diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index cf7a1264..e9048fb0 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -38,6 +38,14 @@ jobs:
       - name: Check License Header
         uses: apache/skywalking-eyes/header@v0.6.0
 
+      - name: Install cargo-deny
+        uses: taiki-e/install-action@v2
+        with:
+          tool: cargo-deny@0.14.22
+
+      - name: Check dependency licenses (Apache-compatible)
+        run: cargo deny check licenses
+
       - name: Install protoc
         run: sudo apt-get update && sudo apt-get install -y protobuf-compiler
 
diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
index a8a6d538..a0669a75 100644
--- a/DEVELOPMENT.md
+++ b/DEVELOPMENT.md
@@ -104,6 +104,15 @@ cargo test --features integration_tests --workspace
 ```
 
 
+### License check (cargo-deny)
+
+We use [cargo-deny](https://embarkstudios.github.io/cargo-deny/) to ensure all dependency licenses are Apache-compatible. When present, configuration lives in a `deny.toml` file at the repo root and should enforce an Apache-compatible license policy.
+
+```bash
+cargo install cargo-deny --locked
+cargo deny check licenses
+```
+
 ### Formatting and Clippy
 
 Our CI runs cargo formatting and clippy to help keep the code base styling tidy and readable. Run the following commands and address any errors or warnings to ensure that your PR can complete CI successfully.
diff --git a/bindings/cpp/Cargo.toml b/bindings/cpp/Cargo.toml
index 0bbcbf0d..0b83de93 100644
--- a/bindings/cpp/Cargo.toml
+++ b/bindings/cpp/Cargo.toml
@@ -19,6 +19,7 @@
 name = "fluss-cpp"
 version = "0.1.0"
 edition.workspace = true
+license.workspace = true
 rust-version.workspace = true
 publish = false
 
diff --git a/bindings/python/Cargo.toml b/bindings/python/Cargo.toml
index ff4d687d..0a0daff9 100644
--- a/bindings/python/Cargo.toml
+++ b/bindings/python/Cargo.toml
@@ -19,7 +19,7 @@
 name = "fluss_python"
 edition = "2024"
 version = "0.1.0"
-license = "apache-2.0"
+license.workspace = true
 rust-version = "1.85"
 
 [lib]
diff --git a/crates/fluss/Cargo.toml b/crates/fluss/Cargo.toml
index 6b2707be..c9235940 100644
--- a/crates/fluss/Cargo.toml
+++ b/crates/fluss/Cargo.toml
@@ -17,6 +17,7 @@
 
 [package]
 edition = { workspace = true }
+license.workspace = true
 rust-version = { workspace = true }
 version = { workspace = true }
 name = "fluss"
diff --git a/deny.toml b/deny.toml
new file mode 100644
index 00000000..18ed5440
--- /dev/null
+++ b/deny.toml
@@ -0,0 +1,36 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+[licenses]
+allow = [
+    "Apache-2.0",
+    "Apache-2.0 WITH LLVM-exception",
+    "BSD-2-Clause",
+    "BSD-3-Clause",
+    "CC0-1.0",
+    "ISC",
+    "MIT",
+    "Unicode-3.0",
+    "Zlib",
+]
+
+exceptions = [
+    # open data licenses that SHOULD be OK
+    { crate = "webpki-roots", allow = [
+        "CDLA-Permissive-2.0",
+    ] },
+]
\ No newline at end of file