IT and data

Legal Open Source Handling and Compliance

Published on 2nd Oct 2020

Osborne Clarke has long-standing experience in providing comprehensive legal and technical advice on open source and offers solutions in the area of Open Source Software (OSS) compliance and contributions.


FOSSmatrix Legal Tech Add-On for OSS Compliance


Standardised legal assessment on proprietary and OSS licences and components. of specific licence obligations. Legally compliant and fully documented. Even in case of legally complex detailed questions.
Open Source Compliance Report


Current figures on compliance processes and specific measures in Germany
Detailed assessment of the BITKOM Open Source Monitor
Open Source: Our Further Offer
Our Experience

Why Compliance?



FOSSmatrix Legal Tech Add-On for OSS Compliance

The legal factor within the compliance process - measurable, automatable and auditable

Basis is a standardized, legal assessment of proprietary and OSS licences and components. Legally compliant and fully documented. Even in case of legally complex detailed questions.


  • Mapping of individually tailored use cases against licences with clear indication of conflicts, display of risks and reference to individual sources at the level of individual licence obligations
  • Parameterization of individual factors, allowing for different weighting (conservative approach vs. risk-taking approach)
  • Risk assessment with percentage values: not just yes/no, but partially fine gradations in percentage range, tracking and visualising cases of doubt

We start where the traditional tools end: legal classification and evaluation of licences. More than only creating a bill of materials and fulfilling information obligations

What we do

  • Use Case Development: We tailor customized use cases. Based on our experience we describe together with our clients how software is used
  • Licence assessment: Based on the identified licences (if necessary, we assist with the identification), we assess the rights and obligations of these licences
  • Matching: We check use cases for conflicts with the rights and obligations of the identified licences

Our Service Packages

  • Standard Package: Result of the use case matching, which shows the compliance/non-compliance of use cases with licences in a clear way
  • Extended Package: Additional, in-depth explanation of the rights and obligations of the individual licences regarding the use cases - a legal memo in tabular form


  • Assessment of specific software: Can be necessary for the licensor’s understand of the licence - this may differ from the general understanding of the licence
  • Graphical reporting of the test results

Open Source Compliance Report

Current figures on compliance processes and specific measures in Germany

The first detailed, representative study on open source compliance in Germany:

  • Detailed overview of the distribution of individual, concrete compliance measures
  • Differentiation of enterprises by number of employees in size classes and by type of use of open source software
  • Comprehensive, commented study report with clear evaluation of the figures

Simply compare your own company with the appropriate peer group - specifically with regard to individual compliance measures.

For a long time, no figures existed on open source compliance. Companies looking for orientation that wanted to compare themselves with their peer group were left in the dark and could only get an approximate picture by questioning their own contacts. What measures should I take? Should I ignore the issue and let it go by, or should I proactively take action? If so, in what way? Where do I stand in comparison to others? Statistically proven answers to these questions did not exist.

This gap has been closed with a study commissioned by BITKOM and financed by Osborne Clarke and other partners: In the course of the BITKOM Open Source Monitor, 804 companies based in Germany, with 100 employees or more and from various industries were surveyed with regard to their handling of OSS. Osborne Clarke was involved in the design of the study.

The Open Source Compliance Report is based on raw data of the BITKOM Open Source Monitor, but contains figures that cannot be found in the BITKOM Open Source Monitor itself. In particular, the Open Source Compliance Report contains a detailed overview over individual and specific compliance measures.

With this study, companies have, for the first time, the opportunity to see how they perform in terms of open source compliance – not only with regard to the general question of whether compliance processes exist, but also in a detailed way, specifically with regard to individual compliance measures. The Open Source Compliance Report also allows for a direct comparison with one's own peer group, as the presentation distinguishes the surveyed companies by size, according to the number of employees.

Sounds interesting? Download a Sneak Preview of the report here:

Download (English language)

Download (German language)

The figures will be presented shortly in a free webinar in German language and in English language. All participants will receive a copy of the complete Open Source Compliance Report!

Interested in an invitation to the webinar? Simply contact us at

Open Source: Our Further Offer

Legal Tech Add-On for OSS Compliance


  • the legal factor within the compliance process - measurable, automatable and auditable
  • basis is a standardized, legal assessment of proprietary and OSS licences and components. Legally compliant and fully documented. Even in case of legally complex detailed questions.
  • Details


  • in-house training on OSS compliance and licence management
  • development of know-how within the company
  • overview of the basic principles of OSS, the most important licences and their obligations as well as basic compliance requirements

Compliance Policies, Process Implementation

  • establishment and implementation of compliance policies and processes
  • development of a specific risk profile
  • definition of the necessary steps, setup of an open source policy and support in the actual implementation of this policy
  • creation of standardized checklists

Software Clearing

  • scanning of individual components
  • compilation of the necessary information and documents for these components
  • legal check of individual licences, components and types of use of components

Sample Documentation, Quick Check

  • support in compliance with relevant licensing requirements through sample documentation
  • whether embedded software, Internet of things, devices without user interface: support for the implementation of compliance requirements in special cases

Contributions and Licensing as OSS

  • support in choosing an OSS licence for licensing your own software as OSS
  • strategic consulting for setting up your own OSS projects
  • creation and testing of Contributor Licence Agreements and Contribution Policies

Support in legal proceedings regarding OSS licence violations

  • assistance in cases of dispute
  • support for short-term implementation of compliance measures in the context of disputes

OSS compliance

Our experience

  • We have long-standing experience in dealing with OSS. Several colleagues have developed software themselves and have worked as software developers.
  • Our team has reviewed and evaluated a high number of OSS components. We are familiar with the scanning tools commonly used in the industry as well as the common licences.
  • We have extensive experience in implementing OSS compliance processes in private and public companies.
  • We are an OpenChain partner and are happy to assist with an OpenChain certification.
  • We have been conducting in-house training courses in companies, seminars and workshops on legal questions relating to OSS for years.
  • We are familiar with the obligations arising from the common licences. We have developed practicable solutions for their implementation, particularly with
  • Together with our clients, we have developed economically viable solutions for the requirements of selling OSS as embedded software and as a component of hardware.
  • We regularly advise on the legal framework for the integration of OSS components into proprietary software. Due to our technical expertise we can also advise on the impact and scope of the copyleft effect.
  • We have successfully defended companies in several proceedings against OSS developers for copyright infringements.
  • We regularly assist in the drafting and negotiation of software licence agreements, support and maintenance agreements.
  • Our attorneys across all offices regularly advise on M&A transactions with regard to OSS as part of the software portfolio. We are able to handle cross-border cases without frictional loss.

Why Compliance?

Why our business in particular?

Open Source Software (OSS) is in almost all products which incorporate IT. Whether in cars, in internet-enabled heating control systems, or in digital measuring devices. In classic areas such as desktop computers or smartphones, OSS is already well established. However, many businesses still do not know that, and to what extent, OSS is used in their own products.

What are the challenges of OSS licences?

Many OSS licences contain complex provisions and conditions which must be complied with. German courts, as well as others, have repeatedly held that the provisions are binding and must be complied with. Already a missing licence text when distributing OSS may constitute a licence breach.

The compliance requirements have increased in recent years; in many cases claims for breach of individual OSS licence conditions are now being pursued which, until recently, had not been at issue:

  • Cease-and-desist: an immediate cessation of sales of all products
  • Recall: products must be removed from distribution channels
  • Product changes: swift deletion or exchange of complex OSS components from products
  • Damages: free usage does not mean protection from claims for damages, even where OSS is provided free of charge
  • Reimbursement of expenses: payment of lawyers’ fees and contractual penalties, where agreed
  • Patentleft-effect: loss of implemented, software-related patents

Why Compliance?

  • Developers are targeting businesses with written warnings for breaching licences and are enforcing cease-and-desist injunctions and claims for damages.
  • When purchasing products, there is an increased demand for OSS compliance – including the necessary documentation in connection with the same.
  • When a business is sold, an unclear situation concerning third party software, in particular OSS, can frequently lead to price reductions; in some cases it can even be a deal-breaker.
  • Customers of software companies as well as competitors use mechanisms of OSS (for instance the copyleft and patentleft effect) to get hold of the software or of patents for free.
  • Taking care early saves money: Implementing a compliance process during the software development phase offers savings in both time and monetary compliance costs. The introduction of such a process afterwards is usually more expensive and more complex.

What can be done?

  • We help to break down the compliance costs into commercially appropriate tranches, prepare a tailored concept for your business, and support you with its implementation.
  • The use of OSS is practically unavoidable; risk control is, however, manageable. In the long term, a company can avoid costs and gain efficiency by introducing and implementing compliance measures.



> Dr. Hendrik Schöttle advises on IT law and data protection law.


* This article is current as of the date of its publication and does not necessarily reflect the present state of the law or relevant regulation.

Connect with one of our experts

Interested in hearing more from Osborne Clarke?