Focus on: technology procurement & software/data licences
The social distancing and self-isolation measures brought about by Covid-19 have fundamentally changed business. The steady trend towards digital transformation, technology-led solutions and remote working… Read more
The social distancing and self-isolation measures brought about by Covid-19 have fundamentally changed business. The steady trend towards digital transformation, technology-led solutions and remote working has become a sudden and unpredicted leap, and the ability to continue “business as usual” is a matter of survival. Technology has a critical part to play in this.
Technology can ensure business continuity and resilience and businesses should be assessing what their technology requirements are in this new, difficult world and adapting their business strategy accordingly.
As part of a strategic review, organisations should look to:
- Evaluate what can be moved online, digitised or stored remotely.
- Forward plan IT resilience now, with a view to the Covid 19 situation potentially worsening. Consider whether critical aspects of IT systems can be outsourced, in the event an organisation’s own business is affected.
- Assess current IT capabilities versus new requirements.
- Verify that software and data licences are not being over-deployed or used in breach of licence terms (e.g. by remote access and increased user numbers due to working remotely). Ascertain any gaps.
- Procure any required IT solutions or licence extensions.
- Pause or exit any deployments which are not fit for current purposes to preserve cash flow/reserves.
Of the above issues, businesses should not neglect current licence terms. Many licences, particularly older ones, will have conditions on the use of the licensed software/data that relate to user numbers or user characteristics (e.g. a real person versus use by another solution) and location of use (e.g. physical location or specific servers).
Businesses should consider which licenced software/data is being used in a different or increased way due to Covid-19 and check that this is still permitted under the licence. Given the competing critical calls on business IT functions right now, there may be a temptation to simply use the software/data as required in order to keep business going and to resolve problems later. However, there are clear risks in this approach which businesses should factor into their prioritisation.
Licence over-deployment will constitute a breach of the licence terms and will also typically be a copyright infringement. Whilst software/data vendors are at present focused on their own business needs and are busy catering for the increased demand for their solutions, there will come a time when vendors return their focus on licence deployment. This will particularly be the case if the vendor’s own sales revenue is hit.
In order to identify licence over-deployment, vendors typically include rights in the contract to carry out a use audit. Audits in themselves are onerous and customers should lower the risk of being audited if possible. In the current situation, potential over-deployment will be easily identified where a business appears to have adapted its business model for Covid-19 in a way that requires different licensed use but has not approached the vendor for increased or different usage rights. Vendors may not have to do very much to identify suitable audit targets.
It is no secret that licence deployment is a revenue centre for vendors. Typically, a vendor will have a specific business unit that is tasked with auditing and verifying customer licence use and driving revenue by remediating over-use. That unit will have targets and for some of the largest vendors that revenue is very significant, due in large part to their sophisticated audit functions. However, there is an increasing focus by smaller vendors on this revenue stream. In addition, whilst SaaS and cloud audits are less common than server or desk-top audits, that too is shifting. The prediction is that compliance in these environments will increasingly become more of a focus for audit. The cloud, in particular, is geared up for audit because the cloud vendors can easily assess your usage. As a result, businesses should not assume that only the big vendors will audit usage, and nor should businesses assume that only server environments will be subject to scrutiny.
Where over-deployment is identified, the vendor will require that back-fees are paid by the customer. Back fees are frequently pegged to the list price, which is typically materially higher than contractually negotiated licence fees. Back fees will be claimed throughout the period of over-use, potentially going back 6 years. Vendors may also claim the related maintenance fees. Furthermore, if a business knowingly or recklessly exceeds its licence terms it may be exposed to additional damages for flagrancy of infringement, which a vendor could leverage in negotiations or ultimately deploy in a litigation. Accordingly, there may be considerable financial exposure. There may also be business continuity risks; vendors may threaten to switch-off over-deployed software/data and terminate licences as a result of alleged licence breach in order to leverage a more advantageous resolution.
In light of the above risks we suggest that businesses do check their licence conditions against how they are now using the licensed software/data due to Covid-19. If the licence is unclear, or extra licences or an amended licence scope is required, then the situation needs to be handled carefully. Kemp Little has experts in this area who can advise you on your licence terms, approach to the vendor and subsequent negotiations.
Find all our Covid-19 related advice here.
Share this blog
Share this Blog
- Adtech & martech
- Agile
- Artificial intelligence
- EBA outsourcing
- Brexit
- Cloud computing
- Complex & sensitive investigations
- Connectivity
- Cryptocurrencies & blockchain
- Cybersecurity
- Data analytics & big data
- Data breaches
- Data rights
- Digital commerce
- Digital content risk
- Digital health
- Digital media
- Digital infrastructure & telecoms
- Emerging businesses
- Financial services
- Fintech
- Gambling
- GDPR
- KLick DPO
- KLick Trade Mark
- Open banking
- Retail
- SMCR
- Software & services
- Sourcing
- Travel