Software Licence Agreement (India)

Software (computer programs) is protected as a literary work under the Copyright Act 1957 (as amended in 1994 and 2012). Section 2(ffc) of the Act defines a 'computer programme' as a set of instructions expressed in words, codes, schemes, or in any other form, including a machine-readable medium, capable of causing a computer to perform a particular task or achieve a particular result. The copyright in a computer programme vests in the author and, in the case of a work created by an employee in the course of employment, in the employer under Section 17 of the Act. Copyright protection for software gives the owner the exclusive rights under Section 14(b) of the Act to: reproduce the work in any material form including storage in any medium by electronic or other means; issue copies to the public; perform the work in public or communicate it to the public; make any translation; and make any adaptation of the computer programme. These rights are infringed by any person who, without licence, exercises any of them. In addition to copyright, software may also be protected as a trade secret under the Indian Contract Act 1872 and the common law of confidence. Patents for software in India are restricted: Section 3(k) of the Patents Act 1970 excludes mathematical or business methods, mental processes, and computer programmes per se from patentability.

Software licence agreements in India typically impose a comprehensive set of restrictions on licensees to protect the licensor's intellectual property rights and to preserve the commercial value of the software. The key restrictions are as follows. No reverse engineering: The licensee is prohibited from decompiling, disassembling, or reverse-engineering the software or any part thereof. This restriction is important in India because, unlike EU law, the Copyright Act 1957 does not contain an express statutory exception for reverse engineering for interoperability purposes. The legality of contractual prohibitions on reverse engineering is therefore stronger in India than in some other jurisdictions. No modification or derivative works: The licensee may not modify, adapt, translate, or create derivative works based on the software without the licensor's prior written consent, as these activities would infringe the adaptation right under Section 14(b) of the Copyright Act 1957. No sublicensing: The licensee may not sublicence the software to any third party without the licensor's consent. In SaaS models, this typically prohibits the licensee from reselling access to the software. Number of users or installations: The licence may be restricted to a specified number of concurrent users, named users, or installations (seats). Use beyond the licensed scope constitutes infringement. Geographic restriction: The licensee may use the software only within India or within the agreed territory.

The Digital Personal Data Protection Act 2023 (DPDP Act) is India's first comprehensive data protection legislation and has significant implications for software licence agreements. The DPDP Act is being implemented in phases; its substantive provisions are expected to come into force once the DPDP Rules are finalised. The DPDP Act establishes a framework for the processing of 'digital personal data' — any data about an individual who is identifiable. It distinguishes between 'Data Fiduciaries' (entities that determine the purpose and means of processing) and 'Data Processors' (entities that process data on behalf of Data Fiduciaries). Where a software licensee processes personal data of Indian residents using the licensed software, the licensee is typically a Data Fiduciary; where the licensor provides a SaaS platform that processes data on behalf of the licensee, the licensor may be a Data Processor. Key obligations under the DPDP Act that affect software licence agreements include: the requirement for a written data processing agreement between the Data Fiduciary and any Data Processor; obligations to implement appropriate security safeguards; obligations to notify the Data Protection Board (to be established) of personal data breaches; data localisation obligations for 'significant' Data Fiduciaries (to be notified by the Government); and data principal rights including the right to erasure ('right to be forgotten').

Limitation of liability clauses are standard in Indian software licence agreements and are generally enforceable under the Indian Contract Act 1872, subject to certain limitations. The key principles are as follows. Cap on liability: The most common form of limitation is a cap on the total aggregate liability of either party, expressed as a multiple of the fees paid by the licensee under the agreement in the preceding twelve months (typically 1x or 2x annual fees). This cap is enforceable in India provided it is clearly worded and brought to the attention of the other party. Exclusion of consequential loss: Software licence agreements typically exclude liability for indirect or consequential losses — including loss of profits, loss of revenue, loss of data, and loss of business. Indian courts have generally upheld such exclusions where the parties are commercial entities dealing at arm's length and the clause is clearly expressed. Exceptions to limitation: Standard carve-outs from the liability cap include: fraud or wilful misconduct; death or personal injury caused by negligence; breach of confidentiality obligations; infringement of IP rights; and (increasingly) data protection breaches under the IT Act 2000 or DPDP Act 2023. Warranty disclaimers: Software licences typically exclude implied warranties of merchantability, fitness for a particular purpose, and error-free operation.

Source code escrow is an important risk management mechanism for licensees of proprietary software in India. The key issue is that software is typically licensed only in object code (compiled, machine-readable form), with the licensor retaining the source code (human-readable form). If the licensor ceases to support the software, becomes insolvent, or discontinues the product, the licensee may be unable to maintain, modify, or fix bugs in the software without access to the source code. A source code escrow arrangement involves the licensor depositing the source code, together with build instructions and related materials, with a neutral third-party escrow agent (such as a law firm or professional escrow service). The escrow agreement specifies the events ('release conditions') upon which the escrow agent will release the source code to the licensee. Common release conditions include: the licensor's insolvency, winding up, or appointment of a liquidator; the licensor's material breach of its support obligations that is not remedied within a specified period; and the licensor's discontinuation of the software. In India, source code escrow arrangements are governed by the general law of bailment under Chapter IX of the Indian Contract Act 1872 (Sections 148–181). The escrow agent holds the source code as bailee and is obliged to return it to the licensor on demand (where the release conditions have not been triggered) or to deliver it to the licensee (where the release conditions have been triggered).