Laura Harper and Aaron Trebble (pictured) at Lewis Silkin share insights on how to manage risks when using Open Source Software. Laura and Aaron will be running a roundtable at GaMaYo on 23rd May on this issue from 5pm so you can raise questions and meet them in person at our May event!
Managing risks with Open Source Software
Open source software (“OSS”) is widely used by hardware and software developers. It provides free access to a range of ready-made libraries, functions and other materials which can simply be incorporated into a new project without the need to reinvent the wheel. Often, OSS solutions have been developed over many years by the online community reviewing and updating the code. OSS can support collaboration and knowledge sharing across the games community.
However, use of OSS material is not without legal risk, and caution should be exercised before incorporating any OSS into your game. We would recommend that all companies working with OSS put in in place a clear written policy detailing when and how OSS material can be used by their developer team. Records should also be kept of the OSS that is used, the licence terms that apply to it and the steps being taken to comply with the licence. This will help to manage the risk.
The potential risks of using OSS in an uncontrolled way include:
- all or part of your game could itself become OSS;
- customers and competitors could access and reuse your code without paying for it;
- disclosure of your code could pose a security risk and/or lead to hacks and cheats;
- you could breach the terms of your contract with your client or publisher; and
- action could be taken by owners of the OSS for failing to comply with their licence terms.
Many of the above are worst-case scenarios but the risks are real, and it is important to take them seriously to protect the value of the Intellectual Property (“IP”) in your code. Be mindful that AI-generated code could also potentially incorporate OSS, and so the use of such code could indirectly expose you to these risks.
OSS licences
What use of any OSS code means for you largely depends on which licence terms apply. There are over 100 different OSS licences recognised by the Open Source Initiative, ranging from the very detailed to the very short. It is necessary to consider the specific terms that apply to any OSS you are proposing to use but, broadly speaking, there are two main types of licence:
- Copyleft Examples include GPL and MPL. These require that any derivative work is distributed to others on OSS terms. Copyleft OSS is higher risk to developers from an IP ownership perspective.
- Permissive Examples include MIT and Apache. These are lower risk to developers from an IP ownership perspective. They do not require that derivative works are distributed on OSS terms.
Derivative works and distribution
Two key concepts to be aware of are “derivative works” and “distribution”.
The precise meaning will vary in each licence, but a derivative work is generally software that has copied or adapted all or part of the code from the OSS. For example, if you reproduce lines of the OSS code in your game, you may be creating a derivative work. It is worth noting that certain types of linking can also create a derivative work.
Distribution refers to making the derivative work available to the public. Once your game is distributed, it will generally become OSS if it is based on copyleft material. Sometimes it is assumed that use of copyleft OSS for purely online live service games will be safe because that is not “distribution” of the game, but this will depend on the OSS licence terms.
Some licences do treat software that is only available via network differently to software that is installed to user devices. Other licences treat both types of software equally, and so both will count as distribution (the AGPL is an example). Caution should be exercised when interpreting the licence, because the consequences of getting this point wrong could be serious.
Other points to note
The above might suggest that, whilst copyleft licences should be avoided, permissive licences are fine to use. Whilst it is true that permissive licences are usually less concerning from an IP ownership perspective, there may also be limited use cases where copyleft is appropriate. Be aware also that all OSS will entail some level of risk, and there will usually be licence obligations that you need to comply with even if it is not copyleft.
Other points to note include:
- OSS licences often require you to include an attribution notice in your game;
- there may be a risk that use of the OSS infringes third party IP including patents;
- OSS licences will not provide contractual protection for you if something goes wrong;
- many development and publishing agreements prohibit or restrict OSS use; and
- your client or publisher may require you to take on the legal risk of using OSS.
Further assistance
The Lewis Silkin Interactive Entertainment team is experienced in advising on the use of OSS and can help with writing and implementing an OSS policy tailored to your needs. Please do get in touch if you would like to discuss any of the issues in this article.
To find out more about our Game Republic Affiliates, or to join the network or attend GaMaYo, please get in touch here.
If you like this post, please help us by sharing it!