Recent Developments in Autodesk Licensing and Audits, Part II
Many of our clients ask us questions after receiving an audit letter from Autodesk. Part I of this series focused on new trends by Autodesk’s auditing, and included in Part II is a list of potential issues arising during an audit. While this list is not comprehensive, the following are the most common questions.
1. Is the audit request legitimate?
One of the single most common questions among customers facing an audit have is whether the audit request is coming for a legitimate source. Autodesk audits arise a number of ways – from the Autodesk compliance team, from one of Autodesk’s external law firms, or from an entity authorized to enforce Autodesk’s copyright claims such as BSA| The Software Alliance.
Each of these contacts typically involves a form letter that identifies who is writing the letter, the company, any alleged infringements, a request for an audit, and a deadline.
Recently, Autodesk audits from Autodesk’s compliance team appear to be increasing. An easy way to identify whether the audit comes from Autodesk directly is from the e-mail address and signature line. A compliance team member should have an @autodesk.com e-mail address and the signature line on the e-mails should state “License Compliance.”
If you are contacted by an external law firm, it will be on the law firm’s letterhead and include a notice to the company not to change or delete any Autodesk software.
If you are unsure about whether the audit request is legitimate, it is best to consult legal counsel before providing any privileged or confidential information.
2. How should the company respond?
Regardless of how the audit is initiated, it is important to clearly communicate with the auditor. First, acknowledge receipt of the request before understanding and identifying the scope of the audit.
If a company is making a good faith effort to conduct the audit and negotiate a resolution, it is unlikely the auditor will decide to pursue copyright infringement litigation. There are, however, two main exceptions. If a company engages in spoliation of evidence (deleting or destroying software or other evidence of copyright infringement), or violates the Digital Millennium Copyright Act by deploying illegitimate software, the auditor may choose to escalate the matter to litigation.
3. What are the company’s obligations to comply with the audit?
Autodesk has the right to verify the installation of, access to, and use of any Offerings by You and Your Authorized Users. As part of any such verification, Autodesk or its authorized representative has the right, on 15 days’ prior notice, to inspect Your records, systems and facilities, including machine IDs, serial numbers, Autodesk IDs, and other related information, on Your premises using an Autodesk approved verification tool. In addition to Autodesk’s right to perform a verification on Your premises, You shall within 15 days of such verification request, provide a report to Autodesk using an Autodesk approved verification tool, that contains information relating to the installation of, access to, and use by You and Your Authorized Users of any Offerings including machine IDs, serial numbers, Autodesk IDs, and other related information. If Autodesk determines that Your installation of, access to, or use is not in conformity with these Terms (including any Additional Agreement, Special Terms or other applicable terms), You will immediately purchase new subscriptions to remedy the noncompliance, and pay Autodesk’s reasonable costs of the verification. Autodesk reserves the right to seek any other remedies available at law or in equity.
4. Is the Autodesk scanning tool required?
However, there may be circumstances where a customer can negotiate for the use of an alternative tool. ScanWin includes a lot of extraneous data that a customer may prefer to exclude.
Typically, Autodesk’s outside counsel and other entities do not require a specific tool as long as the requested information is provided.
5. What information should be provided?
Autodesk requires the computer name, serial numbers, Autodesk IDs for subscriptions, and detailed information on the software installed on each machine. The compliance team sometimes requests additional information so they can determine how long a particular software has been installed to calculate its damages.
There are myriad issues to consider when providing inventory data to an auditor, but the bottom line is to ensure the following:
- Only in-scope information is provided;
- Restrict any confidential or privileged information if possible;
- Ensure the audit data is correct and identify any inaccuracies;
- Understand and identify any free software or trial versions or demos;
6. What if the auditors have incorrect information?
It is very common for companies to provide an auditor with raw data (especially from the ScanWin tool) and later discover that the auditor’s information is incorrect due to either manual error or a problem with the discovery tool.
It is important to identify these as soon as possible because once the deficiencies or damages are calculated, it is difficult to convince an auditor to revise that information. Sometimes companies hire legal counsel to fight these inaccuracies on their behalf if they are unable to work with the compliance team or auditor.
7. Should the company retain an attorney?
From a risk management and business standpoint, it would be remiss for a company to proceed with an audit without consulting its own legal department. If the legal department is unfamiliar with software licensing and compliance, it may be helpful to contact an attorney with experience with Autodesk, software audits, and copyright infringement claims.
If you are facing an Autodesk audit, contacting experienced counsel can help you navigate the difficult audit process.