IoT & Licensing – Ten thoughts on handling the new frontiers of reduced human exertion

1. Draw a map

IoT & licensing requires coping with complexity. Whether you are in the automotive or the healthcare sector, doing business with brown goods or providing energy, start by drawing a map. Visualize all the potential contributors and gateway owners who need to be in perfect synch to get your service delivered or product manufactured. It will surely involve a lot of communication devices and services. Only if you have completed the full picture and now understand all angles of it, you can start thinking about the legal aspects of licensing in or out.

2. Toll gates & border control

Machine-to-machine communication means delivering data from the original point of generation to the various centers of processing and forward or back to systems and devices executing the intended actions, services etc. On this journey, the data is transferred through the participating systems per input and output interfaces, and is processed in between.

Each of these systems can become a toll gate as their use is based on software probably protected under applicable copyright laws. If it is embedded firmware, end-users do not usually  have to separately pay for its use; it comes with the device it is controlling. More complicated applications might require separate licensing and payment. From a legal point of view, copyright only provides a limited authority and control as its scope of protection is limited to the specific work created. The functionality gained by using given software is never protected by a copyright. Using a certain copyright can be avoided by programming an independent code realizing the same functionality. So whether you are planning to develop a respective “killer app” or considering to license it, you need to understand the scope of protection and the limits of copyright.

Things get more difficult if patents are involved: Patents are often broader-reaching as they cover the solution of a technical problem by the invention as specified by the claims shaping the patented product or a process. If you are not familiar with the concept and the barrier-effect patents may have, google for the debates and disputes around “standard essential patents” and “patent ambushes”, in particular in the telecommunication sector. Once you have understood the approach and its commercial impact, check what is already out there. The WIPO has published reports summarizing the recent activities of various players as regards patent filing or acquisitions of patent portfolios relating to technologies being relevant for the IoT sector. If you are an inventor in this field, hurry up and keep filing and get familiar with FRAND and RAND concepts. In case you are on the user side, clarify licensing requirements and think about the dangers of a financial or technological lock-in.

Interfaces are the “border control” of each system involved. Proper transit of data requires complying with the local rules: Harmonization and standardization of processing requirements are essential for a smooth operation of the entire chain of systems involved – being hence the decisive requirement for a meaningful operability of IoT technologies and applications. If everyone is using it and/or has to use it, relating copyrights or patents ensure leverage, and it might be a huge stick. There is a little more leeway as regards interfaces due to statutory restrictions in copyright laws allowing to ensure interoperability of systems. However, it is a narrow exception under copyright laws. Furthermore, it has no equivalent under patent laws, so the possible relief might have no practical relevance.

3. Open Source

If you intend to also rely on open source software, you need to diligently assess and document the codes you take in and the governing license. If you are not there yet, get prepared to always know which kind of OSS is used in your business. Verify if you are happy or unhappy with copyleft licenses and their viral effect. Even if you are only using permissive licenses, check and comply with your duties regarding notices and notifications. Furthermore, get your suppliers to do the same and provide you with respective information.

4. Drilling oil

Data as such, the oil of the 21st century, is protected nowhere by a specific property right. Most jurisdictions have statutory provisions governing certain aspects of data including laws on telecommunication, data protection and privacy, trade secrets, unfair competition and criminal statutes. It is a legal patchwork differing from country to country.

So any clarity on the “Dos and don’ts” requires contractual precaution. Go for detailed and precise provisions and an effective contractual regime of sanctions. “Termination for cause” might not be an appropriate sole remedy in case those provisions get breached. If you cannot agree on other sanctions, good luck with exploring new legal frontiers on damages caused by misappropriation of data.

5. Contract models

The speed of the development of technology puts pressure on providers and users to implement the latest technology in order to avoid becoming less attractive. The independence and other advantages of an owner-like status of a licensee have become less relevant if you are no longer operating “stand-alone” but are embedded in a network as the internet of things even if you only navigate in a specific environment. Legal developments such as the series of cases on the exhaustion of the distribution right in Europe have further pushed licensors to abandon perpetual license models and move to subscription and/or “…as a service” business models.

A legal status as lessee or customer instead of being a kind of “owner” comes with higher expectations and rights as regards the functioning of the systems and devices temporarily leased or simply used. At least in some countries, there is less freedom of the lessor to limit its responsibility for incidents and issues via general terms and conditions.

6. Metering

The commercial models on which the royalty schemes are based are often more sophisticated than plain vanilla “per user”. Features-on-demand, items-processed or similar calculation models provide flexibility on the spending of the licensee. In times of high tide demand, they tend to become expensive which might raise questions about the adequacy of the amounts due. For licensors, the stream of revenues is less predictable while the technical requirements for coping with the volatility of the demand must nevertheless be held available and continuously be improved.

Legally, all those metering models match a lot better with lease-like or service-based contracts. There is no such thing as a perpetual licensee with an owner-like status as regards his copy being subject to the principle of exhaustion triggering legal tensions as regards the suitability of such status with a more predetermined pattern of someone only using the other’s property.

7. Regulatory aspects

Contracts primarily cover the commercial interests of the parties. Certain aspects of IoT technologies are subject to applicable regulation, in particular on net neutrality (or the lack thereof), data protection, security standards, consumer protection, product liability, public permits or certifications etc. Additional rules will surely be adopted in the near future. They will usually derive from national regulators which do not necessarily care about their compatibility with those of their foreign counterparts. International harmonization will follow but will take time. So the parties need room and the willingness to adjust their agreements accordingly.

8. Code is law” and the limits of smart contracts

Laurence Lessig’s dictum coined more than 18 years ago has reached the go-to market phase. Using smart licensing contracts within the IoT seems to be a no-brainer – at least in the long run. We will soon see the extent to which the technical possibilities of smart contracts will pass the various legal real life tests. In particular, due process requirements and the limits for enforcing and executing contractual rights on which our societies have been based for centuries will be a challenge.

Whether you draft respective mechanisms or review their acceptability, not all things happen as planned even if many brain cells worked hard to project all options. Planning remains the attempt to replace coincidence by error. Human interaction at one point will surely involve a delay and additional costs but it still helps to avoid disasters including legal ship wrecks.

9. Handling obsolescence

Even if one has the perfect maintenance coverage, innovations make current technology obsolescent and life cycles probably become shorter. Licensing strategies on either side must reflect the ravages of time. As “stand-alone” is dying, every member of an IoT chain must keep the rhythm of the upgrades. New technologies and new licenses require financial investments and capacities to ensure a swift implementation. Providers and users need to be aware of the dependencies resulting from the loss of autarky and agree on reasonable standards for their ongoing cooperation.

Ideally, they even pass the relativity of agreements: Chains are only as strong as their weakest link. The typical legal fix to shift risks upstream via the responsibility of the supplier for its vicarious agents will have practical limits the more players get involved. If continuity and reliability of the entire chain are important, no player should be irreplaceable. So the efficiency IoT promises comes with increased requirements on the seamless transition of all contributors involved. And a compulsory side-effect even if you – for yourself – had actually preferred to slow down a bit.

10. Transition

Nothing lasts forever: Terminating the agreement should not only be a theoretical legal option triggering a practical nightmare on either side. So the parties had better agree on a plan specifying the details of a transition in case of a separation while still being in the honeymoon mood of their relationship.

Licensing models might include a non-active use of dormant systems in order to comply with duties on documentation and record retention.

Better to get involved than steamrolled. At least as long as you keep your eyes peeled and your mind sharp.