than "Allow."

Step 2: Adopt an AI Code Marking Convention

Use a consistent comment format to mark AI-assisted code:

// AI-ASSISTED: Portions generated by GitHub Copilot, reviewed and edited by [developer]

Step 3: Run License Compliance Scans

Add an AI-specific step to your CI/CD pipeline. Tools to consider:

• FOSSA (license compliance + AI detection)
• Snyk Code (includes AI code risk detection in 2026)
• GitHub's built-in dependency scanning

Step 4: Document Human Authorship

For copyright registration or patent filings, maintain an "AI Use Log" that records:

• Which files or modules involved AI assistance
• Nature of human creative input (architecture, editing, integration choices)
• Review sign-offs

Step 5: Check Your AI Tool's Terms

Before using any AI coding tool in a commercial project, verify:

• Does the tool claim ownership of generated code? (Most say no, but read carefully)
• Does the tool use your code for training? (Enterprise plans typically say no)
• Does the tool offer IP indemnification? Under what conditions?

What's Coming Next

The AI code copyright landscape will shift significantly in the next 12–24 months:

1. GitHub Copilot trial: A verdict (or settlement) will establish the first major precedent

2. Copyright Office Part 3 Final: The US Copyright Office continues to refine its generative AI training guidance

3. EU AI Act enforcement: Code models will face new transparency requirements

4. More tooling: Expect a new category of "AI provenance" tools that track code lineage

5. Insurance products: Cyber/IP insurers are developing AI-specific coverage for code generation risk

Key Takeaways

• AI-only code is not copyrightable — the US Copyright Office and most jurisdictions require human authorship
• AI-assisted code can be protected, but only the human-authored portions
• The GitHub Copilot lawsuit is still active in 2026, and its outcome will reshape the industry
• License contamination is a real risk — AI tools can generate code that mirrors copyrighted training data
• Document everything — AI use logs, human authorship records, and code review trails are your best defense
• Use enterprise tools with indemnification for commercial work
• Enable duplicate detection filters in your AI coding tools today

---

This article is for informational purposes only and does not constitute legal advice. For specific guidance on AI-generated code in your organization, consult an intellectual property attorney.