I will say here something I have said and has proved unpopular before. The complexity is mainly something of scale. I would propose more permissive MIT style licensing for small companies, and something stricter for larger companies. It is hard to enforce (which was the main complaint I got), but it's not impossible and I think it is better than the current state of affairs.
Large companies will self-enforce, as they already do with GPL and "open" LLMs that are dual licensed by company size. Small companies don't care either way and are hard to enforce, so that works.
Any pointers to open/closed vendors and projects which use this kind of honor system?
EU CRA has "commercial use" definitions to differentiate OSS contributors and OSS consumers.
Not that I know of, but there are many subscription services that are based on institutional size / income, and they are more often than not self-certifying.
