Management of Software Projects
From the legal perspective
Other relevant information about software, licensing and guidelines
This page gives you practical recommendations and informations on how to maintain/organize your software project from a legal perspective and to what you need to look, so that, later on, a licenseing to a third party (start-up, industry, research institutions, etc.) will be easy and smooth.
Sometimes the development of software starts with few lines, as e.g. a simple script, and then progress over time and becomes big (even huge). Rarely you know from the beginning were you end.
Recover all the required information afterwards, sometimes years later, to assess the rights and obligations in the software will be very challenging and time consuming.
As a consequence of the lack or incomplete information, from time to time it happens that we can license the software only with restrictions and limitations. In other situations we are even completely unable or it's too risky to license a software to a third party.
In addition, as an example, to overcome some of these restrictions and limitations occasionally you are required to re-program part of the code or to substitute elements of the code. Also this might be very time consuming and requires additional effort.
For this reasons, we suggest to organize the software development from the beginning taking into account the legal aspects it's coming with.
Copyright
Remember that your developed software (i.e. program code) is protected by the copyright law (see here for copyright on software) as soon as it is written, and requires a license if you want to pass the software to a third party (i.e. outside ETH Zurich), regardless of whether this third party is a commercial entity or a scientific institution, for a fee or not.
In general, assume that no third party is allowed to use your software. And if you pass the software on to a third party or make the software accessible (e.g. through a webpage) without a proper license, this third party is in principle infringing the copyright in the software (or the copyright of the authors, i.e. students).
The rights and obligations in a license, that ETH Zurich can grant to a third party, depends on the "legal framework" in which the software was developed.
If ETH Zurich has all unrestricted rights to the software and it is the only one that has such unrestricted rights, ETH Zurich has the broadest possible option to license the software to third parties. In principle, we can grant exclusive, non-exclusive or open source licenses.
And at any time, in principle, we can also change the license type, if we are not contradicting an already granted license.
If others have rights to the software or we have obligations to others, we do not have this full range of licensing options.
ETH Zurich has certainly the broadest and unrestricted licensing right to a software, if:
- all developers of the software were employed by ETH Zurich (without funding from a third party),
- any part of the software was not developed under an agreement with a third party (e.g. research project), and
- no third party components or third party vendor software was used.
So, we warmly recommend to consider from beginning all the legal aspects involved when you develop a software.
This is especially true if:
- you want to incorporated a company that exploits the developed software (start-up, Spin-off);
- apply for a Pioneer Fellowship or a Wyss Project, and the developed software is used and/or further developed in the Pioneer Fellowship or a Wyss Project, or;
- you want to use and/or further develop the developed software within a research project (SNF, EU, Innosuisse, etc.) with industry or other third parties.
If software is licensed (i.e. exploited) by ETH Zurich to third parties (even if only for a limited time, e.g. in research projects with third parties), it must be clarified in advance whether ETH Zurich has the necessary rights to do so or has any obligations towards third parties.
Fundamentally the following question must be answered:
Do third parties have any rights to the software, or part of it, so that ETH Zurich is not entitled to exploit (e.g. license, sell, lease, etc.) the software or is only entiteled to license the software with restrictions?
And it can be divided in three different questions:
- Who developed the software?;
- Was the software developed in whole, or in part, under an agreement with a third party or an employee's salary was paid by a third party?;
- Do you have used third party components or do you have used software from a commercial software provider to develop the software
A seperate section is dedicated on data used by a software or used for training of the software (AI/Machine Learning Software).
Note: In general, software can only be exploited without restrictions by ETH Zurich if all developers were or are employed at ETH Zurich while the software was being developed, and it is not restricted by an agreement with a third party (please see below).
If a person has contributed to a software and was not employed at ETH Zurich (e.g. bachelor/master students), ETH Zurich needs the rights from such person, or from its employer, to use and license the software as a whole, and an agreement must be stipulated with them.
If no agreement with the students or external person is possible, either no exploitation of the software can take place or the affected parts must be excluded, replaced or reprogrammed (if possible).
- If students are willing to give ETH Zurich all the unrestricted rights to exploit the software, in exchange, the students will be compensated by ETH Zurich, and treated equivalently as an employee of ETH Zurich, in the sense of the “Guidelines for the Financial Exploitation of Research Results at ETH Zurich”, RSETHZ 440.4. As such, in case ETH Zurich obtain some income from the exploitation of the software a part of such income goes to students. We have standard agreements for students. Please contact us.
- If the external person was employed by another employer, ETH Zurich try to reach an agreement with the employer to use and/or further develop the part of software from the external person. ETH Zurich will use reasonable effort to reach an agreement with the third party. If such an agreement is not possible, or was not possible within a reasonable time period, the part developed by the external person must be excluded from the software.
Therefore, we recommend to:
- Track, from the first line of code, who is the author of the developed code to avoid tedious searches afterwards to understand who has developed what of the software.
- Use professional software or platforms to develop the software, and be very strict to require to clearly identify/name the author when they develop the code. For example, use a dedicated account on the platforms for each developer of the software. ETH Zurich has Gitlab as a central organized platform. Please contact the ID (Informatikdienst) for more information on GitLab.
- In general, we higly recommend to avoid students or external persons as code developer, especially if later on you want to commercially exploit the software. And if it cannot be avoided, please do not work with students and external persons without first signing an agreement that regulates the rights and obligations to the developed software.
This section is divided in two parts.
PART 1: WAS THE SOFTWARE, OR A PART, DEVELOPED UNDER AN AGREEMENT?
Note: In case the software, or a part of it, was developed in a research project with third parties, most likely the unrestricted licensing of your software, or such part of it, is not anymore possible.
If your software was developed, even if only partially, in a research project under an agreement with a third party, this agreement takes precedence.
It must be clarified whether the agreement permits the exploitation of your software and under which conditions.
Please contact either the Research Contract Group or the Grants Office - GO!, or any other organization of ETH Zurich who helped to draft/negotiated the agreement.
Therefore, we recommend to track when you use, or further develop your software, or part of it, in a project with third parties to avoid tedious searches afterwards to understand the rights to the software or its parts.
- Maintain a list of the software, or its parts, involved in a project and the basic rights (e.g. non-exclusive, etc.) remaining to ETH Zurich and any relevant limitation for ETH Zurich, that was stipulated in the agreement.
Remember that confidential information can also restrict the further use of a software, or any part, developed under the agreement. In principle, you can expect that, if you used confidential information from a third party you are not allowed to distribute the software affected by such confidential information.
If you work with military organization or organization (e.g. IARPA), also companies, that have strong relationship/connection to the military, most likely you have restrictions in using such information and the related software.
- Maintain a list of the software, or its parts, that was developed with confidential information from third parties.
PART 2: WAS THE SALARY OF AN ETH ZURICH EMPLOYEE PAID BY A THIRD PARTY?
An employed person with its salary 100% paid via a third party project or with the funding of a third party is supposed to work only on that project or for the purpose established by the funding party.
If the software was entirely, or partly, developed by such an employee, but outside the project or outside the purpose of the funding party, the funding party or the project partner can still have rights in the developed software. This would be a very complicated legal situation.
Therefore, we recommend to carefully check whether an ETH Zurich employed person is paid by a third party funding and which implication such funding has on the development of the software.
This section is divided in two parts.
PART 1: HAVE YOU USED THIRD PARTY COMPONENTS/CODE?
Note: In most cases, software developed at ETH Zurich contains program code from third parties. Such program code is often under an open source license or is proprietary code from third parties.
For example, if you use very well known libraries or code that is frequently used in certain software development sectors, it is most likely under an open source license.
If program code in your software is under a proprietary or open source license, the license conditions of the third party program code must be carefully checked. If the license conditions of the third party code do not permit any exploitation or only permit a partial exploitation by ETH Zurich, new license conditions may have to be agreed with the third party.
Hint: Often program code that is widely used in certain sectors comes with different licenses, e.g. several different open source licenses or even proprietor software licenses for a fee.
Program code with a open source license can be used or integrated in your software, and further developed, also in case you later want to commercially exploit your software. But some limitations apply.
- Permissive open source licenses (e.g. MIT, BSD, Apache v2, etc.): in general, your software, when containing such program code, can be licensed proprietarily by ETH Zurich. However, often the copyright notice must be maintained or a reference to the authors of the program code must be made. Not following this obligations means that you are infringing the original license of the program code or the copyright of the authors.
- Copyleft open source licenses (e.g. GPL, AGPL, etc.): any software developed by you that contains program code under a copyleft license requires that the entire software developed by you can only be distributed under the same copyleft license (no proprietary license is possible). An exception applies if program code is under an LGPL license. Program code with a LGPL license (often libraries) is under the GPL license only if you modify the library itself.
If you decide to use open source program code in your software, you should verify in advance whether the licenses of the third party program code is compatible with your intention to distribute your software under a specific license (e.g. proprietary).
For example, is you have used program code under a copyleft license and you don't want to distribute your software under the same copyleft license, then you have to delete the program code under such license from your software or look for an appropriate alternative under a different license.
PART 2: HAVE YOU USED SOFTWARE FROM A THIRD PARTY SOFTWARE VENDOR (MatLab, MentorGraphics, etc.)?
Note: ETH Zurich usually purchase either teaching or research licenses, it is rather unlikely that your software, that is/was developed with such "vendor software", can be exploited or exploited without restrictions.
If you have used software from a software vendor (e.g. MatLab, Xilinx, Synapsis, LabView, etc.) to develop your software, or a part of it, the purchased license for the vendor software must be carefully verified, prior to license your software, or part of it, to a third party.
- If you or your group purchased the vendor software from the IT Shop, or the ID Procurement & Compliance was involved, please contact them to verify together with them, if you can use your software according to your intention (e.g. distribute it under a specific license or you if you are allowed to use it for commercial purpose).
The written approval from the ID Procurement & Compliance is necessary if you want to use the developed software for commercial purpose (or within a project with the industry) or if you request that we license it to a third party (even under an open source license).
- If you or your group purchased the third party software directly from a vendor, please contact the vendor and explain your intentions. If the purchased license do not allow to use/distribute your developed software according to your intention, then ask what you should do to be allowed to do so. Maybe purchasing a different license permits you to use/distribute your software according to your intention.
The written approval from the vendor is necessary if you want to use your developed software for commercial purpose (or within a project with the industry) or if you request that we license it to a third party (even under an open source license)
DATA
Sometimes data are used by a software, or are contained in the software or used to develop the software (e.g. for training).
Often ETH Zurich receives the data from a third party because it is a research institution. And sometimes downloadable data are available only for research purposes or for purpose without commercial use. ETH Zurich therefore usually receives the data under a restricted use conditions. Such use conditions may have an impact on the developed software itself and must be carefully verified prior to distribute/exploit the software.
Also often the data can be simply downloaded from the internet. Many of these data are simply "free" to use. In such cases the redistribution is often prohibited without the written consent of the data producer/provider and, so rarely ETH Zurich is allowed to redistribute such data or the software developed with it.
It is therefore advisable not to use data from third parties, but only your own raw data or data that has been further processed from your own raw data. As a general rule, the data must be kept separate from the software and you should verify all legal implications of the the entire "production process" of both, the software and the data itself.
- If data from third parties has been used to train AI/machine learning software and the trained software should be exploited, it must be checked in advance whether the AI/machine learning software can be used afterwards and under which conditions. This is today somehow an unclear legal territory and heavily impacted by the use conditions of the data.
- If data has been obtained in clinical studies or with the permission of individuals, the patient consent must be verified whether the data may be used for commercial activities or the explicit permission from the individuals is necessary. It is advisable to have a consent from the patients for commercial use (if any is necessary, e.g. if a startup is incorporated later that wants to use such data or the related software) before you start a clinical study or having similar use conditions from any individual that participate in a project.
For further information on Open Source Projects, please see here. (not yet ready, webpage under construction)
© The text on this webpage was written by a human.
For any additional information regarding software licensing to third parties, please contact the IP & Licensing Group.