Don't act soft on your software

As a software developer, it is essential to be aware of the legal possibilities to protect your creation. Acting soft on your software may open the doors of reverse engineering of your software by purchasers, watering down your commercial assets. In this blogpost we will describe how software can be protected under (i) copyrights (ii) patents, and (iii) trade secrets. Further, we will elaborate on recent case law regarding reverse engineering.

How to protect your software as IP?

According to the Computer Programs Directive (91/250/EEG), software can be protected by copyright if it is (1) ‘original’ in the sense that it is the author’s own intellectual creation and (2) provided that it is materialized in a tangible form (e.g. source code). No other criteria apply to determine its eligibility for protection. Note that mere ideas do not benefit copyright protection in the absence of any materialized form.

There are no formal requirements for copyright protection: no need for application or registration. It is advisable however to document and date all steps in the development and creation of copyright to be able to prove when and by whom the copyright was created. An i-DEPOT provides legal evidence as to the identity of the software developer and the date on which the software was created and thus could be a helpful tool in this respect.

When software is integrated into a product or a process that provides a technical solution to a technical problem, it may be eligible for protection under the form of a patent. However, since this rarely occurs, it should be assessed on a case-by-case basis whether the patent conditions are fulfilled.

An alternative way to protect software is through trade secrets. Software can be protected as trade secret provided that the information has (1) commercial value, (2) is secret and (3) reasonable measures have been taken to keep the information secret.

How to protect your software from reverse engineering?

According to the Computer Programs Directive, the general study and testing of software (so-called ‘low-level reverse-engineering’) has always been allowed for the lawful purchaser, since these activities are not deemed to threaten the IP in software. High-level reverse engineering, such as decompilation, by lawful purchasers without authorization has always been allowed to the extent it is limited to the sole purpose of pursuing interoperability of the software.

In March this year, Advocate General Szpunar delivered his Opinion regarding the Top System-case (C-13/20). As we discussed in our blogpost of March 17, 2021, this Opinion follows a request for a preliminary ruling by the Brussels Appeal Court in an procedure where a Belgian computer programming company challenged the decompiling of its proprietary software by another company.

On October 6, 2021, the Court of Justice of the European Union (CJEU) overall affirmed the AG’s Opinion.(2) The CJEU rules that article 5(1) of the Computer Programs Directive allows the lawful purchaser of software to decompile the object code into source code for the purpose of error correction, without prior consent of the owner. This includes the correction consisting of the disablement of a function that affects the proper operation of the software.

The lawful purchaser can thus carry out such a decompilation to the extent necessary to use the software (in this case by effecting the correction). This implies that decompilation may be allowed in a fairly broad sense and not merely to ensure interoperability. Nevertheless, by using the term ‘lawful purchaser’ instead of ‘lawful acquirer’ (the notion used in the Directive), the question arises whether the CJEU intended to exclude licensees from the scope of the judgment. The answer is important for SaaS licenses, where it is generally accepted that errors are to be corrected by the licensor, excluding error correction by licensees. We will closely monitor this issue and await how the Belgian courts will apply this preliminary ruling in their decisions.

It is important to grasp that decompilation may only be carried out within the boundaries of the contractually set limits and obligations. It therefore follows that it is possible to contractually derogate from this decompilation right in the agreement (between the rightholder and the purchaser) and agree on the conditions to correct errors. Once again, this judgment emphasizes the need to carefully negotiate agreements relating to software-commercialization. Furthermore, in order to prevent the purchaser from decompiling the source code in the first place, it is highly recommended to properly negotiate your availabilities as software developer as to error correction in a service level agreement.

The scope of the CJEU judgment remains limited to copyright law. If your software-related invention is granted patent protection, the issue of reverse engineering is less prevalent. Reverse engineering may be carried out by competitors, but the commercialization of the findings can only take place after the expiry of the patent in question. In the event software is protected as a trade secret, reverse engineering of a lawfully acquired software is considered as a lawful means of acquiring information, except when otherwise contractually agreed.

Please do not hesitate to contact us, should you wish any guidance relating to IP/ICT-commercialization and contract drafting.

Olivier Van Raemdonck
Marie Vercambre

1. CJEU 2 May 2012, C-406/10 SAS, ECLI:EU:C:2012:259; SAS Institute Inc. v World Programming Ltd.
2. CJEU 6 October 2021, C-13/20, ECLI:EU:C:2021:811, Top System SA v État belge.
3. The CJEU hereby takes the view that the decompilation of software comes within the acts referred to in Article 4(a) and (b) of the Directive.