We will track here amendments to this resource that reflect changes in law and practice.
A checklist that looks at the issues that a potential buyer of a software business should consider when undertaking due diligence to ascertain whether open-source software (OSS) has been used by the seller in the target business or by the target.
This checklist looks at the issues that a potential buyer of a software business should consider when undertaking due diligence to ascertain whether open-source software (www.practicallaw.com/7-506-8128) (OSS) has been used by the seller in the target business.
OSS is software provided under licence which grants certain freedoms to the licensee, but also imposes significant restrictions and obligations on the licensee. There are many different types of OSS licences which differ widely in clarity, length and legal effect but the most commonly used ones are the General Public Licence (www.practicallaw.com/1-506-8131) (GPL) and Lesser General Public Licence (LGPL) licences which adopt the principle of copyleft (www.practicallaw.com/6-506-8138), creating a chain of freedom to use the software without payment.
For more information on OSS see PLC IPIT & Communications, Practice note, Open-source software (www.practicallaw.com/6-376-6421).
Unchecked use of OSS may have a damaging impact on the business, including:
Failure to comply with copyleft terms, leading to action from the body who enforces the licence terms (see Practice note, Competition and regulatory issues in due diligence into software businesses: Acceptable litigation exposure (www.practicallaw.com/4-506-5824)).
Cost of remedial action resulting from a breach of an OSS licence.
Reputational damage through adverse publicity. This could potentially lead to compromised brand value.
External perception as disorganised or unprofessional.
Lost customer trust and disputes with customers who were expecting to get OSS-free software from you and their attendant time, effort and expense.
Supply-side disputes with OSS licensors and their attendant time, effort and expense.
Missed opportunities to exploit key markets exclusively and wasted resources. Proprietary software may become freely available to rivals unless a (usually expensive) non-OSS workaround can be found.
Poor management or housekeeping and the need for remedial action or unnecessary warranty or indemnity cover for a specific event, such as an investment round, initial public offering or trade or business sale.
Business continuity issues.
Non-compliance with regulatory requirements, where, for example, regulators assess operational risk relating to companies' IT operations.
Proper consideration of the OSS that is used in the target's key products is advisable so that the buyer can identify (to the extent that the target does not already know) what OSS is used by the target. An assessment can then be made of:
Where the OSS originates from.
What the OSS does.
Where or how the OSS is being used and re-used internally or distributed externally.
The terms of OSS licences and whether the target is able to use the OSS in an unfettered manner or whether there are conditions on use. For example, to include copyright notices or attributions or (more importantly) to make the source code available if a derivative work is created and distributed by the target (see Practice note, Competition and regulatory issues in due diligence into software businesses: Acceptable litigation exposure (www.practicallaw.com/4-506-5824)).