Part 1 of this series focuses on the legal classification of open source software and the alter-natives to proprietary licensing models besides open source.
The use of Open Source Software (OSS) as standard components of software solutions has become widespread across all industries and organisations. The growing interdependence between proprietary software and OSS components can also be measured. According to the «2023 Open Source Security and Risk Analysis (OSSRA)» conducted by the technology firm Synopsis, approximately 96% of the examined code bases included OSS components, with a total of 76% of the examined code being comprised of OSS.
With this in mind, it is not surprising that open source is attracting increasing attention form a legal perspective. In a series of four articles, we aim to answer the most common legal questions about OSS that we encounter in our daily practice. In this first article, we focus on the legal classification of OSS and provide some examples to illustrate that open source is not the only alternative to proprietary licensing models.
In Switzerland, software is protected by the Copyright Act (CopA). Copyright protection for software is granted automatically upon its creation. No registration, publication, or other official recognition is required for this purpose. As a result, there is no central registry for copyright ownership in Switzerland.
The CopA grants developers (authors) several exclusive rights. These rights include the ability to control the reproduction, modification, and public availability of the software. Copyright protection only extends to the source code of the software and does not cover the underlying idea or functionality. Therefore, if the source code is not directly copied, it is possible to replicate the idea or function of the software without infringing copyright. To protect the idea or function of a software, it is possible to seek patent protection. Contrary to popular belief, such protection is also feasible in Europe with relatively few restrictions.
A licence is a legal agreement between the copyright holder (licensor) and a user (licensee), that grants the user a contractual right to use the software. Software usage rights can be structured in different ways. On the one hand, a comprehensive right can be granted, covering the use, reproduction, modification, and publication of the software. On the other hand, the individual rights contained in the copyright (which is often referred to as a «bundle of sticks») can also be granted separately. Licences also allow the copyright holder to implement different licensing and business models by tailoring the rights of use and attaching specific conditions to them. For example, the use of the software may be free of charge, while commercial distribution may be subject to a license fee.
OSS is software whose source code is publicly available source code and can be viewed, modified, and used by third parties. OSS is released under licences that define the terms of use, which can vary. There are two main open source license types: copyleft licences and permissive licences. The main difference between these license types lies in the distribution of modified OSS. With copyleft licences, any derivative works of the software must be released under the same licence (known as the «viral effect»). Permissive licences do not have such a requirement. This means that developers who integrate “permissive” OSS components into their software can license their software under any license of their choice.
No, open source does not mean that the rights to use the source code are unrestricted. Similar to proprietary licences, the use of OSS is subject to terms and conditions set by the copyright holder (licensor). Most licenses focus on conditions directly related to redistribution. These conditions include, for example, the obligation to include the license text with the software, to attribute the author, or to maintain a change log documenting any modifications made to the source code. However, there are also open source licenses that require the user to buy the licensor a beer if they ever meet in person (Beerware License) or to perform a specific dance and share a video of the performance on social media (Chicken Dance License).
Open source means that the source code is publicly available and can be used free of charge. However, the executable software based on an OSS source code does not necessarily have to be distributed free of charge. The process of converting the source code into executable software (compilation) requires expertise, time, and resources that not every user has or wants to invest. Developers may offer to compile the source code for a fee, even if the source code is available as OSS.
A good example of this is the Linux distribution «Red Hat Enterprise Linux» offered by the software manufacturer «Red Hat». The source code of the software is freely available as OSS and can be viewed on platforms such as GitHub. However, if a company wants to obtain the ready-to-use code of the software without having to reconstruct it from the source code itself, it must purchase a paid subscription.
Yes. Publishing refers to making the software publicly available, for example by uploading the source code to a repository such as GitHub. This action makes the software accessible to the general public and, in particular, to members of the open source community, allowing them to review, analyse, and suggest improvements to the software (known as «community audits»). This transparency fosters the quality, security, user confidence and innovation of OSS.
Licensing, on the other hand, refers to the legal terms and conditions governing the use, modification, and distribution of the software. It outlines the rights and obligations granted to software users. Simply publishing the source code does not automatically allow for its incorporation into existing code base, modification, or distribution. However, the easy accessibility of published software makes it difficult to prevent such use. As a result, there is always a risk that the third parties will infringe upon the author's copyright or licence terms.
In general, an open source licence agreement only becomes applicable when the user distributes the software. As long as users do not distribute the OSS, the terms of the open source licence are not relevant to them. Internal use without distribution is therefore unproblematic for both individuals and companies. However, if distribution does take place, it is necessary to comply with the relevant licence terms.
The definition of what constitutes a distribution may vary depending on the open source licence. Generally, distribution occurs when the software is made publicly available or placed on the market (for example, by uploading it to a website, making it available in a repository such as GitHub, engaging in peer-to-peer file sharing, or installing it on a server). It is important to remember that when software is distributed, the open source licence agreement is always established between the original author of the software (licensor) and the user of the software. When users redistribute the software, the recipients do not enter into a sublicense agreement with the distributing user but into a license agreement with the original licensor.
A question that arises time and again is that of liability for software defects or security vulnerabilities. Since the source code of OSS is provided free of charge (see question 5), it is understandable that the licensors want to protect themselves against third-party claims. For this reason, most open source licenses contain liability and warranty disclaimers.
These disclaimers are usually so broad that they violate mandatory law in Switzerland and many other countries (e.g., exclusion of liability for gross negligence and unlawful intent). As a result, the clause is ineffective and liability is governed by statutory law. If OSS is provided free of charge, it is treated like a gift (even though the IP rights are not actually given away). In this case, the licensor is only liable to the licensee for damages caused intentionally or through gross negligence. However, if OSS is sold in compiled form, limitations of liability should be contractually stipulated in a separate agreement.
If developers want to disclaim all liability, they can do so by releasing the source code into the public domain (see below). In this case, the developer makes the source code available under no license and thereby waives all rights and obligations. As a result, there is no contractual relationship between the developer and the user regarding the use of the source code that would be subject to statutory law.
While OSS remains one of the most popular forms of licensing alongside proprietary licences, an increasing number of developers are choosing to move away from the (pure) open source model. The reasons for this shift are plentiful, often stemming from the perception that open source licenses can be overly rigid. Below, we present the most common alternatives:
