What is a Code Escrow Agreement?
Software code escrow is an arrangement between a software vendor, (developer or licensor and a third party Escrow agent, for the benefit of the software licensee, that ensures that source code of the software application will be available to the licensee if it is unable to access the application for reasons permitted under the agreement.
The purpose of a software escrow agreement is to allow the licensee access to the source code so the licensee can compile the code and apply upgrades as well as correct any deficiencies. The source code must (i) be defined in the agreement, sometimes referred to as "the deposit" and (ii) escrowed at a neutral third party, who is responsible for its safekeeping.
Typically, if the software vendor goes out of business or is acquired by a company that does not support the application , the licensee can request the third party Escrow agent to release the source code. The Esrow agreement should define the process for validating the request, i.e. a request from the licensee should be followed by a request to confirm the circumstances for release is valid.
Code Escrow agreements help protect a company’s software investment. Code Escrow agreements are advantageous for both a licensee and a software vendor. The licensee is assured access to the source code allowing the company to resolve deficiencies or to migrate away from the application in a seamless manner while providing the licensee with business continuation if the software vendor is no longer able to deliver support or the software vendor is aquired by a company that does not support the application.
Components of a Code Escrow Agreement
The essential elements of a code escrow agreement include a definition of the parties, a description of the source code to be placed in escrow, and conditions under which the source code in escrow will be released.
- Definition of the Parties: A code escrow agreement must define all parties to the transaction. This means at a minimum, that the licensor (the party placing the source code in the escrow) and the licensee (the party licensing the software and benefiting from the escrow agreement) are defined. In addition, the escrow agent (the party who holds and manages the source code in the escrow for the benefit of the licensor and licensee) should also be defined. While it may be appropriate for the licensee to name its own corporation in the agreement, the escrow agent should also name it’s appointed representative (often a corporate officer) in the agreement. This is because the named corporate entity is not necessarily the same as the named representative depending on the structure of the corporation holding the source code on behalf of the escrow agent.
- Source Code: A code escrow agreement should also include a very thorough description of the source code being placed in the escrow. Coders don’t always understand this, but source code in a live production server may be kept separate from source code maintained for development purposes. Coders also often believe that a program they wrote that connects to another program is excluded from the definition of source code, when in fact, it is not. For example, Connect Direct is a data transfer program produced by IBM for use with mainframe computers. Mainframe coders have been found to frequently "overlook" the fact that they have to provide the Connect Direct source code for storage in a code escrow agreement since the Connect Direct program was the result of their coding. In other words, if the coders can use a program during development, they often think they don’t need to provide it in a code escrow agreement. An experienced code escrow provider will help the licensee of the software identify the necessary source code. The code escrow agreement should also include a statement of what software is excluded from the definition of source code, if any.
- Release Conditions: A code escrow agreement will almost always include one or more release conditions, which trigger the release of the source code from the escrow, or release of the software in some other format such as a binary. While it is very rare that source code is actually released from an escrow, some contracts may provide for an immediate release of the code when the software is delivered to the licensee, which is not a requirement for a code escrow agreement currently. The release conditions should be clearly stated in the code escrow agreement.
Advantages of Code Escrowing
Code escrow agreements provide a range of benefits that extend far beyond merely preserving source code. When seeking security for their software investments, licensees can take advantage of code escrow in the following ways:
Risk Mitigation
A solid code escrow ensures that licensees will never lose access to the true software source. Since the escrowed version is a verified utility, this gives them control over whether or not key applications can continue to run and be used for various tasks.
The verification process also helps to motivate vendors to create installations that actually work, rather than simply relying on sales to generate revenue. They can no longer cut corners and knowingly sell code that is bugged or broken. A great deal of effort goes into passing the verification process, so maintaining that state is in everyone’s best interests.
Business Continuity
Restrictive licensing agreements and lack of contingency planning can spell disaster for the licensee when they rely on outside vendors. If the vendor goes bankrupt, the business project stalls at best and fails at worst.
Code escrow agreements mitigate this risk by allowing companies to continue to employ the software product if the vendor loses control of the keys or fails to fix bugs or identify security vulnerabilities in a timely manner. Loss of critical staff and computer systems downtime, which are two of the leading causes of business failure, are also effectively addressed through the use of code escrow.
Assurance for Software Licensees
Software escrow provides licensees with the certainty that bugs, security vulnerabilities or licensing issues discovered after the installation are not their responsibility. Companies can successfully pressure vendors to correct these problems without fear of losing the utility or having to start from scratch.
Most importantly, when employing a code escrow, licensees have confidence that the vendor will not suddenly refuse to provide product upgrades or complete the maintenance and support functions covered under the licensing contract. This ensures that the program can evolve to meet future business needs.
Situations that Involve Code Escrow Releases
Written into a code escrow agreement, code releases occur when the third-party agent disburses the source code to the licensee or a designated third party. In most cases, the release is triggered when certain events happen or appear likely to happen. Some common events are when: the licensor files for bankruptcy protection, seeks dissolution, or otherwise ceases to do business in the normal course; the licensor terminates, or indicates an intention to terminate, maintenance and support of the software; the owner of the subject source code transfers or indicates an intention to transfer the license upon the expiration of the license agreement; the licensor fails to correct a defect or corrects a defect which renders the software inoperable; or the licensor provides software updates and enhancements without providing licensee with any rights to those updates/enhancements.
The common thread of the circumstances triggering a release events is that the licensor of the software is unwilling or unable to continue to support the software through normal means and the only way to ensure the continued availability of the software is by granting the licensee the source code.
Events such as the demise of the software vendor may not be enough for a release. The licensee could still face litigation for use of the software, if the demise was a hotly contested event, or there may be a dispute as to the ownership of the source code. To avoid such untidy results, it is always a good idea to have a clear set of conditions spelling out a list of triggers which will release the source code.
How to Establish a Code Escrow Agreement
Setting up an agreement is a relatively straightforward process. Questions that need to be answered are: Who will escrow the source code? What version of the source code will be placed in the repository? How often will code be updated? In addition, one needs to determine how the code will be stored. For all of these questions, a vendors’ customer service department should be able to provide some guidance . The escrow agreement is a legal document, so it will also need to be finalized. This means you will probably have to consult a lawyer to make sure that the agreement is in line with any other contracts that you have, and that it addresses all concerns that you might have in case the coders for the vendor leave or another situation should arise.
Difficulties and Issues Related to Code Escrow Agreements
As with most commercial agreements, there are several potential challenges or considerations when dealing with code escrow agreements. Both the licensee and licensor have a stake in agreeing on terms that will allow for growth and expansion of the license and any dividends to be reaped should any third party use the licensed code. First and foremost, ensuring that the deposited code is complete and includes all the information and materials needed for the licensee to continue to develop and support the product should the need arise based on a license event is crucial. It is equally important that the deposited code is up to date. Licensors also want to avoid situations where the service bureau has access to earlier versions of the code, which may then later be used by the service bureau and other unfriendly third parties in competing products.
Another consideration is with respect to the scope of tunnel vision of code coverage into the code required for deposit. The licensee may want to avoid an overly broad description of such coverage in order to avoid limiting its ability to innovate and create a competitive product using code not contributed to the licensee by the licensor. Indeed, the licensee may claim protection under the deposit agreement and underlying license for code that the licensor contends is not covered. In such cases, the service bureau will have to deal with the question of whether to release the code to the licensee.
The service bureau will also have to determine whether to require an additional fee from the licensee for administering a dispute between the licensee and the licensor with respect to whether the code in question is covered by the code deposit agreement. Particularly in larger disputes where the total amount of the license is at stake, the fee might be significant. To avoid potentially high fees, the service bureau may decide to include a provision in its service agreement with the licensee eliminating its liability for such costs.
Choosing a Code Escrow Agent
The most important component of a code escrow agreement is the code escrow service provider, so it is important to select a provider that has experience in managing deposits. A provider with deep experience (meaning a provider that has a large book of code escrow business) can draw on that experience to help make correct decisions when questions concerning the process arise. Additionally, a provider with extensive experience should have refined its security measures to the point that proper controls are in place to protect the deposit and to maintain its integrity.
Furthermore, it is critical that you select a provider with the appropriate level of security in its data centers and its processes. A code escrow provider’s data center security should include, at a minimum, biometric access controls, man traps, and secure video surveillance and record keeping.
You should also request information concerning the procedures and protocols used by a code escrow provider to manage the deposit materials. In particular, your code escrow provider should be able to handle the kinds of technology that you need covered by the code escrow agreement (e.g., source code, object code, documentation, etc.). The provider should also have systems in place for managing infringement claims processing, compliance testing, and noticing issues. Other offerings that make a code escrow provider more appealing include: the ability to accept tapes, the ability to accept backup tapes, a system for authenticating deposit materials, on-premise authentication, and considered evaluation of discovery requests.
Security is critical with code escrow services, and your provider should have spent adequate time and effort to ensure that its processes are controlled, reliable, and secure. Providers should be able to support and maintain such controls and should periodically audit themselves to ensure that they are properly managed. Any reputable service will be able to provide a copy of its internal audit report to you upon request.
Examples of Successful Code Escrow Arrangements
To illustrate the value of a code escrow agreement, we can look at some real life examples where code escrow agreements saved the day for software buyers. In 2001, one of the major gaming companies in the U.S. acquired several other businesses that held rights to software for two of its key systems. The gaming company’s plans were to combine the acquired systems into one. To accomplish this, the systems source code needed to be integrated so that all these acquired systems would work together as one system—which was critical to its continued operations. After several months of negotiations with the vendors of these systems, the gaming company was able to obtain the source code which was then integrated into one seamless system. In another example, a homebuilder relied on software created by a software development firm to optimize its home designs. As the business grew, the homebuilder decided to terminate the relationship with this software development firm, and use the source code created by the firm. Fortunately , it had a code escrow agreement in place that required the third party developer to deposit the source code for the software it created on behalf of the homebuilder. This enabled the homebuilder to use the source code to have a different third party build the system it required. In still another situation, a financial services company was acquired by a banking institution the day after it entered into a critical agreement with an innovative management consulting firm. The software developed by this management consulting firm formed the basis of the service offering of the target/newly acquired financial services company. The acquiror was concerned that this new agreement would not be effective after the acquisition of the target company. As a result, as part of the due diligence process prior to the closing of the transaction, the acquiror insisted on a code escrow agreement to ensure there was no disruption in the ongoing development and up-keep/update of the software being developed, and to avoid any programming delays.