Software licensing compliance

Understanding software licensing

Software is protected as a "literary work" under the Copyright, Designs and Patents Act 1988. When you use, develop, or distribute software, you must comply with licensing terms that define how the software can be used, modified, and shared.

Software licensing affects your business in three main areas: software you use (inbound licensing), software you create (IP ownership), and software you distribute to customers (outbound licensing).

Open source licensing

Open source licences allow you to use, modify, and distribute software freely, but each licence type has different requirements:

• Permissive licences (MIT, Apache 2.0, BSD) - Allow you to use the code in commercial products with minimal restrictions. You typically must keep copyright notices and may need to include the licence text.
• Copyleft licences (GPL v2, GPL v3, AGPL) - Require that if you distribute modified versions, you must release your source code under the same licence. GPL v3 includes explicit patent grants.
• Weak copyleft licences (LGPL, MPL 2.0) - Allow linking to the library in commercial software without making your code open source, but modifications to the library itself must be shared.

The GNU General Public Licence (GPL) is the most used open source licence. A key feature is its "copyleft" provision, which means any modified versions of GPL-licensed software must also be released under the GPL.

Commercial software licensing

When licensing commercial software for your business or to customers, you must address:

• Grant of rights - Define whether the licence is exclusive or non-exclusive, transferable or non-transferable, and what uses are permitted
• Intellectual property ownership - Clarify who owns the software, modifications, and customer data
• Restrictions - Specify prohibited uses such as reverse engineering, sublicensing, or competitive use
• Licence scope - Single-user, multi-user/volume, or site licences with maximum user limits

SaaS terms and conditions

For Software as a Service (SaaS) businesses, your terms must comply with UK consumer and data protection law:

• Comply with the Consumer Rights Act 2015 for consumer contracts - software must be of satisfactory quality, fit for purpose, and as described
• Include UK GDPR-compliant data processing terms, clearly defining roles (controller/processor) and including a Data Processing Agreement where you process customer data
• Provide transparent auto-renewal and cancellation terms following CMA guidance - advance renewal reminders and simple cancellation routes
• Avoid unfair terms under the Unfair Contract Terms Act 1977 - liability limitations must be reasonable

The Competition & Markets Authority (CMA) actively scrutinises subscription services for "subscription traps" - hidden auto-renewals or difficult cancellation processes.

Licence compliance management

Mismanagement of software licensing can lead to legal issues, including prosecution for illegal software use. Best practices include:

• Maintain a Software Bill of Materials (SBOM) documenting all third-party components, versions, and licences
• Use automated software composition analysis (SCA) tools to identify open source components and licence conflicts
• Appoint a licence compliance officer to approve all software purchases and installations
• Check for licence conflicts - over half (53%) of audited codebases in 2024 contained conflicting licences
• Document all open source components and comply with attribution and notice requirements

Enforcement and penalties

Open source licence violations are enforceable. In February 2024, Orange S.A. was ordered to pay over €900,000 for violating the GNU General Public Licence (GPL).

For proprietary software, unlicensed use can result in civil claims for copyright infringement, injunctions preventing use, and damages claims.