How to defend yourself against fraudulent licensing vendors (2/2)

In the second part of this article, we will look together at the most common tricks of fraudulent sellers and other risks to avoid.

Above we have discussed the importance of minimising the risks associated with faulty performance when purchasing software. Now you also know how to evaluate documentation. Now let's take a look at what are the biggest defective practices you may encounter with some vendors?

From our perspective, one of the biggest risks in the purchase of software licenses is when a supplier is unable to demonstrate compliance with the requirements for license transferability. The requirements for license transferability can be found in our last article here. There are entities in the market that fail to meet information and documentation obligations, which increases the risk of defective performance.

If a potential vendor is unable to provide complete and transparent documentation on license transferability, a red exclamation point should have popped into your head.

From a procurement perspective, the situation is similar. As the failure to supply proper documentation constitutes a defective performance, it is common for the documentation supplied by some suppliers to be correctly assessed by the contracting authority as insufficient, leading to the exclusion of these participants or the failure to conclude a supply contract. As an example, we cite several procurement procedures in which the performance of the supplier with the lowest tender price was evaluated as not meeting the conditions for proper performance - e.g. the public contract for the supply of the Office product for the Odra River Basin, the public contract of the Vysočina Region, or the public contract of the town of Žďár nad Sázavou, where the majority of participants were excluded from the public contract.

In public procurement, we most often encounter situations where suppliers submit partial documentation on the origin of licences and, for example, the declaration of the first purchaser, but only on the specific call of the contracting authority, which itself places high demands on the contracting authority's expertise in this area. Most often, full identification of all intermediate licensees is completely lacking (i.e. there is no evidence that the supplier acquired the transferred licence from the person who was the rightful holder of the transferred licence). The documentation of the complete chain of intermediate licensees from the first transferee to the end user is crucial, as the transfer of licences involves the transfer of the licence agreement itself from the first transferee. Inasmuch as no one can transfer more rights to another than he has, it is not possible to prove that the licence which was granted by the author of the software to the first acquirer has been transferred to the new acquirer in the absence of a continuous series of transferors. The two most common scenarios are:

Only the identification of the original assignee is documented, often including a statement by the original assignee. No other documentation is provided.

The identification of the first acquirer, the supplier and the supplier's previous distributor is provided, including documentation documenting the transfer between them, with no evidence of the link between the original acquirer and the distributors - e.g. a licence purchase agreement, a confirmation of the transfer of licences between the first acquirer and the purchaser of the licences.

In both cases, we have to say the documentation is incomplete, and the fulfilment of license transfer conditions can not be proven.

Exceptionally low prices?

Watch out for them! Some vendors offer licenses at unusually low prices that do not reflect the normal market environment. This may be another warning sign that licenses may be problematic. The offers of these vendors are often characterised by extremely low prices that do not correspond to the normal market situation for open market licences, where the prices offered are not achievable given normal purchase prices, especially when the suppliers are not direct purchasers. Here, the application of the procedure according to Section 113 of the Public Procurement Act comes into consideration - this procedure is adapted for over-limit contracts in case of exceptionally low bid prices, however, it can be used by analogy for smaller contracts as well. Section 113 provides for the obligation of the contracting authority to ask for an explanation of the exceptionally low tender price and, in the event that it is not satisfied with the answer, it may exclude the tender of the tenderer with the exceptionally low tender price pursuant to Section 113(6).

Beware of the supply of MSDN keys

Another relatively common problem is the supply of so-called MSDN keys, which are issued in exchange for "new" licences. In the case of the supply of MSDN keys, the contracting authority receives an activation key which technically allows it to activate and use the software. However, this key has never been licensed by the manufacturer to be transferred. In this case, the transferee receives no documentation, except for the invoice issued by the supplier. These MSDN keys are supplied at very competitive prices, often as a "bundle" of 30 licences to be registered e.g. on the office. setup. com portal, or a "bundle" of 30 licences for one key, etc. From the analysis of publicly available data, we have found that defective performance of this type was delivered, for example, to the city of Brandýs nad Labem-Stará Boleslav, see the vice-mayor's tweet and the decision of the city council (point 6). Similar parameters can be seen in the performance for the Health Institute based in Ostrava, so we believe that this institution may also be a victim of this unfair behaviour.

Audit as one of the ways to verify the legality of licenses

Have you had your licenses audited? Great news! Any verification of the legality of purchased licenses is a good step. However, it is important to say that even if the audit confirms the legality of the licenses, you will not avoid certain risks. The auditor may have only examined the terms of the transfer for the first transferee, but may have already missed compliance with the terms of the transfer in relation to the individual transferors. The auditor is always commenting on the facts he has been given in the terms of reference. It is therefore necessary to look at the scope of the facts examined by the auditor.

Everything goes to the acquirer

When selecting a suitable supplier, do not forget that all of the above described practices of some suppliers, if accepted by the transferee, have the effect of ultimately falling on the transferee (or you) who, as a result, do not have evidence to prove the proper acquisition of the licences and the legitimate use of the software copies. Therefore, be cautious who you entrust with the supply of secondary licenses, you will run into many problems.