Directus License Revision: Community Feedback Requested

I don’t understand. We’re not gating AI now or in the new pricing model… and we don’t sell Directus for $20. Sorry, can you clarify what you mean here?

I love this… thank you. The “2 out of 3” approach is a nice way to add grace (if one is above threshold) but still enforce.

As you pointed out, the hard part is in practice… it’s even less likely that a normal person at a company has this information (or the approval to easily share it externally with out team).

Sorry @Ben, i kinda misread “aren’t trying to gate”.
Great to hear you don’t consider enterprise gate the chatbot.

And I’m not suggesting to sell Directus for 20 bucks, but just to resell inference plans tied to the Directus chatbot tailored to work perfectly for and inside Directus to enable users to manage content, generate and edit images, draw and visualize metrics and whatever would make sense.

So even users on the Directus free tier should be able to buy a Directus AI plan instead of bringing their own Anthropic or OpenAI key. That way you can ensure maximum quality for you AI features as well as earning money for reselling you prefered inference provider.

100%! I do feel that we are only charging for value, at any size project/company. We’re trying to make spend directly commensurate to value. Our pricing ramps evenly based on value… but we’ve layered this grant on top to make it completely free for certain users.

The reason is that even at $1/month, you add a huge bottleneck. Org members shouldn’t be using their personal cards for company software, and getting approval for a company card, reimbursement, etc is still a big hurdle for many. So we’re trying to make it as easy as possible to dive into the platform.

I’d rather have 10k FREE users getting excited for our software and (hopefully) spreading the word, then 500 who can overcome pricing hurdles to pay $20/month. To me, that feels like $1M worth of PLG community “marketing” vs $120k of ARR.

Sorry for lashing out so much, it was probably my fear of a rug pull. I’ve only been “here” for a few months, but have a lot of hours poured into this, and a lot of members’ expectations waiting to be met

No worries at all! It’s a sensitive topic… and rightfully so, since vendors everywhere are “pulling fast ones” to grow at all costs. I get the skepticism around companies trying to play both sides (focus on $$$ but pretending to be for the community).

If you’re at a non-profit, definitely talk to us about what a discount against our normal pricing would look like. And if you ever feel like we’re not acting fairly with these pricing/grant statements, just post here (ask for me) and we can chat through it.

What in that free “tier” I was talking about are you saying is more or an infinite “dev trial”? It has almost all features of the platform and two reasonable limits on users/collections. Nothing that stops you from using it in production.

Also your assumption that i am “in favor of the new middle tier” is a bit odd here - the middle tier is not useful in most cases - my customers are mostly not non-profit, NGOs, OSS project or education projects (with a few exceptions)

I was responding to you saying:

this could be interresting: it depends on the features it has - the current dealbreaker for the cheaper options (especially the cloud version) is first privacy and compliance issues from the customer and second, that the cloud versions can’t use custom endpoints

I thought you were responding to the new middle tier we were talking about (“hundreds of dollars, not $1k”). You don’t need to be a non-profit/NGO/OSS (or below $5M/25HC) for that… it’s available to anyone at that price (and does not gate any security features). Quick summary below:

• Free Tier: Almost all of software features, a few lower limits on users/collections.
  • Normally this tier would be like $20/mo or something at other vendors, but we want to give it away to keep things easy and support the community. This being free is why we don’t have a “cheap tier” like others… it’s not missing, it’s just free.
• Paid Tier: Adds SSO/Support and higher limits. “hundreds of $$” price point.
• Enterprise Tier: Typical “custom pricing”, no limits, adds ent features.

Beyond all those tiers, there’s these:

• Free Grant: No gates, no limits. Just be under $5M/year + 25 HC.
• Tier Discounts: If you’re a non-profit, NGO, OSS, EDU, etc… talk to us about discounts

Let me know if this clears things up… or if we’re still not understanding each other.

No worries!!

No gating the chat-bot… only “custom LLMs” are missing on the free tier.

So even users on the Directus free tier should be able to buy a Directus AI plan instead of bringing their own Anthropic or OpenAI key. That way you can ensure maximum quality for you AI features as well as earning money for reselling you prefered inference provider.

Yeah! This is something we’re looking into. It’d be great to offer AI/chat out of the box (without adding your own key), but that can be tricky and we want to support you using your preferred service. Love the reselling side though… and newer/smaller self-hosted models are also super appealing too!

Great diplomatic take , but I would assume many of use would have a much easier time to explain to our customers they have to pay x-amount for a feature we can demo right in front of them instead of reporting their headcount and finance on a yearly basis back to us.

I know that is not mutually exclusive and not all of us here on the forums are 3rd party contractors, but nevertheless I’d rather see a discussion of how you can monetize Directus AI features instead of another license narrowing, which in my opinion is hard to enforce in any meaningful way unless you plan to enforce it aggressively through legal action.

What in that free “tier” I was talking about are you saying is more or an infinite “dev trial”? … Nothing that stops you from using it in production.

Screenshot_5694×252 11.4 KB

On Reddit, the pricing structure described was:

• Free Grant / Paid Tier: one bucket containing three subgroups: free (under $5M/25 HC), heavily discounted (non-profits, NGOs, OSS, EDU), and paid (governments, larger for-profits). Requires registration after “X weeks” [literal placeholder in the post]. Missing SCIM, Offline Mode, Annual Invoicing. Collection limits.

• Free Business Tier: no registration required, explicitly for larger orgs to evaluate. 50-collection limit. Missing SSO, Custom RBAC Filters, Custom LLMs, Paid Support, Longer Revisions History.

• Paid Enterprise Tier: full registration, no limits.

You said this was “the real info”.

In your post #66, the structure is:

• Free Tier: “almost all software features,” lower limits. Described as “nothing that stops you from using it in production.”

• Paid Tier: adds SSO/Support, “hundreds of $$.”

• Enterprise Tier: custom pricing, no limits.

• Beyond the tiers: Free Grant (under $5M/25 HC, no gates) and Tier Discounts (non-profits, etc.).

I suppose this leads to two direct questions: Has the plan changed between your Reddit post and this one? If yes, which specific parts changed, and what feedback drove the changes? If the plan hasn’t changed, can you explain why the descriptions differ?

Can I say something? If companies earning over 5M are complaining about spending for the software running their website/content, then they sound just like the rich who don’t like to be taxed (and who knows what they are hiding). Besides, offering Directus as a subscription model would just make it another piece of software that one must compare to others before committing into… whereas, as it is now, Directus is the only piece of software one needs and it beats anyone else.

Can I ask something? You mentioned that custom LLMs are going to be forbidden in free tiers. Does this mean one cannot add a local AI on the selfhosted version of Directus?

Thanks and sorry for my silly comments

Custom LLMs aren’t in the free Core Tier (meant for larger businesses to evaluate and dev)… but custom LLMs ARE included in the free Innovation Grant! So individuals and small orgs can still use it…

Yes, things have changed since writing some of these posts… that was the point!

Originally the Innovation Grant gave you access to the middle tier (with those limits and still missing some features)… but after talking with the community, we updated the grant to include the FULL software and removed all limits. You get everything for free… the ONLY thing we require is that you register and keep basic telemetry turned on.

It’s also worth noting that we updated the threshold for the grant. It was set to “under $5M/year + 25 Employees” … but after these discussions we decided to double the headcount. So now you are eligible for the grant if you make less than $5M/year + 50 Employees. We want to make sure that certain types of orgs with higher headcount can still use the software for free.

So the current structure is:

• Open Innovation Grant: Free. Registration required. No limits or feature gates. Meant for individuals and small orgs to get the most value from Directus in dev/production.
• Core Tier: Free. No registration required. Low limits and restricted features. Meant for businesses to evaluate and develop at no cost.
• Teams Tier: Paid (“hundreds per month”). Registration required. Higher limits and all non-Enterprise features included. Meant for larger orgs to go into production.
• Enterprise Tier: Paid (“tailored”). Registration required, with offline mode. Custom limits, all features. Annual invoicing, basic support included, and discounted non-prod projects) Meant for larger orgs with larger, custom, or mission-critical projects.

Hope this helps clarify things a bit more!

Gotcha. That’s very helpful.

Increasing the headcount threshold from 25 to 50 seems to genuinely be a concession made based on community feedback. However, I do see in the draft PRs for the v12 license enforcement system (#27173-#27180) that this architecture has been in development for months. The grace-period popup in the code dates the registration initiative back to at least October 2025. Moreover, you made a comment earlier in this thread about this being discussed internally for a year. Not much has changed over the last few weeks, in that case.

I do have some questions that may help to clarify the grant and licensing conditions a bit more.

You describe registration and telemetry as the “ONLY” requirements for the OIG grant, but the enforcement code shows that every installation validates its license against a remote service every 6 hours by default. Moreover, a report is sent on every validation call that includes the:

• project id

• public url

• database client

• user count by type

• role counts

• flow counts

• dashboard counts

• extension counts

• collection counts

• total item counts

• share counts

• file counts

• fields per collection

• database size in bytes

• file storage size in bytes

• MCP config

• collaborative editing status

• websocket status

• visual editor URLs

• and per-method API request counts broken down by type with totals and cache hits

Whew! That’s a lot. In fact, it’s the complete commercial profile of a deployment. I wonder if it is a bit disingenuous to call this “basic telemetry.”

Do you have a data retention policy for this information? Who will have access to it? Will it be stored on infrastructure controlled by Monospace? Will it be used for purposes beyond license validation, such as sales targeting, pricing optimization, or identifying high-usage deployments for enterprise outreach? Will it be shared with investors or third parties? Will the data flow be documented in a privacy policy, DPA, or somewhere else?

It appears that the entitlement to disable analytics only exists in the Enterprise tier. Can you confirm this?

For self-hosted software running on the user’s own infrastructure, managing the user’s own data, can you explain why the 6-hour validation frequency is necessary? What happens to a deployment that loses connectivity to the validation service for 24 hours or a week?

Air-gapped and offline operation requires the Enterprise tier based on what I’m seeing. Does this mean that organizations behind strict firewalls or in environments with unreliable internet must pay Enterprise pricing to run Directus reliably?

Does the OIG grant expire? If so, how often must it be renewed and what is the renewal process?

The licensing architecture supports entitlement overrides such that the licensing server can change an individual installation’s limits between validation cycles without any action or code change on the user’s end. Under what circumstances would Monospace need to selectively change limits for individual customers? Will users be notified when their entitlements are changed remotely?

If the JWKS endpoint rotates its signing key, then any Directus instance running an older version will fail token verification once its cached JWKS expires. At that point the installation can no longer validate even if the license itself is valid and paid for. So this gives Monospace the ability to force version upgrades by rotating signing keys. Is there a planned key rotation policy?

When a paid license lapses, the install transitions to locked immediately and non-admin users are kicked out until an admin completes the deactivation workflow. What’s the rationale for an immediate lock rather than a softer transition window where existing users retain read-only access, for example, while the admin decides how to bring the install into Core compliance?

The grace-period popup links to a URL containing the acronym KYC (Know Your Customer). I am unfamiliar with the use of this phrase outside of regulated banking and financial environments. I’m curious if this is how Directus internally describes the registration system, and if so, how it applies in the context of “basic registration”?

Is there a reason a community RFC wasn’t provided for such consequential architecture before reaching draft-PR stage?

If this is out of scope for this thread, I’m happy to post these questions in a new thread. Thanks so much for any insights.

I have just been promoting Directus to my employer to move away from Strapi because it was clunky. Now i discovered the upcoming license change, especially the limit for headcounts (50) and introduction of self-service registration keys. It made me very confused. I was using Directus a lot myself for some projects, and now there is no chance we will use it at work (cause competitors got MIT). Just a reminder that with the license change, though Directus being great software, it loses a portion of users and contributors.

I want to clarify a simple point: does “$5M/year + 50 Employees” mean “$5M/year AND 50 Employees” or “$5M/year OR 50 Employees”.

Thanks!

Correct… this is a BIG update, and we’ve been planning and building it for a while… I feel I’ve been upfront about that. My goal with these posts was not to ask if we can make this change, but to gut-check things before going live. We’ve made some big adjustments based on feedback, and I’d say we’re in a pretty good place now.

You describe registration and telemetry as the “ONLY” requirements for the OIG grant, but the enforcement code shows that every installation validates its license against a remote service every 6 hours by default

…

That’s a lot. In fact, it’s the complete commercial profile of a deployment. I wonder if it is a bit disingenuous to call this “basic telemetry.”

Yes, that is basic telemetry. Nothing disingenuous about that, in my opinion. The majority of these are counts/sizes, which is very standard data. We need to know what features are being used (or not used) so we know where to focus our efforts.

At the end of the day, we’re giving away my/our life’s work completely free… and with no limits. If someone doesn’t want to share that basic telemetry, then there’s a limited free tier with no registration, paid tiers with offline mode, or other software that can be used. Plenty of options based on needs!

Of course we have all the DPA, Data Retention, and Privacy Policies… they will come out with the rest of this release.

It appears that the entitlement to disable analytics only exists in the Enterprise tier. Can you confirm this?

Yup! And the free Core tier has no registration requirement.

Does the OIG grant expire? If so, how often must it be renewed and what is the renewal process?

Yup… I believe it requires re-registering each year to self-attest you are still under the threshold.

For all the more technical questions… I’ll either tap someone else in to answer, we can move to a new post, or we’ll have to wait until things are finalized and released. Also, it goes without saying, but all my responses above are subject to change until this all goes live anyway.

Appreciate the dialog!

Yup… we get that.

Will we lose some users because of this change? Yes, and that’s ok. Most of those users are the least likely to contribute to the project (financially or otherwise).

And a move to fully permissive OSS (eg MIT) would mean losing nearly all of the customers paying to keep this project going. And that’s not an option.

I’m curious though… why does adding a 50 employee threshold to the free Grant change things for you? Your org is under $5M/year but over 50 headcount?

Also, why does registering for a free software key change things?

Thanks!

It’s an AND! So you need to satisfy both of those to qualify.

The thinking is that if you make more than $5M/year or have more than 50 employees… then you are likely at a company stage where you can reasonably afford to pay for the value the software gives.

We’ve been using Directus for around 3 years across multiple products and businesses at different stages. Over this time, we’ve introduced it in several systems, built around it, and contributed to its ecosystem. A lot of value came from how open and predictable it has been so far — so thank you for that foundation.

That’s exactly why I want to raise a concern about the proposed MSCL direction: it risks weakening the very thing that made Directus successful for many of us — openness, trust, and predictability for long-term adoption.

Moving toward a model with license enforcement and potential feature gating introduces uncertainty that can slow down adoption in serious production environments. In particular, it raises questions like:

1. Offline / air-gapped usage
Will Directus remain fully usable without external connectivity?

• Is there a guaranteed offline mode with no runtime dependency on external services?
• What happens in cases where validation cannot be performed?

Even small external dependencies can become critical points of fragility in self-hosted systems.

2. Long-term predictability of features
One of the strongest reasons to adopt Directus today is the stability of expectations.
It would be important to ensure:

• Core features will never move behind enterprise licensing in future versions
• Existing self-hosted capabilities remain stable over time without reclassification

Without this, teams building long-term systems will hesitate to commit deeply.

3. License key as a control point
Introducing enforcement mechanisms can unintentionally shift perception from “open core with optional commercial layer” to “controlled runtime system.”
That shift can reduce trust, even if intentions are purely commercial sustainability.

From a community perspective, I’d strongly encourage leaning further into the existing model: keeping the core truly open and predictable while growing enterprise value around hosted services, scaling, and managed offerings — not by introducing runtime enforcement or uncertainty in self-hosted deployments.

The strength of Directus so far has been that teams can adopt it confidently, without worrying about future restrictions. Preserving that would likely lead to even stronger long-term growth and ecosystem adoption.

Let’s be direct. Our main product has 70+ collections with hundreds of fields and millions of records of data, all in a multi-tenant structure. We have a small 5-person team with around $150K in yearly revenue, and we are trying to raise $500K in funding. We’re happy to pay for Directus when we can, and for now we are actively contributing to and introducing it, and both our contributions and the broader community efforts have contributed to Directus’ growth rate—through development, maintenance, and word-of-mouth adoption.

I think (and the reply comments confirm this) that introducing paywalls—such as blocking RBAC and applying collection caps in free tiers—is very disappointing for us, as we’ve been building our product on top of Directus for years. Fortunately and unfortunately, Directus has a relatively small database footprint, and this license change may push us to replace it with a more predictable option.

Even if grants have access to full features, i think ‘let me ask directus’ license checker is bottleneck for restricted networks. good to know that I’ve contributed to translate near 100% of directus strings to Persian, but in I.R.Iran we are sanctioned and even directus marketplace is not loading properly. every restriction and external dependency means we cannot use directus from now. I think restricted networks in other countries (for security reasons for example) may have same issue.

your reddit post was helpful.. but i want to say ‘custom RBAC filters’ are not enterprise features. if you want to create an app for a business customer with more than 5 person in team, access management is required to enable them using the software.. at least we have public, full-admin and org-admin roles in each product we are selling to many organizations (a multi-tenant structure) and using RBAC filters is not reflecting our income or team size.. products with zero income in day 1 may have this included.

Another concern is that i don’t know what is “competition” in MSCL.. directus is selling templates for many use cases like LMS and CRM.. are you saying that creating LMS (for example) and selling to others is a competitive act and that’s because you are limiting the “custom RBAC filters” to limit teams creating and selling such products? We were using directus mainly to do that..

To be honest, i think selling templates and community owned extensions can make directus more money that it can make by locking the system. locking may decrease the system growth. in the age of AI people can quickly create products and this may change wordpress as the most popular stack to AI + Directus if marketplace of extensions and templates grow and core remains free.

We had plans to build a sandbox version of currently developed extensions when marketplace has a paid extension option. it needs a better development experience and more engaging marketplace design (like wordpress addons marketplace) to grow and make money for directus, and also needs openness in core. you cannot enforce license at scale, but can make money by providing template and extension services, maintained by community and controlled by directus ecosystem.