source code escrow and continuity in the cloud
DESCRIPTION
This presentation - by Ernst-Jan Louwers of Louwers IP|Technology Advocaten at ITechLaw 2013 - provides insight in the current practice of software escrow and questions the value of traditional escrow under Dutch law. It also presents a valuable solution in combination with IP allocation. More information on www.louwersadvocaten.nl/enTRANSCRIPT
Continuity in the cloud
Amsterdam, 3 October 2013
Ernst-Jan Louwers
• Cloud
• Continuity risks in the cloud
• Continuity demands
• Escrow: bearing, goal and means
• Escrow challenged
• Escrow models
• Wrap up / discussion topics
Agenda
Continuity risks in the cloud
• Dependence / business critical?
• Continuity (applications, data and services)
• Data: security (critical / sensitive)
• Where are the hosted data?
External
No direct control
Not (only) source code
Software
Interfaces
Services
Data
Continuity demands
• Securitisation of source code
• Escrow agent / TTP
• Release in triggering events to authorised users
Escrow: bearing
• Access to source code and documentation for maintenance
• Without surrendering power over source code
• In triggering events
Escrow: goal - local
• Access to sources and documentation
• Critical uninterrupted availability
• services
• applications
• data
• In triggering events
Escrow: goal - cloud
• Contract
• Deposit and verification
• Secure storage
• Ongoing administration
• Trusted third-party
• Triggering events – bankruptcy of supplier – IP in bankruptcy estate
– non or poor performance by supplier
Escrow: means
• Dutch case law: Nebula judgement (Dutch Supreme Court 3 November 2006, NJ 2007, 155
• Case related to rental agreement
• landlord bankrupt
• tenant cannot require continuation of rental agreement
• equal treatment of creditors in bankruptcy (‘paritas creditorum’)
Escrow challenged
• Nebula applicable to escrow?
• escrow agreement before bankruptcy
• supplier bankrupt = triggering event
• agent surrenders sources
• so far so good…
BUT: receiver may still oppose the USE of the sources!
Escrow challenged
ESCROW MODELS
• Traditional escrow notary/TTP
• Split copyright
• SaaS/cloud escrow
• Advanced escrow/warranty
Escrow models
Source code Deposit
at agent
Verification
by expert Acceptance
Triggering event
Issue of copy
Traditional escrow
• Upside:
• simple and easy
• Downside:
• practice few deposits/timely deposits
• traditional escrow not sufficient for cloud
• no access to human resources
• bankruptcy receiver to prevent access and
use of sources?
Traditional escrow
Split copyright
• Upside
• part of copyright = strong basis
• Downside
• possible for SaaS? – multiple owners?
• no guarantee for immediate continuity
• no access to skilled human resources
• hesitation supplier to share copyright
Split copyright
Usufruct
IP to software
Usufruct
• Upside
• limited right on IP = strong basis
• unaffected by bankruptcy
• Downside
• useful for SaaS? – multiple usufruct?
• no guarantee for immediate continuity
• no access to skilled human resources
• hesitation supplier to grant usufruct
Usufruct
Cloud escrow
Third party
Cloud escrow -
backup/fallback
SaaS
Data
SaaS services
supplier
Customer
SaaS
Data
• Upside
• immediate continuation of services in
case of full redundant system
• access to data?
• Downside
• access to skilled human resources?
• bankruptcy receiver to prevent access and
use of sources?
Cloud escrow
• Our advanced solution
• © Louwers IP|Technology Advocaten
• Combination IP allocation & escrow/warranty
Risk management for supplier and customer
Advanced escrow/warranty
Step 1: IP allocation out of operation company
HOLDING B.V.
SUPPLIER/PROVIDER B.V.
TRANSFER IP LICENSE IP
IP
Advanced escrow/warranty
HOLDING B.V.
CUSTOMER/END USER
WARRANTY FOUNDATION
ESCROW-WARRANTY
AGREEMENT
SUPPLIER/PROVIDER B.V.
License/VAR
agreement
IP
Step 2: escrow-warranty arrangement
CLOUD / SaaS
AGREEMENT
SAAS-SERVICES
SERVER(S) WITH
SOFTWARE AND DATA
OPTIONAL:
MIRROR
ENVIRONMENT
SOURCES
SAAS-SERVICES
SERVER(S) WITH
SOFTWARE AND DATA
HOLDING B.V.
CUSTOMER/END USER
WARRANTY FOUNDATION
ESCROW-WARRANTY
AGREEMENT
SUPPLIER/PROVIDER B.V.
License/VAR
agreement
IP
Step 3: triggering event – foundation takes over
CLOUD / SaaS
AGREEMENT
OPTIONAL:
MIRROR
ENVIRONMENT
SOURCES
HOLDING B.V.
CUSTOMER/END USER
WARRANTY FOUNDATION
ESCROW-WARRANTY
AGREEMENT
IP
Step 4: foundation provides services
CUSTOMER/END USER
OPTIONAL:
MIRROR
ENVIRONMENT
SOURCES
HOLDING B.V.
CUSTOMER/END USER
WARRANTY FOUNDATION
ESCROW-WARRANTY
AGREEMENT
NEWCO SUPPLIER/PROVIDER B.V.
License/VAR
agreement
IP
Step 5: newco takes over and foundation draws back
NEW CLOUD / SaaS
AGREEMENT
SAAS-SERVICES
SERVER(S) WITH
SOFTWARE AND DATA
OPTIONAL:
MIRROR
ENVIRONMENT
SOURCES
• Upside
• dedicated foundation
• control supplier, user/group, independent
• escrow agent
• mirror: system available (backup, recovery, fallback)
• IP allocation and involvement IP owner
• access to skilled human resources of supplier (through IP owner)
Advanced escrow/warranty
• Downside
• mirror more expensive
• administrative burden foundation
• what in case of bankruptcy of IP owner?
• solution: right of usufruct to foundation
• SMEs only?
Advanced escrow/warranty
WRAP UP
• Many topics for discussion…
• Validity escrow in other jurisdictions?
• Right of receiver to withdraw or deny access or use of source code?
• Is usufruct a solution?
• What about data?
• Any new ideas from your jurisdiction?
Wrap up