News

Open source software: The importance of establishing an effective compliance system

05.04.2020

Open source software can save companies from having to constantly reinvent the wheel. Indeed, it is even provided free of charge. Cost efficiency and time savings are just two of the many reasons why more and more companies are relying on the use of open source software. However, the risks associated with the use of open source software are often underestimated. Waiving the levying of licence fees does not mean that the rights holder waives its rights. Failing to comply with licensing requirements can instead have serious consequences. Apart from the automatic withdrawal of the licence, there is the risk of facing legal action in the form of an injunction or payment of damages. In addition, open source software users may be obliged to pass on refinements to the software only free of licence fees and by disclosing the source code (known as the viral effect). For reasons of protecting investment and know-how, an efficient open source software compliance system is therefore essential.

Against this backdrop, it is surprising that there is a clear discrepancy between the use of open source software components in companies and the setup of open source software compliance systems. The traditional approach, where IT compliance only covers IT security and data privacy, no longer applies to the real situation in companies. As mentioned above, there are some not insignificant risks associated with the use of open source software. These must be mitigated with an efficient open source software compliance system, in order to benefit from the huge advantages of using open source software in companies.

Obligations when using open source software

Unlike proprietary software, open source software, the source code of which is freely accessible, can be freely used, reproduced and modified. However, this does not relieve the licensee of certain obligations, which occur especially in the case of the transfer of open source software in an unchanged or refined form. The licensee’s specific obligations depend on the licence terms. In general, a distinction is made between copyleft licences (with a strong or weak copyleft) and permissive licences. While copyleft licences normally require the licensee to also apply the original open source licence terms to new developments of the open source software, permissive licences allow the licensee to choose which licence terms it wants to apply to the new versions.

Structure of an open source software compliance system

An open source software compliance system can be based on an open source software compliance policy. This is aimed at the employees of the relevant company and governs the handling of open source software components. The content of such a policy depends to a large extent on the field of activity of the company concerned. Possible subjects of provisions are the presentation of the different types of licence, the obligations arising from them and the consequences in the event of a licence infringement. In addition, clear guidelines for dealing with open source software components must be included. In this respect, differentiation according to the various fields of application, such as purchasing, development and sales, can be useful.

It is also advisable to set up a central body to decide on the use of open source software components or the choice of the right licence in borderline cases. The advantage of such a decision-making body lies first of all in the concentration of internal know-how. Furthermore, it can serve as a point of contact for staff. Besides, solidly anchoring such a body in the compliance process opens up the possibility of continuously monitoring the functionality and effectiveness of the compliance system.

In addition, it is recommended that staff training be conducted to raise awareness of the relevance of licence compatibility among employees who come into contact with open source software. The use of open source scanners as an additional tool is to be considered. Such programs allow software to be checked for open source components. This addresses the common problem that companies are often unaware of which open source software they are actually using.

In order to leverage the enormous potential of using open source software, it is therefore advisable for companies to establish an effective compliance system. In this way, the protection of know-how and industrial secrets is guaranteed while minimising liability risks.

Contact

Thomas Thalhofer
Thomas Thalhofer+49 89 28628238
Marieke Merkle
Marieke Merkle+49 89 28628227

Digital Business
IT & Outsourcing
Compliance & Investigations

Share

Show all

Insights

hands bridge with pulse
News

EU merger control: European Commission takes stricter action against submission of incorrect, incomplete and misleading information

02.05.2024
focus with pulse
News

Role of the DMA for app developers

30.04.2024
glowing light spiral
News

Supply chain compliance: CSDDD and EU Forced Labour Regulation coming soon

26.04.2024
hand touching led wall screen
News

Data Compliance Governance

16.04.2024
compass with pulse
News

Data Act – Scope, Impact, Implementation

16.04.2024
telescopes with pulse
News

Digital Markets Act: European Commission opens investigations against Alphabet, Apple and Meta

28.03.2024
bridge river with pulse
News

CSDDD update: Breakthrough in European Corporate Sustainability Due Diligence Directive (CSDDD)?

21.03.2024
EU Flag with Pulse
News

Digital consumer protection: current case law and European legislation

04.03.2024
container storage port
News

Update Commercial 2024

01.03.2024