Open Source – potential issues in corporate transactions (EN)
Many companies that develop technical products, especially software, but also hardware that embeds software, rely on open source. Done right, this is not a problem. It would often be a waste of resources not relying on some open source.
At a certain point in a company's lifespan, it may be relevant to conduct a due diligence on the company that has used open source. This may entail a review by external investors, and when the company is the target of a share or asset purchase, there will often be a process to verify that the use of open source is not a concern for the investor or purchaser.
Source code is a set of instructions to a computer, and such set of instructions is a computer program. If having the source code, one can correct errors in the program, change it, and commercialize it. Hence, the company typically wants to keep the source code as a business secret, to prevent third parties from doing changes or commercialize in competition with the company, or to provide the program at a lower cost.
Open source, on the other hand, is public; anyone can find it on the internet. However, those who wrote or own the original open source, have typically published certain conditions that must be complied with in order to legally use the open source – this is open source licenses. Several court cases conclude that such licenses are legally enforceable. The obligations arising out of the licenses may have commercial effects and are of great interest when assessing the value of the company.
The obligations on the company according to the licenses are typically one or more of the following:
1) Providing certain licensing information, including, e.g. attributions of copyright owners, disclaimers and so forth. This may have consequences for how the product using open source is built and offered to the market.
2) Making the open source code one has used available also for others. This may have consequences for how the product is marketed.
3) Making the source code of derived works available for others, subject to an open source license. This is normally not commercially acceptable, as it could result in unwanted competition, and reduce income and profits. Hence, when such an issue is identified in an open source review, the problematic open source parts of the software must normally be replaced.
The risk is that the owner of open source license discovers a license violation, and further that the owner in a matter of days could be awarded a preliminary injunction to have the target company immediately cease using the open source. This will have substantial commercial consequences for the company in question.
Furthermore, some products are of a type or distributed in a way so that changing the product to achieve compliance may take long time or be impractical. An example would be hardware embedding open source software that cannot be updated remotely, and instead needs to be physically recalled. Another example would be software that cannot be changed, without triggering a lengthy certification process, e.g. medical devices.
That said, rectification is in most cases not so difficult, and does not involve substantial costs that would impact the corporate transaction deal value. However, it is usually of interest to the investor to know about an open source issue prior to signing the transaction agreement, typically what it would take to remedy them.
One way to prevent open source problems is to have in place and follow an open source policy. We recommend drafting or verifying such policies. We also recommend confirming if in doubt as to whether an open source license raises any particular issues. It is wise to perform a review of a company's open source licenses before approaching investors. In this regard, it may also be relevant to review other matters related to intellectual property rights, e.g. commercial licenses for software used in products.