Providers of cloud-deployed software-as-a-service (SaaS) and platform-as-a-service (PaaS) solutions typically do not own all the intellectual property rights (IPRs) in their deployed technologies.
Cloud SaaS and PaaS providers often bundle together an assortment of software and services owned and licensed by third parties with their own proprietary code base, meaning that a complex tapestry of protective regimes and terms typically applies to a single SaaS offering.
Platform providers must therefore identify and work through, with each of their third-party licensors, the correct solutions for sub-licensing the IPRs of their third-party suppliers.
This post summarises the key issues covered in detail in our comprehensive white paper, “Third-party licensing in cloud SaaS: Critical considerations across SaaS licensing supply chains“, which is available for download here.
Benefit of licence restrictions
Cloud providers will typically only license their platforms or software for use by customers in the jurisdictions in which such IPRs will be used and in relation to specific business lines or activities.
Accordingly, providers must ensure that they themselves have the right to grant sub-licences in the relevant jurisdictions and for the relevant use cases, as granted by their third-party licensors, which can be less straightforward than it sounds in practice.
Open-source licensing traps
Another element that is often not considered by cloud providers is the onward licensing of open-source software (OSS).
Permissive OSS licences typically facilitate the underlying open-source code to be incorporated freely into derivative works without the need for end users or customers to be granted separate sub-licences or to gain any rights to the other proprietary code in the relevant derivative work.
Under the more restrictive or “copyleft” OSS licences, such as the widely used GPL licences, where the underlying OSS code is combined with a cloud provider’s proprietary code, the entire code base may become subject to the terms of the underlying open-source licence (including the cloud provider’s proprietary code).
Fintech sector considerations
In recent years, the UK’s Financial Conduct Authority and other financial sector regulators have increased their oversight of technology providers and expanded due diligence standards expected of authorised firms in relation to their procurement of critical technology.
Authorised firms are expected to have performed due diligence on their critical software providers’ third-party suppliers, which should include a clear understanding of the IPR licensing chains that run down into the end services and products they consume.
Our recommendations
We recommend providers perform one-off end-to-end licensing audits of their cloud-based solutions, backed up by any necessary renegotiation of third-party licences.
Ensuring that sub-licensing terms align correctly, from original IPR owner through to end user can help to avoid significant reputational damage and save precious time and resources.
Where third-party IPR indemnities are in place across multiple customers, licence chain audits can also result in a significant reduction in liability exposure without the need to renegotiate customer agreements.
This post is an extract from our comprehensive white paper, “Third-party licensing in cloud SaaS: Critical considerations across SaaS licensing supply chains“.
About Clearlake
Clearlake Law provides fractional general counsel services to organisations across multiple technology sectors doing business in the United Kingdom.
Please feel free to reach out directly to the author of this post, Dan Stanton, on dan.stanton@clearlake.law or 0204 570 8741.