Open source software can, by definition, be freely used, modified, and shared. But these permissions also often come with certain conditions.
Most licenses (both copyleft and permissive) have provisions that require derivative works to include attribution notices (upon distribution of the licensed code). Copyleft licenses generally have source code sharing requirements. And so on.
Failing to comply with an open source license’s conditions can have a range of consequences, including reputational damage, lawsuits, and financial penalties. Courts worldwide have repeatedly upheld open source license terms as enforceable under copyright law — sending a clear message that free software still comes with obligations.
In this blog, we’ll explore five of the most noteworthy court cases related to open source license compliance, including the implications of each.
1. Software Freedom Conservancy (SFC) vs. Vizio
In October 2021, the Software Freedom Conservancy (SFC) sued Vizio in California, alleging violations of the GPL v2 and LGPL in Vizio’s SmartCast TVs. SFC claims Vizio never provided the required source code despite multiple requests, depriving users of their GPL rights.
What makes SFC vs. Vizio a particularly noteworthy license compliance case is that SFC is not a copyright holder, but an alleged third-party beneficiary enforcing user rights. Per the SFC, this is the first license compliance case where a consumer (as opposed to a copyright holder) has filed suit.
At the time of writing, SFC vs. Vizio is ongoing, though there have been a few notable milestones. Most recently, in December 2023, the Superior Court in Orange County ruled that SFC does have standing to bring the claim, rejecting Vizio’s attempt to dismiss the case. The case is currently expected to go to trial in September of this year.
The impact of this case is potentially significant. If the SFC prevails, we could enter a new world where copyright holders and consumers are entitled to enforce open source licenses. This could exponentially increase the number of license compliance-related lawsuits, especially those dealing with consumer products.
2. Jacobsen v. Katzer
In 2006, Robert Jacobsen, project administrator of the Java Model Railroad Interface (JMRI) open source project, filed a variety of claims against Matthew Katzer (owner of a company that sold a commercial product for model trains). JMRI was made available under the terms of the Artistic License.
Jacobsen v. Katzer was a relatively comprehensive case (including claims of cybersquatting and violations of the Lanham Act). For the purposes of open source license enforcement, the key claim was copyright infringement — whether Katzer’s failure to comply with the terms of the Artistic License would lead to copyright infringement liability.
Initially, in a ruling on summary judgment motions, the Northern District of California held that it did not. The court wrote that the scope of the Artistic License is “intentionally broad… the Defendants’ alleged violation of the conditions of the license may have constituted a breach of the nonexclusive license, but does not create liability for copyright infringement where it would not otherwise exist.”
However, upon appeal, the Court of Appeals for the Federal Circuit vacated and remanded the District Court’s decision. It held that open source license terms are enforceable copyright license conditions, not just contracts.
The impact of this ruling was to fundamentally affirm that violating open source license provisions can be considered an act of copyright infringement — and that violators may be subject to the associated penalties.
3. BusyBox GPL Enforcement
Although the original GPL license was published back in 1989, there wasn’t actually a GPL-related suit in the United States for nearly two decades. The first one involved BusyBox, a compact suite of Unix utilities licensed under GPL v2. In 2007, the Software Freedom Law Center (on behalf of BusyBox) sued Monsoon Multimedia for allegedly violating GPL’s source code sharing requirements.
Monsoon ended up settling the case with the Freedom Law Center. In the settlement agreement, Monsoon agreed to:
- Publish source code
- Appoint an Open Source Compliance Officer
- Notify previous recipients of BusyBox from Monsoon of their GPL rights to the software
- Pay an undisclosed amount of financial compensation to the plaintiffs
However, the Monsoon case was just the start of BusyBox’s GPL enforcement. In 2009, the Software Freedom Law Center announced a suit alleging that 14 consumer electronics companies (including Verizon, Samsung, Best Buy, and others) had violated GPL v2. (The suit was brought on behalf of the Software Freedom Conservancy, the non-profit steward of BusyBox and other open source projects.)
Although most of the targeted companies settled quietly, Westinghouse did not. And, in a landmark decision, a court ordered Westinghouse to pay over $100,000 in combined damages and costs — and stop distributing non-compliant products containing BusyBox.
4. Free Software Foundation v. Cisco Systems (Linksys)
In December 2008, the Free Software Foundation (FSF) announced a suit against Cisco, alleging its Linksys routers contained GPL- and LGPL-licensed open source — but violated source code sharing requirements. The FSF initiated the case because it was the copyright holder of the open source programs Linkysys allegedly used (GCC, binutils, and the GNU C Library).
In May of 2009, less than six months after lodging the suit, the FSF announced a settlement. Per the terms of the settlement, Cisco agreed to:
- Appoint an internal Free Software Compliance Officer
- Make a financial contribution to the FSF
- Publish source code and notify Linksys users about their GPL rights
FSF v. Cisco, along with the series of BusyBox cases, significantly raised the real-world stakes of copyleft license compliance. They showed that no matter how large or profitable the company, violating open source license provisions has consequences.
5. Entr’ouvert v. Orange S.A.
Entr’ouvert, developers of the GPL v2-licensed “Lasso” software, sued French telecom giant Orange in 2011, accusing it of using Lasso in a public portal without complying with GPL v2’s license terms.
The core of Entr’ouvert’s case was that Orange violated two central GPL v2 conditions:
- Providing source code
- Providing notice of code modifications
After a lengthy series of decisions and appeals, the Paris Court of Appeal issued a landmark ruling in February 2024 that included a record judgment of at least $1,000,000 (€860,000). This figure includes €500,000 for compensatory damages.
In addition to the large penalty, this case is notable because it involved a dual-licensing scenario. Dual licensing is when an entity offers a product under the consumer’s choice of a) an open source license (generally something strong copyleft) or b) a commercial license. (Dual licensing can be a good option for organizations that want individual developers or small organizations to have free access to their software, but want larger enterprises to pay for it.)
Before adopting the GPL-licensed version of Lasso, Orange actually inquired about the possibility of getting a commercial license. Internal emails revealed during the case showed that such a license would have cost around €500,000 — the amount Orange must pay in compensatory damages.
So, in addition to serving as a reminder that there can be steep financial penalties for non-compliance with open source licenses, Entr’ouvert v. Orange S.A. highlights the importance of paying close attention to your company’s dual-licensing decisions. If your organization is unable or unwilling to follow the conditions of the open source version of a dual-licensed product, it may be worth paying for the commercial one.
Managing Open Source License Compliance Risks
As the cases discussed in this blog show, there can be real consequences for non-compliance. We strongly recommend every organization that uses open source to adopt licensing policies (e.g. rules that dictate which licenses are acceptable in which scenarios). It’s also vital to have defined processes for meeting compliance requirements, such as producing and updating license notices.
Of course, the large volume of open source components in many modern applications can make managing license compliance quite difficult. That’s why a growing number of legal and engineering teams use FOSSA’s platform to automate and expedite license compliance workflows. For more information on our license compliance solution (and to talk to our experts about best practices you can bring back to your organization), please get in touch with our team.