Thinking aloud here. Start by requiring that orgs get your permission via email to license your code. Over time, formalize the patterns in your approve/deny responses into an LLM-powered API which does an instant approve/deny, with a prompt you handcrafted and backtested based on real-world data. This could even work for e.g. Linux package installation: As a pre-install hook, a prompt asks the user what organization they work for (if any) and how they intend to use your code. Make it so users can still appeal a "deny" by sending you an email, but attempting to respond to the questions a second time with different answers violates the license [within a certain timeframe at least]. If other open source devs are also interested in this scheme, you could let them piggyback off of your infrastructure... answering your qs toggles a "virtue bit" which unlocks a bunch of "ethical packages", hosted in a dedicated repository to better track downloads. Support yourself by suing companies which violate your license terms.

Since organizations evolve over time, you could have a re-authorization flow every time your users want a major version update of your software.

A flaw in this proposal is that the very worst actors (scammers, black hats, etc.) are likely to be beyond the reach of the legal system in practice. Perhaps you could mitigate this a little bit by replacing Github Issues with a private support forum for trusted licensees.