diff --git a/developer_manual/app/publishing.rst b/developer_manual/app/publishing.rst
index a5ea18309..2d456c982 100644
--- a/developer_manual/app/publishing.rst
+++ b/developer_manual/app/publishing.rst
@@ -41,12 +41,13 @@ These are the app guidelines an app has to comply with to have a chance to be ap
 Legal and security
 ^^^^^^^^^^^^^^^^^^
 
-* Apps can not use 'Nextcloud' in their name.
+* Apps must be licensed under AGPLv3+ or any compatible license.
+* Apps must not use 'Nextcloud' in their name.
 * Irregular and unannounced security audits of all apps can and will take place.
 * If any indication of malicious intent or bad faith is found the developer(s) in question can count on a minimum 2 year ban from any Nextcloud infrastructure.
    * Malicious intent includes deliberate spying on users by leaking user data to a third party system or adding a back door (like a hard-coded user account) to Nextcloud. An unintentional security bug that gets fixed in time won't be considered bad faith.
 * Apps do not violate any laws; it has to comply with copyright- and trademark law.
-* App authors have to respond timely to security concerns and not make Nextcloud more vulnerable to attack.
+* App authors have to respond timely to security concerns and not make Nextcloud more vulnerable to attacks.
 
 .. note:: Distributing malicious or illegal applications can have legal consequences including, but not limited to Nextcloud or affected users taking legal action.