Software vendors worldwide undertake compliance/audit/anti—piracy activities to protect their intellectual property (IP).
Gartner has forecasted a 68% probability of an organization being audited by at least one of the five most aggressive software vendors in a 12-month period. Therefore, it is critical for organizations to develop internal controls over the use of software to protect themselves against unbudgeted financial outflows resulting from a vendor audit. Public disclosure of adverse findings during a software vendor audit or subsequent regulatory action carries an additional reputational risk.
The question that organizations often ask is two-fold: (1) What gives a software vendor the right to audit? and (2) Is there a way to avoid such an audit? We evaluate provisions included in license agreements allowing publishers to conduct audits as well as country-specific laws around software piracy.
Software license agreements
Although the licensing metrics and the terms and conditions of the use of software vary widely by software vendor, the audit clauses are largely consistent and include the following:
- Right to initiate license compliance verification within 15/30 days from date of notification
- Authorization to inspect the customer’s facilities and computers to verify usage of software, serial numbers etc.
- Right to inspect the customer’s internal records for software license procurement, contracts, usage etc.
- Right to request for specific reports from the system
- Remedies for non-compliance making it mandatory to procure additional licenses to cover unlicensed usage, cost of conducting audit and other damages/penalties etc.
- Right to recover audit fees from the customer in case audit findings highlight non-compliance beyond a threshold
The audit action initiated by software vendors is supported by the IP regulations enacted by different countries:
Country-specific software piracy laws
Several countries have enacted laws that enable software publishers to protect their IP against software piracy.
- India: The Copyright Act, 1957 was amended in 1994 to include protection of computer programs. As per section 63B of the Act, the use of a counterfeit copy of software attracts a minimum mandatory sentence of seven days’ imprisonment extendable to up to three years and a fine of up to INR200,000. The law allows for conducting search and seizure operations as well as provisions for civil action against the infringer of computer programs2.
- The US: The US copyright law allows software vendors to recover actual damages from the party using counterfeit software or alternately statutory damages to the tune of US$25,000 per violation. Additionally, where the copyright owner sustains the burden of proving copyright infringement and the court finds that the infringement was committed willfully, the court in its discretion may increase the award of statutory damages to US$150,0003.
In addition, several states of the US have recently enacted the Unfair Competition Act, permitting the US Government to take action against foreign competing producers that are found to use illegal IT software in their production processes. The action may include sanctions such as import bans. Based on independent studies of software piracy rates and share of exports to the US, countries such as China, India, Indonesia and Thailand have the highest exposure risk to the impact of the legislation4.
- Australia: Creating counterfeit copies of software by organizations with the intention of obtaining commercial advantage attracts penalties/fines of up to AU$467,500 or up to five years of imprisonment as per the Australian copyright law5.
- China: The State Council has established Regulations on Protection of Computer Software under Decree No. 339 of the State Council of the People’s Republic of China. Article 24 of Decree 339 allows for a maximum fine of CNY50,000 (~US$8,000) for unauthorized use of software. In addition, the copyright owner can file legal proceedings against the infringer of IP or apply to the People’s Court in accordance with Article 49/50 of the Chinese copyright law6.
- Fine of up to RUB500,000 (~ US$8,500) or
- Imprisonment of up to 6 years or
- Double the amount of the actual cost charged by the software publisher against each counterfeit software instance7.
Growth in cloud-based licensing models and subscription licensing is expected to bring down software piracy; however, cloud and subscription sales still constitute a small proportion of the total revenues of software vendors. Till the time on-premise software licenses are consumed by customers, software vendors will take the required action to protect their IP through licensing audits.
- Survey analysis: Software License Audit Surveys Show Shift in Focus and Intensity in 2014.
- “Indian Copyright Act, 1957,” Indian government website, http://copyright.gov.in/documents/copyrightrules1957.pdf, accessed 28 August 2017.
http://ww2.bsa.org/country/News%20and%20Events/News%20Archives/global/05252016-GSS.aspx, accessed 28 August 2017.
- “Copyright law of the United States,” Copyright.gov, https://www.copyright.gov/title17.
- “United States’ Unfair Competition acts and software Piracy,” United Nations ESCAP website, http://www.unescap.org/sites/default/files/polbrief38.pdf, accessed 28 August 2017.
- “Penalties for illegal software,” BSA website, http://ww2.bsa.org/country/Anti-Piracy/Know%20the%20Law.aspx, accessed 31 August 2017.
- “Copyright Law of the People’s Republic of China,” World intellectual property worldwide website, http://www.wipo.int/wipolex/en/text.jsp?file_id=186569, accessed 31 August 2017; “Regulations on computer software protection,” World intellectual property worldwide website, http://www.wipo.int/edocs/lexdocs/laws/en/cn/cn002en.pdf, accessed 31 August 2017.
- “Copyright protection in Russia,” BSA website, http://ww2.bsa.org/country/Anti-Piracy/Know%20the%20Law.aspx, accessed 31 August 2017.