This article concludes our four-part series on open content licensing, particularly the copyleft regime under Version 2 of the GNU General Public Licence (GPL). In addition to the copyleft considerations discussed in previous instalments, other legal risks are associated with open source licensing in general, and with the GNU GPL, in particular. This article discusses those risks.
McCarthy Tétrault Notes:
Previously, we discussed the loss of the proprietary character of a software product that has been combined by its owner with an open source product having copyleft requirements. However, the copyleft problem may also arise in circumstances where proprietary software licensed from a third party has been improperly combined with open source software. This will lead to potential liability under the terms of the third-party licence in question. Verifying proper use of open source products in the face of licensed proprietary software has become an increasingly common component of intellectual property (IP) due diligence in large-scale corporate, commercial and financing transactions.
Open source development often occurs with a multitude of contributors who may work without central direction or control. As development contributions are made over time, the likelihood of encountering potentially misappropriated or infringing elements of code increases. For that reason, open source products are thought to carry a higher risk of infringement than commercial software.
When coupled with the typical lack of warranty protection related to such software, the decentralized development practices associated with open source software add operational risk to an acquisition involving software assets affected by open source software components. This is because of a perceived higher exposure to liability for deficiencies in the functionality and performance of open source software.
Both the IP infringement risks and the risks of software defects associated with open source software are addressed, in practice, by way of specific indemnities from a vendor or borrowing party for the business or assets involved.
Unlike many other transactional risks that appropriate representations and warranties can address, the typical approach of vendor’s or borrower’s counsel is to exclude open source components from the representations and warranties involving IP and product performance once the purchaser’s or lender’s due diligence confirms the use of open source software. This exclusion necessitates the introduction of special stand-alone indemnities to address the risks in question. The usual indemnification provisions, on the other hand, are based entirely on the occurrence of losses incurred as a result of an inaccurate or untrue representation or the breach of an express contractual warranty.
Thus, when the typical array of representations and warranties found in transactional agreements ordinarily is modified by vendor’s or borrower’s counsel to exclude open source software from their ambit, any existing global indemnification provisions related to those representations and warranties are rendered ineffectual in seeking to address the risks of using open source software.
Another set of practical issues with open source software in the context of corporate and commercial transactions relates to proper compliance with the terms and conditions of the GNU GPL. For instance, Section 1 of the licence requires that an appropriate copyright notice and disclaimer of warranty be provided conspicuously on each copy of the licensed open source software that is distributed. Section 1 also mandates that a copy of the licence terms be provided along with each distribution of the licensed program.
As with any other material agreement encountered in the context of a transaction involving a target technology business or its assets, verifying compliance is an expected part of a purchaser’s or financing party’s transactional due diligence. With the increasing prevalence of open source products in business, this practice has now been extended to assessing the specific concerns involving compliance with open source licensing terms such as those mentioned above in relation to the GNU GPL.
Lastly, transactional risks involving open source products can arise on the basis of whether various open source components encountered in a target’s commercial products are procured from compatible licensing models.
Compatibility concerns arise whenever two open source licences that are applicable to a given software product contain provisions that are inconsistent with each other, such that it is impossible to satisfy the requirements of both licences at the same time. The simplest example of this begins with the consideration that the terms of the GNU GPL require any resulting product that incorporates GNU GPL licensed code to itself be made subject to the GNU GPL as a whole. If such code is combined with other open source code whose licence does not permit for migration to another licensing model (e.g., by also requiring a copyleft treatment of any resulting combined work), then the two licensing models are incompatible with each another and a breach of either or both licences may result. Where warranted by materiality considerations, verifying open source licensing compatibility is also an emerging aspect of purchaser or lender due diligence in large-scale business transactions.
While associated with many recognized benefits and opportunities, we have seen that open source software also brings some material legal risks, especially the imposition of copyleft obligations on proprietary software that has been inappropriately combined with existing open source components.
The ever-increasing adoption and acceptance of open source and open content licensing by corporations involved in the production and dissemination of technology and other creative content means that legal practitioners will encounter questions and challenges relating to open content licensing with far greater frequency when advising clients who are contributors, users or transacting parties in respect of open content material.