The Linux Kernel Just Drew a Line for AI Contributions. The Business Opportunity Is AI Code Review and Compliance Infrastructure.

Linux kernel maintainers just published one of the clearest governance documents yet for AI-assisted software development.

And the opportunity is not in the model layer.

It is in the operational layer that sits between AI-generated code and code that a human is willing to ship.

The new document says: "AI agents MUST NOT add Signed-off-by tags. Only humans can legally certify the Developer Certificate of Origin (DCO)." It also says the human submitter is responsible for "Reviewing all AI-generated code," "Ensuring compliance with licensing requirements," and "Taking full responsibility for the contribution."

That is the market signal.

When one of the most important software projects in the world writes down the rules this explicitly, it tells every engineering leader the same thing: AI coding is no longer just a productivity question. It is a process, attribution, and accountability question.

What actually changed

The Linux kernel guidance does not ban AI assistance. It standardizes the accountability around it.

According to the document:

• "All code must be compatible with GPL-2.0-only"
• "AI agents MUST NOT add Signed-off-by tags"
• "Only humans can legally certify the Developer Certificate of Origin (DCO)"
• Contributions should include an "Assisted-by" tag in a defined format
• Basic tools like "git, gcc, make, editors" should not be listed in that attribution

That is a practical template other teams can copy.

The business to build

The first obvious offer is an AI code review and compliance setup.

Most companies experimenting with coding agents still do not have a clean answer to basic questions:

• Who reviewed the generated code?
• How is attribution recorded?
• What can and cannot be signed automatically?
• How do you prove a human accepted responsibility?
• What checks run before AI-assisted code reaches production?

The Linux kernel document turns these from abstract governance questions into operational tasks.

That means there is room for productized services and lightweight tooling:

• review gates for AI-assisted pull requests
• attribution templates for commits and patches
• policy docs for engineering teams
• DCO-safe workflows where humans certify the final submission
• static analysis and license checks tied to AI-generated code paths

Why this matters outside open source

The kernel is an extreme environment, but that is why this signal matters.

If a project with this much scrutiny says the human is still responsible for review, licensing, sign-off, and final accountability, enterprise teams will move in the same direction. They may not use the exact same tags, but they will need the same control points.

And those control points are where consultants, workflow designers, and tooling companies can make money.

The point is simple.

AI can compress writing the patch. It does not compress legal responsibility.

That gap is exactly where a new category of infrastructure can grow.

Bottom line

The Linux kernel's AI guidance is really a document about human accountability.

That makes it a playbook for a new market: AI code review, attribution, and compliance infrastructure for teams that want AI speed without process chaos.

Source: https://github.com/torvalds/linux/blob/master/Documentation/process/coding-assistants.rst