June 16, 2022

Due Diligence: Software License Compliance

A target’s compliance with its obligations under software licenses is an area of M&A due diligence that doesn’t always get the attention that it should given the magnitude of the potential risks involved. This Holland & Knight memo points out that due diligence efforts are often hampered by M&A lawyers’ lack of awareness of both the potential financial impact of a problem & the right questions to ask.  The memo attempts to provide some guidance on this topic by offering a handful of key questions that should be asked during the diligence process.  This excerpt addresses the implications of a decision to migrate licensed software to the cloud:

Have you moved any third-party software from your on-premises environment into a third-party “cloud environment”? Are you using a dynamic virtualization program that allows the software to leverage computing capacity in the cloud environment that exceeds the computing capacity available in your on-premises environment?

If the answer to this question is “yes,” then you will need to review the license agreements governing the software programs that have been moved from an on-premises environment into a cloud environment and determine whether the software in the cloud environment is accessing and using more processors or processing power than were used in the on-premises environment and licensed under the applicable software license agreement.

This is a particularly significant exposure for many companies because the decision to move software into a hosted environment and to leverage dynamic virtualization software can result in actual or attributed usage (i.e., a full capacity license) that is thousands of times the usage in a traditional on-premises environment and thousands of times the licensed entitlements held by the customer. As a result, the additional license fees required to support that increased usage can be thousands of times the license fees paid by the customer.

One of the interesting aspects of the memo is the reminder that it provides about vendor software audits and their potential implications. Most large software licensors have instituted formalized software audit programs to identify non-compliance, and their people are incentivized to extract the maximum amount of additional revenue from non-compliant users. The memo says that non-compliance issues identified in recent software audits have resulted in demands for additional fees that are in the nine-figure range!

John Jenkins