Guide
Software licensing compliance
Understand your legal obligations when using, developing, or distributing software - including open source licensing, commercial agreements, and intellectual property protection.
Understanding software licensing
Software is protected as a "literary work" under the Copyright, Designs and Patents Act 1988. When you use, develop, or distribute software, you must comply with licensing terms that define how the software can be used, modified, and shared.
Software licensing affects your business in three main areas: software you use (inbound licensing), software you create (IP ownership), and software you distribute to customers (outbound licensing).
Open source licensing
Open source licences allow you to use, modify, and distribute software freely, but each licence type has different requirements:
- Permissive licences (MIT, Apache 2.0, BSD) - Allow you to use the code in commercial products with minimal restrictions. You typically must keep copyright notices and may need to include the licence text.
- Copyleft licences (GPL v2, GPL v3, AGPL) - Require that if you distribute modified versions, you must release your source code under the same licence. GPL v3 includes explicit patent grants.
- Weak copyleft licences (LGPL, MPL 2.0) - Allow linking to the library in commercial software without making your code open source, but modifications to the library itself must be shared.
The GNU General Public Licence (GPL) is the most used open source licence. A key feature is its "copyleft" provision, which means any modified versions of GPL-licensed software must also be released under the GPL.
Commercial software licensing
When licensing commercial software for your business or to customers, you must address:
- Grant of rights - Define whether the licence is exclusive or non-exclusive, transferable or non-transferable, and what uses are permitted
- Intellectual property ownership - Clarify who owns the software, modifications, and customer data
- Restrictions - Specify prohibited uses such as reverse engineering, sublicensing, or competitive use
- Licence scope - Single-user, multi-user/volume, or site licences with maximum user limits
SaaS terms and conditions
For Software as a Service (SaaS) businesses, your terms must comply with UK consumer and data protection law:
- Comply with the Consumer Rights Act 2015 for consumer contracts - software must be of satisfactory quality, fit for purpose, and as described
- Include UK GDPR-compliant data processing terms, clearly defining roles (controller/processor) and including a Data Processing Agreement where you process customer data
- Provide transparent auto-renewal and cancellation terms following CMA guidance - advance renewal reminders and simple cancellation routes
- Avoid unfair terms under the Unfair Contract Terms Act 1977 - liability limitations must be reasonable
The Competition & Markets Authority (CMA) actively scrutinises subscription services for "subscription traps" - hidden auto-renewals or difficult cancellation processes.
Licence compliance management
Mismanagement of software licensing can lead to legal issues, including prosecution for illegal software use. Best practices include:
- Maintain a Software Bill of Materials (SBOM) documenting all third-party components, versions, and licences
- Use automated software composition analysis (SCA) tools to identify open source components and licence conflicts
- Appoint a licence compliance officer to approve all software purchases and installations
- Check for licence conflicts - over half (53%) of audited codebases in 2024 contained conflicting licences
- Document all open source components and comply with attribution and notice requirements
Enforcement and penalties
Open source licence violations are enforceable. In February 2024, Orange S.A. was ordered to pay over €900,000 for violating the GNU General Public Licence (GPL).
For proprietary software, unlicensed use can result in civil claims for copyright infringement, injunctions preventing use, and damages claims.
- MIT Licence compatibility
- Compatible with Apache, GPL, LGPL, and proprietary licences
- Apache 2.0 compatibility
- Compatible with MIT, GPL v3, LGPL v3, and proprietary licences (not GPL v2)
- GPL requirement
- Modified GPL software must be released as open source under GPL
- Licence conflict rate
- 53% of audited codebases (2024) contained open source with licence conflicts
- Consumer Rights Act protection
- Digital content must be satisfactory quality, fit for purpose, as described
-
Audit your software inventory
Create a complete inventory of all software used in your business - both commercial licences and open source components. Use automated SCA tools to generate a Software Bill of Materials (SBOM).
-
Review open source licences
For each open source component, document the licence type (permissive, copyleft, or weak copyleft) and ensure you comply with attribution, notice, and distribution requirements.
-
Check for licence conflicts
Identify any incompatible licences in your codebase. For example, combining GPL v2 code with Apache 2.0 code creates a conflict. Resolve conflicts by replacing components or obtaining exceptions.
-
Implement a software approval process
Require approval before any software purchase or installation. Prohibit employees from downloading non-approved software on work devices.
-
Draft compliant commercial terms
If you licence software to customers, ensure your licence agreement addresses grant of rights, IP ownership, restrictions, liability limitations, warranties, and UK GDPR data processing terms.
-
Review SaaS subscription terms
For SaaS businesses, ensure your terms include transparent auto-renewal practices, advance renewal reminders, simple cancellation routes, and comply with CMA guidance on subscriptions.
-
Maintain licence compliance documentation
Keep records of all software licences, purchase receipts, open source notices, and compliance checks. Update your SBOM whenever you add or update software components.