Audit provisions are a common feature of a wide range of IP and technology agreements. They can be seen by those seeking the audit right as a practical way to monitor key aspects of a commercial deal. Security standards being applied to data, accuracy of billing, compliance with licence restrictions or, in some cases, general compliance with the agreed contract are often the subject of audit rights.
The general compliance audit right seems useful on the face of it. But a recent English High Court decision illustrates that a broad audit clause can raise more questions than it answers.
The case, 118 Data Resource Ltd v IDS Data Services (2014 EWCH 3629 (Ch), involved 118 seeking an order from the court for specific performance of an audit clause. 118 had licensed a database to IDC for limited commercial use. The limitations included both restrictions on type of use and on the profile and number of sub-licensees.
IDS had agreed to permit any duly authorised representative of 118, on reasonable prior notice, to enter any of its premises where any copies of the licensed database were in use, for the purposes of ensuring the provisions of the contract between them were being complied with.
The decision was given by the court on application for summary judgement so it wasn't a full hearing on alleged breaches, which are subject to ongoing litigation. It should be considered in that context.
The court refused to give 118 the broad access it was seeking and interestingly made a few notable observations on the audit clause which can be applied to all audit clauses:
- Be explicit about who is entitled to access – there was a valid question here about whether "authorised representative" included employees. IDS argued it should be third party representatives only and there was sensitivity about employees getting access and seeing more commercially sensitive information than they should be. It was found there was nothing to limit the number of type of representative;
- Be clear about location of access – here there was inconsistency between the licence clause (which limited number of permitted copies of the database to one single copy) and the audit clause (which referred to access to any premises where "copies" are used). The court found that reference to "premises" was actually limiting what was to be inspected as much as the location of where the inspection could take place;
- Be clear about exclusions from audit scope – to help ensure an audit clause is effective, it is preferable to list the type of key information which isn't to be accessed, to avoid resistance to the whole audit later due to that one issue. Here the court suggested that unrelated commercially sensitive information and legally privileged information (in the context of the ongoing litigation) ought to be excluded and suggested that a better clause would have included such carve-outs;
- Be specific about the consequence of the audit – if a breach is found, it would be logical that obligations flow from that finding e.g. if materials are used outside scope of licence, they should be returned, if a breach is detected it should be rectified on time and at no cost. Here the court noted that the clause was silent on the consequences but couldn't imply terms as that would involve "substantially re-writing the parties bargain".
Of course, another key point to address (which didn't appear to be at issue in this case) is the cost of audit. Although in our experience, frequency, cost and business impact are less likely to get overlooked in audit negotiations.