Legal Considerations When Using Open-Source Software
Open-source software is full of benefits, true. It’s especially useful for startups, fast-pace development, and AI companies - where AI models are often built on pre-existing and open-source models.
But have you ever wondered why investors legal team always asks: “Have you used open-source code in your product? If yes—what parts, and under what licenses?”
That is because open-source is not only full of benefits, it is also full of risks. We will not describe all risks here - just a couple of highlights from our practice and a small case study, so you know what to consider when using open source.
Risk No. 1 – Company Valuation Impact
If you take a piece of code from, for example, GitHub (without checking the “LICENSE” page) and incorporate it in any way into your product’s source code, there is a risk that your entire product will be subject to the restrictions of the respective license.
The most critical concern is with copyleft (or “viral”) licenses such as the GNU GPL, LGPL, MPL, and AGPL, which require derivative works to comply with the original license terms. But even permissive licenses (MIT, Apache 2.0, etc.) are likewise risky.
For investors, product containing copyleft code is a red flag because:
- Distribution – because distribution requires compliance with license terms (e.g., attribution, source code disclosure, commercial use restrictions, etc.)
- Enforcement - there may be uncertainty over who holds copyright and if there is copyright at all, complicating enforcement of intellectual property.
Consequently, this can significantly reduce the company’s valuation (e.g., from 6X to 2-4X) or close off the investment opportunities at all.
Risk No. 2 – No Copyright
Case study:
Company X hired a developer, Alex, and asked to urgently build an MVP of an AI-driven support platform (including AI-assistant in sales). Due to budget constraints, Alex used open-source models and code from GitHub, making minor modifications. The product helped Company X secure investments and launch the product. In a few years, Alex started his own startup with a similar product “AI-buddy”, which was supposed to help when someone is bored and needs a friendly talk. Company X sued Alex for copyright infringement.
However, the court ruled that the Company X’s source code of the AI-assistant was not protected by copyright because it largely consisted of open-source code licensed under a mix of licenses, including Apache 2.0 and GNU GPL.
This case shows how reliance on open-source models can weaken a company’s claims over its product.
Risk No. 3 – Financial Losses
Another issue to bear in mind is that failure to comply with license terms can result in financial losses, which investors also take as a risky factor.
For example, in Entr’Ouvert v. Orange (February 2024), Orange incorporated the GPL-licensed LASSO program into its identity management platform but:
- Did not provide copyright notices,
- Did not make the modified software freely available,
- Did not share the full source code after modifications.
As a result, the French court ordered Orange to pay nearly EUR 1 million in damages due to the breach of GNU GPL license terms.
The above show that using open source carries risks.
If you need legal advice on how to mitigate these risks, don’t hesitate to reach out. In the meantime, we recommend checking out GitHub’s license guide (https://opensource.guide/legal/#which-open-source-license-is-appropriate-for-my-project).
Attention Journalists: Use of REVERA website materials in publications is only allowed with our written permission.
