diff --git a/.bin/license-engine.sh b/.bin/license-engine.sh
index 832fa4d..f4eec1e 100755
--- a/.bin/license-engine.sh
+++ b/.bin/license-engine.sh
@@ -66,6 +66,13 @@ APPROVED_MODULES=(
 	'github.com/ory-corp/cloud/.*'                                                        # Ory IP
 	'github.com/golang/freetype/.*'                                                       # FreeType license: https://freetype.sourceforge.net/FTL.TXT
 	'go.opentelemetry.io/otel/exporters/jaeger/internal/third_party/thrift/lib/go/thrift' # Incorrect detection, actually Apache-2.0: https://github.com/open-telemetry/opentelemetry-go/blob/exporters/jaeger/v1.17.0/exporters/jaeger/internal/third_party/thrift/LICENSE
+	'go.uber.org/zap/exp/.*'                                                              # MIT license is in root of exp folder in monorepo at https://github.com/uber-go/zap/blob/master/exp/LICENSE
+	'github.com/ory/client-go'                                                            # Apache-2.0
+	'github.com/ian-kent/linkio'                                                          # BSD - https://github.com/ian-kent/linkio/blob/97566b8728870dac1c9863ba5b0f237c39166879/linkio.go#L1-L3
+	'github.com/t-k/fluent-logger-golang/fluent'                                          # Apache-2.0 https://github.com/t-k/fluent-logger-golang/blob/master/LICENSE
+	'github.com/jmespath/go-jmespath'                                                     # Apache-2.0 https://github.com/jmespath/go-jmespath/blob/master/LICENSE
+	'github.com/ory/keto/proto/ory/keto/opl/v1alpha1'                                     # Apache-2.0 - submodule of keto
+	'github.com/ory/keto/proto/ory/keto/relation_tuples/v1alpha2'                         # Apache-2.0 - submodule of keto
 )
 
 # These lines in the output should be ignored (plain text, no regex).
diff --git a/.bin/list-licenses b/.bin/list-licenses
index 91eca38..3e3833c 100755
--- a/.bin/list-licenses
+++ b/.bin/list-licenses
@@ -4,7 +4,16 @@ set -e
 # list Node licenses
 if [ -f package.json ]; then
 	if grep -q '"dependencies":\s+{[^}]*"[^"]+":' package.json; then
-		npm exec --yes license-checker -- --production --csv --excludePrivatePackages --customPath .bin/license-template-node.json | grep -v '^$'
+		# List all direct Go module dependencies, transform their paths to root module paths
+		# (e.g., github.com/ory/x instead of github.com/ory/x/foo/bar), and generate a license report
+		# for each unique root module. This ensures that the license report is generated for the root
+		# module of a repository, where licenses are typically defined.
+		go list -f "{{if not .Indirect}}{{.Path}}{{end}}" -m ... |
+			sort -u |
+			awk -F/ '{ if ($1 == "github.com" && NF >= 3) { print $1"/"$2"/"$3 } else { print } }' |
+			sort -u |
+			xargs -I {} sh -c '.bin/go-licenses report --template .bin/license-template-go.tpl {}' 2>/dev/null |
+			grep -v '^$'
 		{ echo; } 2>/dev/null
 	else
 		echo "No dependencies found in package.json" >&2