31 July 2023

Cracking the Code: Legal Issues in the Realm of Open Source

  • Articles
  • Legal
  • Data / Technology / IP

Part 1 of this series focuses on the legal classification of open source software and the alter-natives to proprietary licensing models besides open source.

Part 1: Legal Classification and Alternatives

The use of Open Source Software (OSS) as standard components of software solutions has become widespread across all industries and organisations. The growing interdependence between proprietary software and OSS components can also be measured. According to the «2023 Open Source Security and Risk Analysis (OSSRA)» conducted by the technology firm Synopsis, approximately 96% of the examined code bases included OSS components, with a total of 76% of the examined code being comprised of OSS.

With this in mind, it is not surprising that open source is attracting increasing attention form a legal perspective. In a series of four articles, we aim to answer the most common legal questions about OSS that we encounter in our daily practice. In this first article, we focus on the legal classification of OSS and provide some examples to illustrate that open source is not the only alternative to proprietary licensing models.


  1. How is Software Legally Protected?

    In Switzerland, software is protected by the Copyright Act (CopA). Copyright protection for software is granted automatically upon its creation. No registration, publication, or other official recognition is required for this purpose. As a result, there is no central registry for copyright ownership in Switzerland.

    The CopA grants developers (authors) several exclusive rights. These rights include the ability to control the reproduction, modification, and public availability of the software. Copyright protection only extends to the source code of the software and does not cover the underlying idea or functionality. Therefore, if the source code is not directly copied, it is possible to replicate the idea or function of the software without infringing copyright. To protect the idea or function of a software, it is possible to seek patent protection. Contrary to popular belief, such protection is also feasible in Europe with relatively few restrictions.

  2. What is the Purpose of Licenses?

    A licence is a legal agreement between the copyright holder (licensor) and a user (licensee), that grants the user a contractual right to use the software. Software usage rights can be structured in different ways. On the one hand, a comprehensive right can be granted, covering the use, reproduction, modification, and publication of the software. On the other hand, the individual rights contained in the copyright (which is often referred to as a «bundle of sticks») can also be granted separately. Licences also allow the copyright holder to implement different licensing and business models by tailoring the rights of use and attaching specific conditions to them. For example, the use of the software may be free of charge, while commercial distribution may be subject to a license fee.

  3. What is Open Source Software?

    OSS is software whose source code is publicly available source code and can be viewed, modified, and used by third parties. OSS is released under licences that define the terms of use, which can vary. There are two main open source license types: copyleft licences and permissive licences. The main difference between these license types lies in the distribution of modified OSS. With copyleft licences, any derivative works of the software must be released under the same licence (known as the «viral effect»). Permissive licences do not have such a requirement. This means that developers who integrate “permissive” OSS components into their software can license their software under any license of their choice. 

  4. May Open Source Software be Used without Restrictions?

    No, open source does not mean that the rights to use the source code are unrestricted. Similar to proprietary licences, the use of OSS is subject to terms and conditions set by the copyright holder (licensor). Most licenses focus on conditions directly related to redistribution. These conditions include, for example, the obligation to include the license text with the software, to attribute the author, or to maintain a change log documenting any modifications made to the source code. However, there are also open source licenses that require the user to buy the licensor a beer if they ever meet in person (Beerware License) or to perform a specific dance and share a video of the performance on social media (Chicken Dance License).

  5. Is Open Source Software Free of Charge?

    Open source means that the source code is publicly available and can be used free of charge. However, the executable software based on an OSS source code does not necessarily have to be distributed free of charge. The process of converting the source code into executable software (compilation) requires expertise, time, and resources that not every user has or wants to invest. Developers may offer to compile the source code for a fee, even if the source code is available as OSS.

    A good example of this is the Linux distribution «Red Hat Enterprise Linux» offered by the software manufacturer «Red Hat». The source code of the software is freely available as OSS and can be viewed on platforms such as GitHub. However, if a company wants to obtain the ready-to-use code of the software without having to reconstruct it from the source code itself, it must purchase a paid subscription.

  6. Is There a Difference Between Publishing and Licensing Software?

    Yes. Publishing refers to making the software publicly available, for example by uploading the source code to a repository such as GitHub. This action makes the software accessible to the general public and, in particular, to members of the open source community, allowing them to review, analyse, and suggest improvements to the software (known as «community audits»). This transparency fosters the quality, security, user confidence and innovation of OSS.

    Licensing, on the other hand, refers to the legal terms and conditions governing the use, modification, and distribution of the software. It outlines the rights and obligations granted to software users. Simply publishing the source code does not automatically allow for its incorporation into existing code base, modification, or distribution. However, the easy accessibility of published software makes it difficult to prevent such use. As a result, there is always a risk that the third parties will infringe upon the author's copyright or licence terms.

  7. When Do Open Source Licenses Take Legal Effect?

    In general, an open source licence agreement only becomes applicable when the user distributes the software. As long as users do not distribute the OSS, the terms of the open source licence are not relevant to them. Internal use without distribution is therefore unproblematic for both individuals and companies. However, if distribution does take place, it is necessary to comply with the relevant licence terms.

    The definition of what constitutes a distribution may vary depending on the open source licence. Generally, distribution occurs when the software is made publicly available or placed on the market (for example, by uploading it to a website, making it available in a repository such as GitHub, engaging in peer-to-peer file sharing, or installing it on a server). It is important to remember that when software is distributed, the open source licence agreement is always established between the original author of the software (licensor) and the user of the software. When users redistribute the software, the recipients do not enter into a sublicense agreement with the distributing user but into a license agreement with the original licensor.

  8. Are Exclusions of Liability Legally Effective?

    A question that arises time and again is that of liability for software defects or security vulnerabilities. Since the source code of OSS is provided free of charge (see question 5), it is understandable that the licensors want to protect themselves against third-party claims. For this reason, most open source licenses contain liability and warranty disclaimers.

    These disclaimers are usually so broad that they violate mandatory law in Switzerland and many other countries (e.g., exclusion of liability for gross negligence and unlawful intent). As a result, the clause is ineffective and liability is governed by statutory law. If OSS is provided free of charge, it is treated like a gift (even though the IP rights are not actually given away). In this case, the licensor is only liable to the licensee for damages caused intentionally or through gross negligence. However, if OSS is sold in compiled form, limitations of liability should be contractually stipulated in a separate agreement.

    If developers want to disclaim all liability, they can do so by releasing the source code into the public domain (see below). In this case, the developer makes the source code available under no license and thereby waives all rights and obligations. As a result, there is no contractual relationship between the developer and the user regarding the use of the source code that would be subject to statutory law.

  9. What are the Alternatives to Open Source Licence?

    While OSS remains one of the most popular forms of licensing alongside proprietary licences, an increasing number of developers are choosing to move away from the (pure) open source model. The reasons for this shift are plentiful, often stemming from the perception that open source licenses can be overly rigid. Below, we present the most common alternatives:

    • Public Domain: Public domain refers to software for which the author has waived their copyright, making it freely available to the public. This means that anyone can use, modify, distribute, and commercially exploit the software without needing permission in the form of a licence. Examples of software programmes whose source code has been released into the public domain include the «Secure Hash Algorithm 3» (SHA-3) and online games such as «One Hour One Life» and «The Castle Doctrine».
    • Open Core («Freemium»): In the Open Core model, the core of the software is available to all users as OSS. However, certain additional features and add-ons are sold for a fee under a commercial licence. The Open Core model is used by the software management provider «GitLab». While the «Community Edition» is freely available as OSS, the «Enterprise Edition» that includes additional features is offered under a commercial licence.
    • Source Available: Source available means that the source code of the software is made publicly available, similar to OSS. The difference with source available software is that certain usage rights are restricted. Source available licences may, for example, include restrictions on commercial projects or certain categories of applications (such as deep learning or search engines). Examples of software that is no longer available as OSS but offered under a source available licence include the visualisation tool «Kibana», the NoSQL database management system «MongoDB», the data platform «Redis», the log management solution «Graylog» and the DeFi protocol «Uniswap v4».
    • Dual Licensing: Dual licensing (or multi licensing) involves offering software under a choice of licences. On the one hand, the software is offered under a strict copyleft licence in order to trigger the «viral effect». On the other hand, the same software is offered under a commercial licence without the «viral effect». The ability to modify the source code without restrictions, incorporate it into proprietary source code and/or distribute it is therefore subject to a fee. One of the best known examples of the dual licensing model is the database management system «MySQL» from Oracle.