All 44 source documents used to build the Anvil Index RAG Packs are publicly available government and institutional publications with clear commercial reuse rights. No proprietary, paywalled, or restricted content is included in any pack.
Back to main siteEach source document falls into one of seven licensing categories. This section documents the legal basis for commercial reuse of every document included in the Anvil Index RAG Packs.
Legal basis: Works produced by officers and employees of the United States Government are not eligible for copyright protection under 17 USC Section 105. NIST grants a non-exclusive, perpetual, royalty-free worldwide right to reprint, modify, and create derivative works. FDA uses a CC0 public domain dedication.
Pack 1 NIST AI RMF 1.0, NIST AI RMF Playbook, NIST AI 600-1 GenAI Profile
Pack 2 CISA/NSA Joint AI Data Security Guidelines, NIST IR 8596 Cybersecurity Framework AI Profile, NIST AI 100-2e2025 Adversarial Machine Learning Taxonomy
Pack 3 CISA 2025 Minimum Elements for SBOM
Pack 4 SR 11-7 Model Risk Management (Fed/OCC), OCC Model Risk Management Handbook, Treasury AI in Financial Services, Treasury Financial Services AI Risk Management Framework, Treasury Managing AI Cybersecurity Risks in Financial Services, GAO-25-107197 AI in Financial Services, SEC FY2026 Examination Priorities, CFTC Staff Advisory on AI and TAC Report, PCAOB Generative AI Spotlight and AS 1105 Amendments, CFPB Supervisory Highlights Advanced Technologies, FinCEN Alert on Deepfake Fraud
Pack 5 FDA AI-Enabled Device Software Functions Guidance, FDA Predetermined Change Control Plan Guidance, FDA AI/ML SaMD Action Plan, Good Machine Learning Practice Guiding Principles (FDA/Health Canada/MHRA), HHS AI Strategy, GAO AI in Health Care, ONC HTI-1 Final Rule, FDA/Health Canada/MHRA ML Transparency Guiding Principles, VA Trustworthy AI Framework, HHS OCR AI Nondiscrimination Guidance, AHRQ AI Patient Safety Guidance, CMS AI Guidance
Legal basis: State legislative texts are uncopyrightable government edicts under the Supreme Court ruling in Georgia v. Public.Resource.Org, Inc. (2020). The US Copyright Office will not register government edicts from any state. Colorado specifically suspended copyright registration on its statutes in 2016.
Pack 3 Colorado SB 24-205 Consumer Protections for AI, Texas HB 149 Responsible AI Governance Act (TRAIGA), California SB 53 Transparency in Frontier AI Act (TFAIA)
Pack 4 NYDFS Industry Letter on AI Cybersecurity Risks (New York state agency publication)
Legal basis: EU institutional documents fall under Commission Decision 2011/833/EU, which permits commercial and non-commercial reuse of EUR-Lex content. Editorial content is licensed CC BY 4.0. Attribution to the European Union is required and is provided in each pack's LICENSE.md file.
Pack 1 EU AI Act (Regulation EU 2024/1689), GPAI Code of Practice on Transparency, GPAI Code of Practice on Safety and Security, GPAI Code of Practice on Copyright
Pack 3 EDPB-EDPS Joint Opinion 1/2026 on AI Omnibus Proposal, EU AI Act Privacy Cross-Reference (Articles 10, 26, 27)
Legal basis: EMA permits reproduction and distribution for commercial purposes provided EMA is acknowledged as the source. No prior permission is required for citations.
Pack 5 EMA Reflection Paper on AI in the Medicines Regulatory Lifecycle
Legal basis: OECD publications issued after July 2024 are licensed CC BY 4.0. Sharing, copying, and adaptation for commercial purposes is permitted with attribution. Attribution is provided in Pack 1's LICENSE.md file.
Pack 1 OECD Due Diligence Guidance for Responsible AI
Legal basis: Licensed CC BY-SA 4.0, which permits commercial use. The ShareAlike requirement means derivative works must carry the same license. All 30 OWASP-sourced chunks in Pack 2 carry per-chunk CC-BY-SA-4.0 license metadata, and the dual-licensing structure is documented in Pack 2's LICENSE.md file.
Pack 2 OWASP Top 10 for LLM Applications 2025 (v2.0)
Legal basis: MITRE grants a non-exclusive, royalty-free license for research, development, and commercial purposes under terms consistent with the ATT&CK framework licensing model.
Pack 2 MITRE ATLAS (Adversarial Threat Landscape for AI Systems)
Every source document maps to one of seven licensing categories. All permit commercial reuse with proper attribution.
| License Category | Documents | Packs |
|---|---|---|
| US Federal Public Domain (17 USC 105) | 29 | 1, 2, 3, 4, 5 |
| US State Government Edicts | 4 | 3, 4 |
| EU Institutional (CC BY 4.0) | 6 | 1, 3 |
| EMA (Permissive Reuse) | 1 | 5 |
| OECD (CC BY 4.0) | 1 | 1 |
| OWASP (CC BY-SA 4.0) | 1 | 2 |
| MITRE (Permissive License) | 1 | 2 |
| Total | 44 | All 5 |
All source documents are publicly available from their respective issuing bodies. No paywalled, proprietary, or restricted content is included. Full attribution for each source document is provided in the LICENSE.md file included with every pack.
Anvil Index RAG Packs are value-added data products. The original selection of source documents, the metadata schema design, the cross-referencing system, the controlled vocabulary, and the chunking methodology represent original curatorial and editorial work by Anvil Index. The packs are sold under a Commercial Single-Entity license (with the exception of OWASP-sourced chunks, which carry CC BY-SA 4.0 as noted above).