Technology Archives - Marcus Andreen

Archive for the ‘Technology’ Category

Smart legal contracts – the Law Commission’s advice to the Government

10/12/21 – On 25th November 2021, the UK Law Commission published its advice to the Government on smart legal contracts. The advice expands on the UK Jurisdiction Taskforce’s legal statement on cryptoasset and smart contracts – see my post here.

The Law Commission concludes that current legal principles can be applied to smart contracts in much the same way as traditional contracts, with relatively minor developments required in certain contexts. It does, however, identify two specific problem areas that will require further work: the execution of deeds, and determining the geographical location where smart contracts are formed or breaches are committed (and therefore which jurisdiction’s laws apply), particularly where the smart contract concerns a digital asset.

This article considers some of the key observations and findings set out in the Law Commission’s advice.

1. What is a ‘smart legal contract’?

Considering the generally accepted definition of a smart contract as a computer program which run automatically, in whole or in part, without the need for human intervention, the Law Commission suggests that where a smart contract is used to define and perform legally binding contractual obligations it is helpful to refer to it as a ‘smart legal contract’. The Law Commission then defines a smart legal contract as ‘a legally binding contract in which some or all of the contractual obligations are defined in and/or performed automatically by a computer program’, and divides smart legal contracts into three different types, depending on the role played by the computer program code, i.e. the degree of automation of the performance of the contract:

Natural language contract with automated performance
Hybrid contract
Solely code contract

The Law Commission suggests that: ‘Automation should be considered on a spectrum. Smart legal contracts which involve elements of standard automation, such as payment by way of direct debit, have been in use for many years and are therefore unlikely to give rise to novel legal issues. However, a smart legal contract drafted primarily or solely in code […] is likely to give rise to novel legal questions; the automation in question takes the contract out of the realm of legal familiarity‘.

Although it had originally suggested (in its call for evidence) that a smart legal contract must, by definition, be deployed on a distributed ledger technology (DLT) system, the Law Commission has decided that DLT should not be an essential feature, and that a better approach is for smart legal contracts to be technology neutral.

2. What are the legal issues with smart legal contracts?

As stated, natural language contracts with automated performance via code have been in existence for a long time, and do not raise any new issues. However, where the terms of the contract are written in code, whether partly or wholly, new challenges arise in relation to contract formation, interpretation and remedies.

The Law Commission believes that contract terms expressed in computer code can, and should, be ‘susceptible to contractual interpretation‘. It suggests that the appropriate test should not be the traditional ‘what a reasonable person would understand the (coded) terms to mean, having all the background knowledge’ test, but instead a ‘what a person with knowledge and understanding of code would understand the coded terms to mean’ test – what the Law Commission calls the ‘reasonable coder‘ test. The court should ask what a person with knowledge and understanding of computer code what they understand the coded terms to mean, similar to the way that a court would ask for expert evidence in the case of a contract written in a foreign language.

The Law Commission also suggests that there is an increased risk of disputes during the lifecycle of a smart legal contract, given the likelihood of code performing ways that that the parties did not intend or expect, as well as other risk factors such as inaccurate input data, system upgrades, the code being hacked, and normal bugs and errors. The Law Commission notes that the usual legal remedy of rectification (where the court ‘corrects’ the terms of a contract) may in practice prove difficult to obtain where a computer program runs on an immutable DLT system.

3. How should businesses using smart legal contracts address these issues?

In Appendix 3 of its advice, the Law Commission helpfully provides a (non-exhaustive) list of issues that parties proposing to enter into a smart legal contract may want to consider and provide for in their contract. These include:

Confirming the role of the code in the contract and, in particular, whether the code is intended to define contractual obligations or just perform the obligations. Where contractual terms are expressed in both natural language and in code, confirming which term takes precedence in the event of a conflict.
Using natural language aids to help with the interpretation, e.g. a business process document or term sheet, and/or a natural language explanation of the code, or natural language comments within the source code itself. Making it clear that the business process document or other explanation forms parts of the parties’ agreement so that the document or explanation can be used by the court when interpreting the contract.
To satisfy the Consumer Rights Act 2015 requirement that traders’ written terms are ‘transparent’ (i.e. ‘expressed in plain and intelligible language, and be legible‘) in B2C contracts, providing consumers with a clear and informative explanation of the code in natural language.
Allocating risk amongst the contracting parties in relation to the smart legal contract-specific risk factors mentioned in the previous section.
Incorporating a ‘kill-switch’ in the smart legal contract to enable suspension or termination of the performance of the code.

4. The problem areas

The Law Commission considers that further work may be needed to support the use of smart legal contract technology in following areas:

To be validly executed, the signing of a deed must be witnessed and attested. The Law Commission is unable to see how these requirements could be satisfied for deeds which are wholly or partly defined by code, although it acknowledges the possibility of technology being developed to enable a witness to record in a smart legal contract that they have observed the execution of the deed.
It may be difficult to determine the jurisdiction and applicable law for some smart legal contracts, particularly where the smart legal contract is defined solely in code or performed via the interaction of two or more computer programs. In addition, digital location, i.e. ascribing real-world locations to digital actions and digital objects, also presents difficulties for smart legal legal contracts, particularly when deployed on DLT system. The Law Commission strongly recommends that parties to smart legal contracts stipulate both their choice of law and jurisdiction.

The Law Commission has agreed to undertake a separate project considering the rules around conflict of laws in the context of emerging technology, including smart legal contracts, which is expected to begin in the middle of 2022.

5. Looking to the future

The Law Commission points out that smart legal contracts are already used to some extent in a number of sectors (including insurance, finance, DeFi, and peer to peer), but have the potential to revolutionise the way businesses engage across all sectors. It anticipates that the market will develop established practices and model clauses that parties can use for their smart legal contracts, and hopes that work in this area will be led by LawtechUK and the UK Jurisdiction Taskforce.

Posted in Technology, Updates | No Comments »

CJEU decides that downloaded software is a sale of goods, not services

23/10/21 – Back in 2013 The Software Incubator was appointed by Computer Associates as a sales agent to promote and market Computer Associates’ application service automation software, which was deployed by CA’s customers to manage applications across data centres. The software was downloaded by customers directly from Computer Associates’ servers, subject to a perpetual licence which restricted use to a specified territory and a maximum number of authorised users.

The relationship was short lived, and The Software Incubator’s appointment was terminated later in 2013. The Software Incubator claimed compensation from Computer Associates under the Commercial Agents (Council Directive) Regulations 1993 (“UK Regulations”), which provides that a ‘commercial agent shall be entitled to compensation for the damage he suffers as a result of the termination of his relations with his principal’ (Section 17(6)). The UK Regulations define “commercial agent” as a ‘self-employed intermediary who has continuing authority to negotiate the sale or purchase of goods on behalf of another person’, but then does not provide a definition of “goods”. As you have probably already guessed, The Software Incubator and Computer Associates had different views on whether the software promoted by The Software Incubator constituted goods for the purposes of the UK Regulations, and the dispute ended up in court.

In 2018 the Court of Appeal decided, in part, in favour of Computer Associates. The Software Incubator appealed to the Supreme Court, which then referred the issue to the Court of Justice of the European Union (CJEU). In short the question for the CJEU was: Does the the supply of computer software to a customer by electronic means, together with the grant of a perpetual licence, constitute a “sale” of “goods” within the meaning of article 1(2) of the Commercial Agents Directive (Council Directive 86/653/EEC), being the original EU Directive that was implemented by the UK Regulations?

CJEU decision

The CJEU decided that:

the term “goods” could cover computer software, since software has a commercial value and was capable of forming the subject of a commercial transaction, and it was irrelevant whether the software was supplied on a CD ROM or tangible medium, or by electronic download; and
the making available of a copy of the computer software and the conclusion of a user licence agreement for that copy which entitles use of the software for an unlimited period, in return for payment of a fee, results in the transfer of the right of ownership of that copy, and therefore constitutes a “sale”.

Accordingly, the supply by Computer Associates of its software to a customer by electronic download, together with the grant of a perpetual licence constituted a “sale of goods” for the purposes of the UK Regulations, entitling The Software Incubator to compensation for termination of its sales agent appointment.

Because the question was referred to the CJEU before Brexit, the CJEU’s decision is binding on the Supreme Court.

Comment

The CJEU decision is clearly good news for sales agents which promote the supply of perpetual software licences, and probably fixed term software licences where the term is at least equal to the software’s expected economic lifespan. Less good news for software vendors, who may want to review existing arrangements with their agents and tread carefully if looking to terminate the relationships. More generally it remains to be seen to what extent the UK courts will have regard to the decision when considering the issue of whether software should be considered to be goods or services (or neither) in other contexts, particularly sale of goods legislation.

Tags: cjeu, commercial agents, computer associates, sale of goods, software, software incubator
Posted in Technology, Updates | No Comments »

UKJT’s Digital Dispute Resolution Rules

26/05/21 – The UK Jurisdiction Taskforce (UKJT) received extensive and overwhelmingly positive publicity for the Legal Statement on the Status of Cryptoassets and Smart Contracts that it published in December 2019 – you can read more about the Legal Statement here.

On 22nd April 2021 the UKJT published its Digital Dispute Resolution Rules (Rules) which:

Give legal effect to automatic dispute resolution processes incorporated into digital asset systems, and
Create a streamlined arbitration process to ensure prompt and cost-effective resolution of disputes arising out of digital technologies such as smart contracts, cryptoassets and cryptocurrencies, as well as DLT-based contracts (think blockchain) where there the parties in dispute may have transacted anonymously.

Key features of the Rules:

Automatic dispute resolution processes: If a digital asset system includes an automatic dispute resolution process (aka ‘on chain’ resolution), then incorporating the Rules into the system will result in an outcome of the automatic dispute resolution being legally binding on the parties.
Incorporation: The parties can agree that the Rules will apply either before or after a dispute has arisen. The Rules can be incorporated (including in electronic or encoded form) into any relevant contract or digital asset/system by using the following text: ‘Any dispute shall be resolved in accordance with the UKJT Digital Dispute Resolution Rules’. The parties can also include their preferences, including arbitration or expert determination, procedure to be adopted, and identity (or key characteristics) of the arbitrators and/or experts.
Starting proceedings: The claimant starts proceedings by giving a notice of claim to the respondent and the Society for Computers and Law (‘SCL‘). The notice may, among other things, include a proposal regarding the way the dispute should be managed.
Responding to proceedings: The respondent then has three days to send an initial response to the notice of claim. Among other things the initial response may include comments on the claimant’s proposal for managing the dispute.
Arbitrators and experts: On receipt of the initial response, the SCL appoints the tribunal of arbitrators and any experts. Although the SCL will have regard to the parties’ preferences regarding procedure and identity of the arbitrators etc, it is not bound by those preferences. Similarly, although the tribunal of arbitrators has regard to the parties’ preferences regarding procedure, it is not bound by those preferences, and is free to adopt whatever procedure it considers appropriate, without any requirement for disclosure, witness evidence, expert evidence, or even an oral hearing.
Anonymity: Unless the tribunal considers that disclosure of the parties’ names is necessary for fair resolution of the dispute or effective enforcement of any order, or disclosure is required by law, the tribunal will respect any agreement of the parties that they are to remain anonymous to each other (but not to the tribunal).
Determination of dispute: Unless a different period has been agreed, the tribunal will use best endeavours to determine the dispute within 30 days. Yes, 30 days. Except in the limited circumstances set out in the Arbitration Act 1996, the tribunal’s decision is final and binding, i.e. there is no automatic right to appeal.
Digital assets: To help it to implement or enforce its decision, the tribunal has the right to operate, modify, sign or cancel any digital assets relevant to the dispute using any digital signature, cryptographic key, password or other control mechanism available to it, or to order a party to the dispute to do so.

Since their publication a few weeks ago, the reaction has been largely favourable, with praise for the simplicity, flexibility, speed and certainty of the Rules. Whether the positive initial reaction now translates into broad uptake by participants in the new digital technologies remains to be seen.

Posted in Technology, Updates | No Comments »

Overview of the European Commission’s proposed AI regulation

26/04/21 – The European Commission aims to turn the EU into ‘the global hub for trustworthy Artificial Intelligence (AI)’. With that objective in mind, on 21^st April 2021 the Commission published its Proposal for a Regulation on a European approach for Artificial Intelligence.

Very interesting, I’m sure. But presumably not relevant to those of us who are no longer in the EU? Or to those of us who aren’t building robots to conquer the human race, haha?

On the EU point, the regulation applies to both EU and non-EU providers who market or deploy AI system in the EU, all users of AI systems in the EU, as well as providers and users of AI systems that are located outside the EU but where the outputs of the AI systems are used in the EU. In other words, the regulation potentially extends far beyond the EU’s borders.

And for the Asimov fans out there, the regulation’s definition of ‘AI system’ is perhaps a little disappointing: ‘software that is developed with one or more of the techniques and approaches listed in Annex I and [which] can, for a given set of human-defined objectives, generate outputs such as content, predictions, recommendations, or decisions influencing environments they interact with’.

Annex I in full:

‘(a) Machine learning approaches, including supervised, unsupervised and reinforcement learning, using a wide variety of methods including deep learning;

(b) Logic- and knowledge-based approaches, including knowledge representation, inductive (logic) programming, knowledge bases, inference and deductive engines, (symbolic) reasoning and expert systems;

(c) Statistical approaches, Bayesian estimation, search and optimization methods.’

Ah I see what you mean. So what do I need to know?

Well, the proposed regulation runs to 107 pages (not including the Annexes), so there’s quite a bit to digest. But by way of an overview:

Timing. The regulation will now be reviewed and debated by the European Parliament, and then by the Council of Europe. Given the subject matter, the regulation is also likely to generate extensive comments from AI providers and other interested parties. Once adopted by the Commission, the regulation is then subject to a 24-month grace period before it applies fully (Article 85(2)). Being realistic we’re looking at go-live in 2023, and very possibly 2024.
Risk-based approach. The regulation takes a risk-based approach, with AI systems falling into one of three categories: prohibited AI practices, high-risk systems, and lower-risk systems.
Prohibited AI practices. The regulation prohibits four specific practices involving AI (Article 5):
1. Marketing or deploying AI systems that ‘deploy subliminal techniques beyond a person’s consciousness’ in order to distort their behaviour in a way that causes or may cause harm.
2. Marketing or deploying AI systems that exploit vulnerabilities due to age, physical or mental disability in order to distort someone’s behaviour in a manner that causes or may cause harm.
3. Marketing or deploying by public authorities AI systems that evaluate or classify the trustworthiness of people with a social score (social scoring).
4. Use of ‘real-time’ remote biometric identification systems (e.g. facial recognition systems) for law enforcement purposes, with broad exemptions for certain criminal justice-related purposes. Biometric testing is likely to be one of the more controversial aspects of the regulation; the European Data Protection Supervisor (EDPS) has already issued a press release criticising the Commission for not adopting a stricter approach.
High-risk systems. The regulation specifies two categories of high-risk AI systems:
1. The first category consists of AI systems used as safety components of products, or AI systems which are themselves products, that are regulated under the ‘New Legislative Framework’ legislation listed in Annex II to the regulation, e.g. toys, medical devices, motor vehicles, gas appliances etc. Checking that these AI safety components, or AI systems, comply with the regulation (‘conformity assessments’) will be incorporated into the existing third-party compliance and enforcement mechanisms for the relevant products.
2. The second category are stand-alone AI systems that the Commission considers have ‘fundamental rights implications’. These are listed in Annex III to the regulation, and include AI systems used for:

- - - - biometric identification (to the extent not a prohibited AI practice).
      - management of road traffic and other critical infrastructure (water, gas, heating and electricity)
      - education and vocational training
      - recruitment and hiring of candidates
      - making decisions in connection with management and termination of workers

Stand-alone systems will be subject to conformity assessments, as well as quality and risk management systems and post-market monitoring. Following the conformity assessments, the AI systems must then be registered in a European Commission-managed database, to ensure public transparency and assist ongoing supervision.

Lower-risk systems. AI systems which are not prohibited or high-risk are subject to relatively light-touch regulation. There are no conformity assessment for lower-risk systems. And although all providers must inform individual users that they are interacting with an AI system (unless it is ‘obvious from the circumstances and the context of use’), there is no obligation for providers of lower-risk AI systems to provide information about the system’s algorithm or how it operates, as is the case for providers of high-risk systems.
Data governance. Providers of high-risk systems are required to adopt rigorous data governance and management practices in relation to training, validation and testing datasets to reduce the risk of potential biases and other inaccuracies.
Sandboxes. The regulation encourages EU member states to establish sandboxes (i.e. controlled environments) to enable providers to test innovative technologies on the basis of an agreed testing plan, and to reduce the regulatory burden (including conformity assessment fees) for SMEs and start-ups.
Penalties. For corporate providers of AI systems there are three levels of fines:
1. Non-compliance with Article 5 (prohibited AI practices, see para 3 above) or Article 10 (data governance, see para 6 above) is subject to a fine of up to €30,000,000 or 6% of total annual worldwide turnover, whichever is the higher.
2. For non-compliance of any other provision of the regulation, up to €20,000,000 or 4% of total annual worldwide turnover, whichever is the higher.
3. For the supply of incorrect, incomplete or misleading information to regulatory bodies, up to €10,000,000 or 2% of total annual worldwide turnover, whichever is the higher.

I see what you mean about quite a bit to digest. Anything I need to do now?

Although the regulation is likely to be subject to various changes over the next few months – particularly in the areas of biometric testing and social scoring – the fundamental principles are unlikely to change. So if you’re involved with the development, marketing, sale or distribution of software that constitutes a high-risk AI system then you may want to start thinking about how the regulation will impact areas such the accuracy of your datasets, risk of bias, and algorithmic transparency.

Tags: AI, artificial intelligence, brexit, EU, machine learning, ML
Posted in Technology, Updates | No Comments »

Who owns the copyright in software created by your employees?

12/03/21 – In accordance with the Copyright, Designs and Patents Act 1988 where any work “is made by an employee in the course of his employment, his employer is the first owner of any copyright in the work, subject to any agreement to the contrary”. (more…)

Tags: CDPA 1988, copyright, employees, IP, MD5, penhallurick, software
Posted in Technology, Updates | No Comments »

Checklist: Service levels

Issues to consider when drafting, reviewing or negotiating service levels include:

Service levels

Are uptime service levels measured monthly, or over a different period? (A 99.9% uptime service level measured monthly allows for a single outage of approx. 43 minutes; measured quarterly, that increases to more than two hours.)
Are out-of-hours outages dealt with in the same way as outages during business hours?
What types of downtime excluded from the availability calculation, e.g. planned maintenance or Force Majeure events?
For response/resolution service levels, are different severities of fault subject to different service levels? Does a workaround constitute a resolution for the purpose of the service level?
Do the service levels apply from Day 1, or does the supplier have a grace period to allow the service to be ‘bedded in’?
Are there any ‘chronic’ service levels’, which if breached entitle the customer to terminate the agreement?

Service credits

If service credits are payable for breach of service levels, are the service credits subject to a cap? If a default results in breaches of multiple service levels, can the customer claim multiple service credits?
Does a service credit constitute the customer’s sole remedy, or is the customer able to claim against the supplier if its actual losses exceed the value of the service credit?
How and when does the customer claim service credits?

Tags: availability, chronic service level, service credit, service level, SLA, uptime
Posted in Commercial, Technology | No Comments »

AA v Persons Unknown – recovering Bitcoin ransom payments

10/02/20 – In AA v Persons Unknown [2019], the Commercial Court confirmed that cryptoassets such as Bitcoin can constitute property under English law, and are therefore capable of being subject to a proprietary injunction (i.e. a court order which prevents the defendant from dealing with the relevant property).

The judgment refers extensively, and gives considerable weight, to the UK Jurisdiction Taskforce’s recent Legal Statement on the Status of Cryptoassets and Smart Contracts – see my article on the UKJT Statement here.

Background

In October 2019, one or more hackers encrypted the IT systems of a Canadian insurance company with malware. In order to regain control of its IT systems, the insurance company paid the hacker(s) a ransom of 109.25 Bitcoins (approx. $950,000).

The insurance company’s cybercrime insurer traced the ransom payment to a Bitcoin wallet linked to and controlled by Bitfinex, a crypto exchange operated by two British Virgin Island entities. The insurer applied for a proprietary injunction to recover the 96 Bitcoins that remained in the wallet.

Judgement

Because proprietary injunctions can only be granted over property, the Commercial Court first had to consider whether Bitcoin constitutes a form of property. Although Bitcoin do not fit into either of the two conventional categories of property – ‘choses in possession’ or ‘choses in action’ – the Court reviewed the analysis of the proprietary status of cryptoassets in the UKJT Statement, and in particular the UKJT’s conclusion that, despite their “novel or distinctive features“, cryptoassets may be objects of property rights, and “[i]f it is necessary to classify it at all, then a cryptoasset is best treated as being another, third kind of property” (UKJT Statement, para. 86(a)). The Court agreed with this approach, adding that “it is fallacious to proceed on the basis that the English law of property recognises no forms of property other than choses in possession and choses in action“.

Having confirmed that Bitcoin constitutes property, the Court granted the proprietary injunction.

Tags: Bitcoin, blockchain, cryptoassets, cryptocurrencies, distributed ledger technology, DLT
Posted in Technology, Updates | No Comments »

UKJT’s Legal Statement on the Status of Cryptoassets and Smart Contracts

04/12/19 – Prompted by a perceived need to provide legal certainty and market confidence in distributed ledger technology (DLT) and smart contracts, the UK Jurisdiction Taskforce (part of the LawTech Delivery Panel) published a Legal Statement on the Status of Cryptoassets and Smart Contracts on 18 November 2019. The Statement follows on from a consultation launched on 9 May 2019.

Cryptoassets

In relation to cryptoassets, the UKJT’s main conclusions are:

Cryptoassets should be treated in principle as property under English law because:
- cryptoassets have all the key characteristics of property – “… definable, identifiable by third parties, capable in its nature of assumption by third parties, and […] some degree of permanence or stability” (para. 39), and
- none of the distinctive features of cryptoassets – such as intangibility, cryptographic authentication, use of a distributed transaction ledger, decentralisation and rule by consensus – disqualify cryptoassets from being property.
Cryptoassets’ status as property has important consequences in a number of areas, including succession on death, insolvency, fraud, theft and breach of trust.
As with other intangible assets, title to cryptoassets can be vested or transferred by assignment or agreement of its owner. The Statement suggests that an ‘on-chain’ assignment (i.e. a transfer of the cryptoasset itself) is best analysed by way of the creation of a new cryptoasset owned by the transferee, with the ‘old’ cryptoasset ceasing to have any value or function because it is treated by the consensus as having been spent or cancelled (and as a result any further dealings in it would be rejected).
It is also possible to transfer a cryptoasset ‘off-chain’, where the cryptoassets represents or is linked to a conventional asset, such as money, land or a contractual debt. An off-chain transaction would however allow the transferor to retain a copy of the private key, and therefore expose the transferee to the risk of ‘double-spending’ by the transferor.
A distributed ledger (such as a blockchain) operates as a “reliable record in practice of which person, or which address-identifier, has control of a cryptoasset, because only dealings in a cryptoasset that are both consistent with the transaction history recorded in the ledger and signed with the relevant private key will be accepted as valid” (para. 131). But unless and until it is given binding legal effect by statute, the distributed ledger does not constitute a definitive record of legal rights in the way that the records held by the Land Registry or the Intellectual Property Office do.
Although cryptoassets are not documents of title, documentary intangibles or negotiable instruments, some types of security can be granted over them, including mortgages and equitable charges. Because a cryptoasset cannot be physically possessed, you cannot create a lien over it, or sue someone for conversion of it (wrongfully dealing with it). For the same reason, a cryptoasset cannot be the object of a bailment.

Smart contracts

In relation to smart contracts, the UKJT’s main conclusions are:

Whether the contractual obligations under the smart contract are defined by computer code, or the code is implementing an agreement whose meaning is to be found elsewhere, English law is able to identify, interpret and enforce smart contracts using ordinary and well-established legal principles.
English law is also able to deal with smart contracts formed between anonymous or pseudonymous parties, and can also deal with bilateral smart contracts as well as those structured around Decentralised Autonomous Organisations (DAOs).
A statutory “signature” requirement can, in principle, be met by using a private key which authenticates a document, and a statutory “in writing” requirement can be met in the case of a smart contract whose code element is recorded in source code.

Final comments

In addition to the conclusions mentioned above, the Statement provides a comprehensive, useful description of the key technical and operational characteristics of both cryptoassets and smart contracts.

Tags: blockchain, contract, cryptoasset, distributed ledger technology, DLT, smart contract, token
Posted in Technology, Updates | No Comments »

Selling second hand software

It is usual for a perpetual software licence to be sold on the basis that the licence is non-transferable, ie that the purchaser (licensee) cannot resell or otherwise assign the licence to a third party. And it was previously thought that the EU principle which prevents the owner of an article from controlling the downstream after-market in the article (the “exhaustion of rights” doctrine) did not apply to software licensed in this way.

But in the recent case of UsedSoft GmbH v Oracle International Corp., the European Court of Justice has made it clear that the exhaustion of rights doctrine does apply to perpetual software licences (whether supplied on a package basis or by download, and including any updates and upgrades), and any clause in a licence agreement which states that the licence is non-transferable, or which otherwise restricts the licensee’s right to resell the licence elsewhere in the EU, is unenforceable.

Whilst this judgement potentially has serious implications for software suppliers, it is worth noting the following:

The judgement does not apply to software licensed on a rental or subscription basis, e.g. SaaS (software as a service). That said, it is likely to apply where a fixed licence term is longer than the expected useful lifetime of the software.
Where the licence allows the software to be used by a number of users, the licensee may not “split” the licence by reselling the licence for some of those users.
When a licensee resells their licence, they must delete the software from their systems or make it unavailable for further use.
The copyright owner may put in place technical measures to make the first licensee’s copy of the software unusable following its resale.

Tags: exhaustion of rights, resale of software, second hand software
Posted in Technology, Updates | No Comments »