The importance of software compliance in digital transformation
Snapshot
- Harmonising a software portfolio is the first step for businesses going through digital transformation
- Companies need to structure their software licence agreements and implementation agreements to gain maximum flexibility and futureproof their businesses
- Software compliance can be challenging for businesses as, in addition to the licensing regime, the regulatory framework is rapidly developing
Digital transformation is much more than a buzzword: it is a prime focus for businesses across all sectors – and will continue to be so in an economic downturn, to create efficiency and unlock value.
Although business change is often unpredictable – as the recent global supply chain crisis and Covid-19 pandemic have shown – those that successfully deliver digital transformation can enjoy competitive advantage. However, with this transformation comes rapidly developing digital regulation and legislation that has particular implications for software compliance in terms of both software licensing and wider regulatory obligations.
Harmonising software portfolios from a compliance perspective
To carry out successful digital transformation projects at the pace required in today’s world, the first step for companies is to harmonise their software portfolio, which brings significant advantages from a compliance perspective. Disparate software architecture and legacy systems can make these projects extremely challenging to complete from both a technical and legal perspective, let alone at an acceptable pace. Software portfolios that are streamlined lead to more single sourcing (that is, one-provider strategies) and, therefore, dependencies. However, the risk of relying on a single provider must be acknowledged and managed; it is a trade-off for an otherwise harmonised software portfolio.
Although a company with a harmonised portfolio will use fewer software components, it will still face the challenge of managing its compliance with a range of international licensing requirements and regulatory obligations in a globalised economy. This is particularly so in the EU which is legislating to make compliance with certain software-related laws part of a company's core regulatory obligations, including the integrity of datasets, software updates and cybersecurity risk assessments.
Although these issues are on the horizon at EU level, as with many areas of digital regulation, individual jurisdictions are moving faster than larger regulatory blocs can.
For example, German law requires companies to have a clean software portfolio with clear rules and regulations on companies’ licence rights and restrictions. The Urheberrechtsgesetz (Copyright Act) stipulates that the copyright owner holds all rights to the software. It is therefore important that companies undertaking a digital transformation, and using third-party software to do so, ensure that they can use that software for the purposes that their digitalised business model will require.
Companies need to structure their software licence agreements and implementation agreements to gain maximum flexibility and futureproof their business against changes which might be required.
Open-source software licensing
Compliance concerns apply not only to “standard” software but also to more modern ways of software programming, such as the licensing of open-source software (OSS). The most important features of OSS are that it is open access to the source code and there is the possibility for anyone to change or improve the code, in each case with no consideration owed to the code's originator. The originator essentially grants a non-exclusive right of use to everyone.
However, free software licensing does not imply unfettered use. OSS usually contains a variety of licence provisions; for example, the requirement to cite the originator’s credentials within software using the code or the “copyleft” principle (the method of granting permission for anyone to use copyrighted property freely, with the same rights being preserved in derivative works).
Failure to comply with these provisions may not only give grounds for cease-and-desist orders or other injunctive relief but also be a fundamental breach of the conventions of the "open source" community and the code of conduct at the heart of the development industry.
The current hype around OSS compliance is driven partly by environmental, social and governance requirements, and also by a general trend towards open infrastructures and specific EU-wide and national level projects supporting OSS.
The EU is particularly focused on supporting interoperability between different technologies, including OSS. A harmonised approach has not yet been formally proposed, but, as is often the case, Member States are introducing their own requirements. For example, in Germany, there are discussions on making the use of OSS mandatory for public administration, which should remove barriers to integration and continued software development in the governance sector.
Risk of OSS non-compliance
Apart from the potential to paralyse a huge number of products (more than 50% of the software in today’s cars is OSS and each car has more software on board than the space shuttles), the risks associated with non-compliance with OSS licence requirements must not be underestimated. OSS noncompliance may lead to a breach of copyright law and in some jurisdictions could potentially lead to personal liability for directors if there is no process in place to ensure compliance.
So, while software compliance sounds dull, it is not to be underestimated both to avoid substantial risk and also to simplify and speed up digital transformation. It should therefore be at the forefront of any digital transformation strategy.