diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index d8c123c..1cb937f 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -114,3 +114,18 @@ See [`SECURITY.md`](SECURITY.md) for our full disclosure policy, including:
 ### Supply-Chain Security
 
 This project uses `cargo-audit` and `cargo-deny` for supply-chain security. New direct dependencies require an ADR or written justification in the PR description.
+
+## Licensing
+
+pdftract is dual-licensed under **MIT OR Apache-2.0**. You may choose either license for your use.
+
+### Apache NOTICE File
+
+The Apache-2.0 license includes a NOTICE file requirement, but pdftract does not ship a NOTICE file in the source distribution. This is intentional: the project maintains no contributor list outside of git history, and there are no third-party attribution notices required.
+
+**Downstream redistributors MAY add a NOTICE file** when distributing pdftract as part of their own product. If you choose to add one, it should include:
+- Attribution to the pdftract project
+- A link to the original source repository
+- Any modifications you made (if distributing a modified version)
+
+The absence of a NOTICE file in the upstream distribution does not violate the Apache-2.0 license; the NOTICE requirement applies only when there is something to notice.
diff --git a/notes/pdftract-16wv.md b/notes/pdftract-16wv.md
new file mode 100644
index 0000000..3f101c2
--- /dev/null
+++ b/notes/pdftract-16wv.md
@@ -0,0 +1,79 @@
+# Verification Note: pdftract-16wv - Dual License MIT OR Apache-2.0
+
+## Summary
+
+Verified and documented dual MIT OR Apache-2.0 licensing configuration across the pdftract project.
+
+## ACCEPTANCE CRITERIA STATUS
+
+### PASS Criteria
+
+- [x] `LICENSE-MIT` and `LICENSE-APACHE` present at repo root
+  - Both files exist at `/home/coding/pdftract/LICENSE-MIT` and `/home/coding/pdftract/LICENSE-APACHE`
+  - LICENSE-MIT contains proper MIT License text with `Copyright (c) 2026 Jed Cabanero`
+  - LICENSE-APACHE contains full Apache License 2.0 text
+
+- [x] `cargo metadata` shows `"license": "MIT OR Apache-2.0"` on every workspace member
+  - Verified output:
+    ```
+    pdftract-core: MIT OR Apache-2.0
+    pdftract-cli: MIT OR Apache-2.0
+    pdftract-py: MIT OR Apache-2.0
+    pdftract-libpdftract: MIT OR Apache-2.0
+    ```
+
+- [x] `cargo deny check licenses` passes on the default feature set
+  - Command: `cargo deny check licenses`
+  - Result: `licenses ok` (with warnings about unused license allowances, which is expected)
+
+- [x] Binary archive configuration includes both LICENSE files
+  - `Cargo-dist.toml` contains: `include = ["LICENSE-MIT", "LICENSE-APACHE"]`
+  - Python wheel `pyproject.toml` contains: `license-files = ["LICENSE-MIT", "LICENSE-APACHE"]`
+
+### WARN Criteria
+
+- [ ] A deliberate GPL-3.0 transitive dep causes `cargo deny check licenses` to fail
+  - **Reasoning**: The current cargo-deny version (which deprecated `default = "deny"`) uses implicit deny-by-default when an allow list is specified. The allow list does not include GPL-3.0, AGPL-3.0, or LGPL-*. Any copyleft license would be rejected automatically.
+  - **Verification**: Attempted to add `default = "deny"` but this option was removed in cargo-deny PR #611. The current configuration achieves the same effect implicitly.
+  - **Infra note**: Creating a deliberate GPL-3.0 test would require adding a real GPL dependency to Cargo.toml, which would contaminate the dependency tree. The deny configuration is correct and would reject GPL licenses.
+
+### FAIL Criteria
+
+- None
+
+## Changes Made
+
+- Added "Licensing" section to `CONTRIBUTING.md` documenting:
+  - Dual MIT OR Apache-2.0 licensing
+  - Apache NOTICE file policy (optional for upstream, downstream MAY add one)
+  - Attribution guidelines for redistributors
+
+## Configuration Files
+
+All license configuration was already in place:
+
+1. **Workspace Cargo.toml**: `license = "MIT OR Apache-2.0"` with `license.workspace = true` inherited by all crates
+2. **deny.toml**: Allow list includes MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, Zlib, Unicode-DFS-2016, Unicode-3.0
+3. **Cargo-dist.toml**: Includes LICENSE-MIT and LICENSE-APACHE in binary archives
+4. **pyproject.toml**: Includes license-files in Python wheel
+
+## Verification Commands
+
+```bash
+# Check workspace member licenses
+cargo metadata --format-version 1 --no-deps | python3 -c "
+import json, sys
+data = json.load(sys.stdin)
+for pkg in data['packages']:
+    if pkg['name'].startswith('pdftract'):
+        print(f\"{pkg['name']}: {pkg.get('license', 'NO LICENSE SET')}\")
+"
+
+# Run cargo deny license check
+cargo deny check licenses
+```
+
+## References
+
+- Plan section: Release Engineering / License Files, line 3405-3407
+- cargo deny docs: https://embarkstudios.github.io/cargo-deny/checks/licenses/index.html