The Decision
On June 24, 2025, the QEMU project — the widely-used open source machine emulator and virtualizer — formally adopted a policy banning all AI-generated code contributions.
"Current QEMU project policy is to DECLINE any contributions which are believed to include or derive from AI generated content. This includes ChatGPT, Claude, Copilot, Llama and similar tools."
Unlike Gentoo's ideological crusade or NetBSD's silent update, QEMU's ban emerged from genuine mailing list discussion with multiple revisions. This makes it a more interesting case study: even with proper process, the outcome was still a sweeping ban decided by non-experts.
The Process: Better, But Still Flawed
Credit where due: QEMU's process was more transparent than its peers.
The Timeline
- November 2023: Daniel P. Berrangé (Red Hat) posts initial patches
- 2024: Discussion stalls; Berrangé worries policy "might go too far"
- June 2025: Markus Armbruster revives and refines the proposal (v3, v4, v5)
- June 24, 2025: Stefan Hajnoczi commits the policy
The Participants
| Participant | Affiliation | Expertise |
|---|---|---|
| Daniel P. Berrangé | Red Hat | Virtualization (libvirt lead) |
| Markus Armbruster | Red Hat | Virtualization (QAPI/QMP) |
| Stefan Hajnoczi | Red Hat | Virtualization |
| Peter Maydell | - | Virtualization (ARM) |
| Michael S. Tsirkin | Red Hat | Virtualization |
| Kevin Wolf | Red Hat | Virtualization (block layer) |
| Gerd Hoffmann | Red Hat | Virtualization (graphics) |
Notice a pattern? Every single participant is a virtualization engineer. Most work for Red Hat. None have demonstrated expertise in AI, machine learning, or even intellectual property law — the very domains central to the policy's rationale.
The Echo Chamber Problem
QEMU's discussion had multiple revisions and genuine back-and-forth. But it was still an echo chamber — just a well-organized one.
No AI/ML Experts
The policy makes sweeping claims about how LLMs work, how they're trained, and what their outputs represent legally. Yet no one with actual AI expertise participated. Questions that an ML engineer might have raised:
- Do LLMs actually "copy" training data, or do they learn statistical patterns?
- Is there meaningful difference between autocomplete suggestions and full generation?
- What does the empirical research say about LLM output and training data similarity?
These questions were never asked because no one in the room knew to ask them.
No Legal Experts
The entire rationale hinges on legal risk — DCO compliance, copyright, licensing. Yet no intellectual property lawyers participated. The developers made legal judgments based on their interpretation of legal documents, not actual legal advice.
Berrangé's key argument:
"I don't consider it credible (today) for a contributor to assert compliance with the DCO terms (b) or (c) (which is a stated pre-requisite for QEMU accepting patches) when a patch includes (or is derived from) AI generated code."
This is a legal conclusion reached by a virtualization engineer. It may be correct. It may be wrong. The point is: they don't actually know, and they didn't ask anyone who would.
The Autocomplete Problem
Perhaps the most striking flaw in QEMU's policy is its failure to distinguish between fundamentally different use cases.
What's Banned
The policy explicitly names "Copilot" alongside ChatGPT and Claude. There is no carve-out for autocomplete. This means:
- Accepting a 3-character variable name suggestion from Copilot — banned
- Using Copilot to complete
for i in range(— banned - Any code that touched an AI autocomplete — banned
Was This Discussed?
Yes, briefly. Michael S. Tsirkin asked: "Can we soften this to only apply to expressive code?" — suggesting mechanical refactoring tasks might warrant different treatment than creative code.
Daniel P. Berrangé's response was dismissive:
"Trying to detail every possible scenario is impractical and would make the document too onerous for people to read, remember & apply."
Translation: "We can't be bothered to think about nuance, so we'll ban everything and make it the contributor's problem."
The Reality of Modern Development
According to GitHub's 2024 Open Source Survey, 72% of open source developers use AI tools for coding or documentation. Copilot is integrated into VS Code, JetBrains, and most modern IDEs. For many developers, AI autocomplete is as routine as syntax highlighting.
QEMU's policy effectively tells these developers: disable your tools, or lie about using them. Given that the policy is unenforceable, the honest developers are penalized while the dishonest face no consequences.
The "Start Strict" Fallacy
Daniel P. Berrangé argued the policy is provisional:
"It's best to start strict and safe, then relax."
This sounds reasonable but inverts the burden of proof. The policy:
- Assumes AI code is dangerous until proven safe
- Requires contributors to seek exceptions case-by-case
- Places the burden on individuals to prove compliance
Meanwhile, there's no documented incident of AI-generated code causing legal problems for QEMU. The entire policy is preemptive — addressing a theoretical risk with a concrete restriction.
"Start strict, relax later" also assumes relaxation will actually happen. History suggests otherwise: restrictive policies tend to become entrenched, defended by those who implemented them regardless of whether the original concerns materialized.
The Red Hat Irony
Here's a curious fact: most QEMU AI policy participants work for Red Hat. And Red Hat, as a company, is heavily invested in AI.
- InstructLab: Red Hat's open source project for contributing to and fine-tuning LLMs
- vLLM: Red Hat is the main corporate contributor to this UC Berkeley LLM inference project
- Red Hat AI: Enterprise AI platform launched in 2024
Red Hat's official position champions open source AI: "We have always believed in the power of open source development in driving innovation."
So Red Hat engineers banned AI contributions to QEMU while Red Hat the company invests millions in AI development. This isn't corporate policy — it's individual engineers being more cautious than their employer.
The disconnect suggests the QEMU decision reflects the personal risk tolerance of a small group, not a considered organizational stance.
Comparison: Process vs. Outcome
| Project | Process Quality | Expert Input | Outcome |
|---|---|---|---|
| Gentoo | Poor (author voted on own RFC) | ML engineer ignored | Full ban |
| NetBSD | None (silent update) | None sought | Effective ban |
| QEMU | Good (multiple revisions) | None (all virtualization engineers) | Full ban |
| Debian | Good (open debate) | N/A | No ban |
| Fedora | Good (council discussion) | N/A | Allow with disclosure |
QEMU demonstrates that good process doesn't guarantee good outcomes. You can have multiple revisions, mailing list discussion, and transparent decision-making — and still produce a flawed policy if everyone in the room shares the same blind spots.
What Would Better Governance Look Like?
If QEMU wanted to address AI concerns responsibly, they could have:
- Consulted AI researchers about how LLMs actually work and whether the "training data copying" concern is technically valid
- Sought legal counsel on DCO interpretation rather than making legal conclusions as engineers
- Distinguished use cases: autocomplete vs. generation, small suggestions vs. large blocks
- Studied other approaches: Apache Foundation's disclosure-based policy, Fedora's transparency requirements, Mozilla's responsibility framework
- Gathered evidence: has AI-generated code actually caused problems? For QEMU or anyone?
Instead, virtualization engineers debated among themselves about legal and AI matters they don't specialize in, reached consensus within their echo chamber, and called it a day.
Editorial: The Limits of Process
QEMU's AI ban is instructive precisely because the process was reasonable. This wasn't Gentoo's ideological crusade or NetBSD's bureaucratic fiat. Real engineers had real discussions and made real revisions.
And yet the outcome is still a blanket ban that:
- Makes no distinction between autocomplete and full generation
- Was decided without AI/ML or legal expertise
- Addresses theoretical risks with concrete restrictions
- Punishes honest contributors while being unenforceable against dishonest ones
- Contradicts the AI-friendly stance of the participants' own employer
The lesson isn't that process doesn't matter — it does. NetBSD's silent update was worse. But process alone isn't sufficient. Who participates matters as much as how they participate.
A room full of virtualization engineers will reach virtualization-engineer conclusions about AI policy. They'll focus on what they understand (DCO compliance, code provenance) and gloss over what they don't (how LLMs work, what modern development looks like, actual legal risk assessment).
QEMU needed voices in the room who could say: "Wait, have we actually talked to anyone who understands this technology?" Instead, they got consensus among the like-minded — the definition of an echo chamber, however well-organized.
References
- QEMU Code Provenance Documentation (Official)
- GitHub: QEMU AI Policy Commit
- qemu-devel: Patch v5 Discussion (Primary Source)
- qemu-devel: Patch v3 Discussion (Primary Source)
- qemu-devel: Berrangé's Original 2023 Proposal
- qemu-devel: "Start Strict and Safe" Rationale
- qemu-devel: Michael S. Tsirkin's Question About Expressive Code
- GitHub 2024 Open Source Survey (72% AI Usage Statistic)
- Shuji Sado: Lessons from QEMU's Ban Policy
- Lobsters Discussion
- Hacker News Discussion
- Daniel P. Berrangé - Red Hat Profile
- Red Hat: AI and Open Source Future (Official)
- Pivot to AI: Open Source Projects Reject AI Code