Software license audits are on the rise. On January 27, 2012, the world's leading information technology research and advisory company, Gartner, released a survey showing that two-thirds of all companies have been subject to software auditing during the past 12 months.1 The number of companies not subject to regular auditing seems to get smaller and smaller each year and the odds of not facing number of auditing over a period of two to three years tend to zero. At the same time, the legal basis and limits of software audits are often unclear.2
The vast majority of software audit exercises end with the software vendor claiming that the customer is under licensed. As a consequence, the software vendor will typically request the payment of damages for unauthorized use of the respective software in the past and point to the need to purchase additional licenses and maintenance services going forward. Against the background of the economic impact of software license audits, the attention given to drafting audit clauses in license contracts is often insufficient. In fact, the best way to provide for an audit situation and avoid any disputes, and to also bring the interests of a software vendor and its customer in to balance, is a thoroughly drafted audit clause. The respective clause should at least address the following aspects:
- Rules of procedure: advance period of notice, auditing during regular business hours, overall length of audit, frequency between audits
- Auditor: self-audit by customer or external audit by software vendor or third party, skill level of auditor, maximum size of vendor-appointed team
- Methods and tools: clarification on how the license estate is measured, depending on the license model (e.g., system capacities, number of installations, type of users); potential limitation of audits to samples; usage of scan tools (self-provided by the customer or provided by the software vendor)
- Confidentiality: confidentiality provisions covering all relevant persons and actions (e.g., access rights to sites and systems)
- Stakeholder involvement: consultation with all relevant stakeholders (e.g., data protection officers/authorities, work councils)
- Commercial aspects: discount schemes (e.g., corporate or volume discounts) applicable in case the audit reveals the need for additional licenses; treatment of underlicensing for the past
- Dispute resolution procedure
An even better protection against unpleasant surprises in the course of software audits is, obviously, a properly defined and transparent license model and clause along with efficient license management. Typically, shortcomings in either of these areas will be punished on the occasion of an audit exercise.
- For instance, license clauses often neglect the issue of changes in the organization of the customer (e.g., those arising out of M&A or outsourcing activities). Also, the description of the license model, including how license consumption is measured, is often not transparent.3
- Next to a carefully prepared contract, the customer should set up a proper IT license management or software asset management system or should use a scan tool acceptable to the software vendor.
Finally, in the course of an audit, questions may arise as to the software vendor's performance of the audit is compliant with the relevant legal and contractual framework.4 If the software vendor acts beyond the scope of his audit rights, the customer will have to consider enforcing house rules and refusing an audit request.