By joining forces, Cigref and CISPE want to influence the EU's Digital Market Act (DMA) to denounce certain unfair practices by software publishers and promote a fair and competitive cloud market. While the principles are laudable, they oppose very different paradigms (licences vs. services), disregarding the applicable commercial law (US vs. European).
Programmed obsolescence of software by stopping support, incompatibility with more recent versions to force upgrades, introduction of new technologies: these are all commercial practices that CIGREF has been denouncing for several years with regard to major software publishers. In order to fight its battle more forcefully, it has just joined forces with CISPE (Cloud Infrastructure Service Providers of Europe), which brings together some thirty cloud infrastructure providers in Europe. From this alliance was born the FairSoftware.Cloud, which publishes a list of 10 principles for fair software licensing that the European Commission and Member States are invited to consider in order to develop obligations for gatekeepers such as those of the DMA Digital Market Act. Here are the 10 principles and our deciphering of them.
1. Transparency and comprehensibility of licensing conditions.
In this respect, the alliance calls for greater transparency and explicability of licence contracts.
In the cloud, software (SaaS) is provided as a service which includes not only its use, but also its maintenance, availability, security and updates.
This new service model has an impact on the way in which publishers deliver software in on-premise mode. Clearly, in a SaaS contract, the customer obtains a service, but not software. They do not buy a licence but subscribe to a subscription. The CSP, on the other hand, can obtain a licence contract, since it is a question of reselling services to third parties. In order to have better visibility of SaaS contracts, it is therefore necessary to avoid using the term licence, which implies a copyright that does not legally exist.
In SaaS, it is clear that everything must be provided as a service with clear commitments. It is therefore at the level of the SLA and the associated contracts that action must be taken in order to obtain greater transparency and visibility.
2. Use in the cloud of licences already acquired
Here the problem arises of a hybrid use of SaaS and installed software. This requires a licence agreement integrated into a service contract. The licence and its support terms must deal with the installed application only. But here again, this is quite difficult to achieve, given the versions installed for example and the definition of the responsibilities of publishers/hosts/customers, which is not the same depending on whether the licence is used by the customer or whether it is used as a service. This therefore requires the specific drafting of a service contract between the publisher and the client, whether or not it is a host. This can take time, whereas the very interest of SaaS is the rapid provisioning and/or development of value-added services
3. Customers should be free to use their on-premise software with the cloud provider of their choice.
Yes, but again this depends on the license and service agreement that has been signed between the vendor and the cloud provider.
4. Customers should be able to optimise their costs through efficient use of the hardware of their choice
In the SaaS model, software and hardware are closely linked in the provision of the service and this engenders liability clauses in the event of unavailability or security breaches. Here again, everything depends on the drafting of SLAs and/or ad hoc service contracts between the various stakeholders.
5. Customers must be free to choose their cloud provider without being subject to retaliation
This is where the notion of "bargaining power" comes in: The more you are locked in to a provider, or a publisher, the less bargaining power you have. The fact of freely choosing one's CSP for the use of a SaaS is of course a non-negotiable condition on the principle of portability and interoperability. This requires a careful reading of the contracts and their clauses before committing oneself.
6. Directory software vendors should favour open and interoperable standards, without locking in their customers.
This is less a problem of the standard covered by LDAP today than of the deployment architecture. By definition, a directory server is centralised and therefore easily lockable. Moreover, IAM and authentication systems are often built around these directories, which further reinforces the technical lock-in. Today, there is nothing to prevent you from building your directory on agnostic DaaS - directory as a service - solutions, for which you should also read the SLA contracts carefully, as portability is essential.
7. Software publishers must respect the equality of treatment regarding software royalties on the cloud
It is the hardware/software boundary of SaaS that creates the commercial ambiguity in the first place. In a free market economy and under commercial law, billing practices cannot be regulated at the global level, only consumption practices can, and even then, at the state level, on evidence of commercial foreclosure or infringement of applicable consumer codes.
8. The conditions of use of the software must be reliable and durable
Any modification of use must be integrated into the GTC/CGV and accepted by the customer (signature), it would be difficult to enforce, especially when dealing with suppliers governed by a commercial law outside the EU
9. Licences must cover reasonably expected uses of the software
Once again, in the cloud, we no longer speak of licences but of services. It makes no sense to contrast the two paradigms. Functional coverage should be considered before provisioning an XaaS, whether it is an application, infrastructure or any other model. The same argument could be used against CSPs.
The FairSoftware Cloud Alliance further complicates the understanding of traditional licensing models (software) vs. cloud services (SaaS). Rather than enacting principles that are certainly laudable but have little chance of leading to regulations given the structure and complexity of the cloud business model, it would be more interesting to work on giving more visibility to FR/EU publishers in order to rebalance the market in their favour, which would mean rethinking the classic CSP marketplace model, which is still based on the US model.