With ever greater frequency open source software is becoming a topic at corporate acquisitions, and not only where the sale or acquisition of software enterprises is concerned. The freely accessible software entails hidden risks which need to be detected and taken into consideration during the IT due diligence prior to any contract conclusion.

Open source is everywhere

All enterprises use software. Using open source software (OSS) is an attractive option as it is free of charge, available to everybody, and commercial service providers can provide sup-port with respect to software maintenance and further development of OSS. Examples of OSS are the operating system Linux or the alternative to MS Office, Open Office. OSS is also used by software enterprises which develop software themselves:

As increasing number of developers are putting codes developed by them under an open source licence and therefore the source code, that is to say the version of a programme which people can read and edit, is disclosed and made available to free of charge, software enterprises can quickly and easily access existing OSS codes. Their own software can therewith be created quicker and cheaper.

However through the use of OSS the user, and therewith the enterprise, consents to the licence conditions applicable to the respective OSS. A common feature of open source licences is that enterprises may use OSS internally for their own purposes. Everything else is dependent upon the individual case; the number of licence models is end-less.

Some licences allow the user the full and unrestricted use of the OSS code. This is unproblematic, both for the tar-get enterprise as well as for a possible acquirer. Other licences - such as the most broadly distributed licence, the GNU General Public Licence, cf. http://www.gnu.org/ - attach the distribution software incorporating OSS code to certain duties, above all the obligation to likewise place own adaptations of the OSS code under the open source licence (so-called Copyleft). This means that the source code of software which has been created by a software enterprise using such OSS codes must usually be made freely available to all, unless it is only used internally. The basis for the commercial distribution of software developed on the basis of OSS code is therewith removed. If a business model is specifically aiming at distribution, this can have severe consequences for the software enterprise and a possible acquirer.

Clarify (intended) use

During the acquisition of a software enterprise, OSS should therefore be a topic of the IT due diligence. If it is known that substantial parts of the software used by the target enterprise are OSS, it should be clarified how the software shall be used and whether the use envisaged or possible by the acquirer in future is reconcilable with the applicable OSS licences.

However, uncertainty often exists at software enterprises as to whether or not respectively which OSS elements have been integrated into their own software products because the development lies far in the past and/or was not sufficiently documented. In this case, it is vital that the existing OSS be identified in order to create a basis for the legal examination of the licences. Scanner tools can help in this respect: they check software against all known OSS and as a result generate a list of the relevant licences.

However, this scan requires the source code which software enterprises are very reluctant to make available during due diligences, especially when the acquirer is a competitor. A compromise can be found in practice, for example, by having a service provider bound by a secrecy obligation conduct the scan as opposed to the acquirer itself.

Check US licences for German copyrights Licences established in this way can then be legally examined. Various problems arise in this respect. Firstly, many licences, including for example the GNU General Public Licence, originate from the USA. This makes their examination difficult against the back-ground of German copyright law. The mere translation of terms in an OSS licence may already be misleading if the underlying US copyright law concept is different to that of German copyright law. This makes it more difficult to interpret a licence. Secondly, OSS licences are frequently very complex and functionally difficult to access.

A further typical problem area is the use of OSS in a group with several companies. If one group company in-tends to make available a software containing OSS to other group companies, this intra-group transfer of soft-ware ought normally not to be under-stood as a distribution which triggers the duty to disclose the source code. Moreover, a further question which frequently arises is whether or not the obligation to disclose the source code is triggered by the provision of software by means of cloud computing. In this case, software is made available via the internet, i.e. the object code (ma-chine readable code) only runs on the server of the provider and is not accessible to the customer. Whether or not this is the case depends on the individual license. Many older open source licenses require the publication of the source code only in case the object code is copied and sold.

Corporate groups such as SAP, for which OSS is a central topic, have precisely defined strategies and processes for handling the topic OSS within the scope of corporate acquisitions. Be-cause of the far-reaching consequences, which the failure to consider the problems associated with the use of OSS can have on the business operations and their further development, other enterprises should also address this issue.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.