Manage Your Exposure
Companies preparing to be acquired should know the risks of open source upfront, since most buyers will conduct a sophisticated and rigorous evaluation of open-source software use. The representations and warranties in an acquisition agreement generally will require disclosure of open-source use and distribution.
Additionally, an acquiring company will want a general understanding of the origin of all of the software used and distributed by the target company. Part of that exercise involves understanding open-source use and which license requirements apply.
Target companies that use "not for commercial use" open-source software for commercial purposes will need to obtain a different and generally more costly commercial license, if such a license is even available. Depending upon the structure of the acquisition, third-party consent for assignment may be needed for continued use of the software.
Additionally, if company employees have contributed software in any collaborative open-source projects, their participation may require corollary contribution of company intellectual property or a promise not to assert intellectual property rights to the code or software developed in the project.
Many acquirers require target companies to undergo an expert technical assessment to determine the use and applicable license terms of open-source software, with the commitment to proceed with the acquisition contingent on satisfactory results.
Software licensed under a reciprocal-type license may need to be replaced with newly written software, commercially licensed software or perhaps open-source software licensed under an attribution-type license. This replacement or remediation effort can be substantial and may delay closing or, in the worst-case scenario, terminate the transaction.
The Sarbanes-Oxley Act (SOX) requires executives of a public company to certify that the company has procedures in place to provide accurate financial statements and has the related internal controls necessary to produce those statements.
Such controls include being able to verify ownership of material assets. Failing to establish procedures to ensure compliance with open-source licenses may indicate a lack of procedures necessary to verify ownership and use of intellectual property.
At a minimum, risk factors associated with compliance with reciprocal-type licenses--which may require that a company make its intellectual property assets publicly available without charge--may need to be disclosed. Penalties for falsely certifying a SOX-required statement are severe, including substantial fines and possible imprisonment.
If you know open source has been used by your IT staff or external developers, get the details on use, modifications and compliance. Your organization should have policies for oversight and control of all software acquisition by employees. If your open-source use is extensive, you also may want to check with a consultant that specializes in open-source compliance.
Finally, once you have a clear understanding of your company's open-source use and the corresponding licensing requirements, get a jump-start on remediation by thinking through your options with your financial and legal advisers. This is especially important if you are attempting to go public or are involved in merger, acquisition or other investment discussions, so that these matters can be addressed early in the process.
Mark H. Wittow and Jessica C. Pearlman are partners in the Seattle office of the law firm K&L Gates. Wittow focuses on intellectual property and technology transactions and litigation. Pearlman focuses on corporate securities, and mergers and acquisitions.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.