Independent software vendors and other companies that distribute third-party software products as part of their proprietary solutions often are predictably good at capturing core business terms in their customer agreements, carefully defining the products and scope of services to be delivered. Unfortunately, far fewer are as reliable about including required, third-party license terms in those agreements, which can make an audit particularly uncomfortable if one of those third parties wants to know about software deployed on end users’ computers. And far fewer still include adequate terms in those agreements to address what happens if an auditor finds licensing discrepancies affecting end-user installations.
Almost all major software publishers that offer their products for resale and distribution by ISVs or by other solution providers require those resellers to license their products under end-user terms prepared by the publishers. Those terms often include requirements that end users run the software only in connection with the ISVs’ solutions and otherwise in conformance with the publishers’ other restrictions. They also may include provisions requiring end users to cooperate in the event of an audit in providing data regarding their deployments. ISVs that fail to incorporate those terms in their customer agreements may find themselves in the untenable position of having to alienate either their customers or a business-critical vendor in the event of a license review.
However, most required end-user terms do not include all the legal protections that an ISV may want to pursue in order to mitigate audit-related exposure. For example, the terms may not include a clause requiring cooperation by end users, even though the ISV’s agreement with a software publisher may obligate it to provide end-user deployment data during an audit. In addition, no end-user terms that I have seen even attempt to apportion responsibility for license discrepancies among an ISV and its customers. If the publisher’s products are found to have been over-deployed, the ISV typically is left holding the bag.
For those reasons, it is vital for ISVs to take a close look at their customer agreements and to ensure that they provide enough flexibility (1) to respond to an audit that may be initiated under an agreement with a third-party vendor like IBM, Oracle or Microsoft, and (2) to pass through to the ISVs’ customers the responsibility for licensing errors that were committed by those customers.