The Use of (Il)Legal Software and Inspectional Supervision

15
June 2022

Contact: Nemanja Žunić

Contact: Anja Berić

Statistical data has shown that, when it comes to software, the piracy rate in Serbia in 2017 went up to 66% [1]. Although there is a visible tendency towards reducing that number by about 2% per year, the use of unlicensed computer programs has become part of everyday life up to such an extent that it has created an illusion that such behavior is acceptable and justified. However, not being informed well enough in this matter can have a detrimental effect on everyone who decides to use software not obtained in accordance with the terms and conditions of the software license.

The experience has taught us that there are 2 groups of legally problematic situations:

1) The use of illegally obtained software;

2) The use of software that is legally obtained but by another entity (for example, when within a group of companies, the parent company obtains a software license, which is then used by its subsidiaries).

Both of these situations will be further analyzed in the first part of the blog, whereas the second part will provide a clarification of the procedure conducted by the inspection authorities and the possible consequences if the inspector notices certain irregularities.

1. YOU WOULDN’T STEAL A CAR, WOULD YOU?

Software, as an original intangible creation, is primarily protected by copyright and can be protected by other intellectual property rights as well, as you have already read in our blog Legal Protection of Software – This Is what You Need to Know. For this reason, the use of the so-called “cracked” software does not differ from stealing someone’s items, such as a bike or a car, so the consequences of its use can be very unfavorable.

Caught Red-Handed: What Are the Consequences?

The penal provisions of the Law on Copyright and Related Rights prescribe high fines for companies that illegally use the authorizations of the holders of intellectual property rights on computer programs and databases.

The amounts of fines differ depending on the type of the perpetrator, so the fine for the commercial offense, i.e. a misdemeanor (if we are speaking of an entrepreneur) can be imposed in the following range:

Besides that, the Law on the Organization and Jurisdiction of Government Authorities in the Suppression of Organized Crime provides for the possibility of initiating criminal proceedings,  in the following cases:

  • if the number of illegally copied software used by the supervised entity in their business exceeds 2,000, or
  • if the material damages arising out of such activities exceed 1,000,000 dinars.

Such activities represent criminal offenses against intellectual property rights, whose suppression is in the competence of a specialized department for fighting against high-tech crime within the Serbian Higher Public Prosecutor’s Office. The fact proving there are potential, serious consequences due to the violation of the mentioned regulations is also evidenced by the fact that the threatened punishments for committing these criminal offenses range up to 5 years in prison.

2. UNLAWFUL USE OF A SOFTWARE – DON’T FORGET TO CHECK WHO HOLDS THE LICENSE

Having in mind the large number of foreign companies that establish branches and subsidiaries in the Republic of Serbia, the question of whether a foreign parent company is allowed to transfer, i.e., sublicence their license rights to a local subsidiary frequently comes across. The answer depends on specific conditions of the obtained license, so the response differs depending on each particular case. Generally, there are 3 groups of situations:

  • In most cases, the transfer of a license to legally obtained software is not permitted. A large number of companies that develop software that is massively used explicitly prescribe such a rule – such as Adobe, Microsoft 365 for Business, and others. Most often, as a condition for transfer, you need the consent of the company that developed the particular software. For example, Adobe considers unauthorized sublicensing or transfer of rights to third parties, a misuse of the services provided.

It is particularly important to pay attention to the version of the software that is used: namely, the rules of transferring the license can differ depending on the plan you purchased. For instance, Postman offers free and three different paid plans: Basic, Professional, and Enterprise. Depending on the option chosen by the user, the scope of the obtained rights differs, so it is always necessary to examine the distinctions between the available plans in order to determine whether and how much of the rights can be transferred to another (affiliated) party.

  • In addition to companies that strictly forbid the transfer of a license, there are types of software where the transfer of a license is somewhat more liberal, in the sense that it allows for the founding company to transfer their right of use onto another legal entity. However, as a rule, one condition is imposed: it has to be an affiliated company, under which the Terms of Service of the company providing license define ’affiliated company’ in accordance with their own rules.

For example, Google Workspace Terms stipulate that sublicensing is allowed only after notifying Google of such change, as well as provided that the affiliate accepts the terms in writing. From Google’s point of view, an affiliate is any entity directly or indirectly controlling the licensee, or the entity under the control of the licensee, as well as an entity under common control with the licensee. It is interesting that Google explicitly states in its Terms that in such an event, Google might also (automatically) transfer the agreement to another Google entity located in the country of residence of the new licensee (i.e., the affiliated party). In other words, an Australian company will obtain the license from the Google entity from Australia, but if the license is sublicensed to the affiliate from the USA, in that case, Google LLC will act as a licensor, given that the USA is under its competency.

  • Still, some companies allow free sublicensing and software transfer. Typically this is the case with the free, open-source software, such as Visual Studio Code.

To sum up, if, for instance, a foreign company affiliated with your Serbian company wishes to allow your company to use a software that has been initially obtained by the foreign company, it is necessary to previously study in detail how this issue is regulated in the Terms of the license itself, in order to determine whether such transfer is permitted.

3. INSPECTION SUPERVISION

How Does the Tax Authority Act?

Each year, the Tax Authority adopts the Annual Tax Control Plan, based on risk assessment and the importance of taxpayers. Pursuant to the adopted plan, the selection of the business entities to be the subject of the inspection supervision is conducted. For instance, in 2019, the Annual plan predicted 100 controls of software legality, carried out by 12 inspectors specialized in intellectual property rights on computer programs and databases. On the other hand, due to the reorganization of the Tax Authority that occurred in the mid-year of 2019, the examination of the legality of the software has been shifted to the specialized Sector for the auxiliary activities, formed with a purpose to detach the main activities of the Tax Authority from other, so-called auxiliary activities. Furthermore, within the Sector, a separate Group for the control of the legality of the software, competent for this activity, has been established.

In order to contribute to an easier understanding of this issue, the Tax Authority has published a control list of the legality of the software on its website.

Control List: A Last-Minute Save

The control list represents a standardized, publicly-available document, which the Tax Authority drafts and publishes, thus ensuring the transparency of the requirements for the companies’ business to be accordant to the law. Most importantly, this list contains certain guidelines which can be helpful to all potential entities awaiting a visit by the inspectors, since they can self-evaluate beforehand.

With the questions listed on the control list, you can form a clear picture of what the supervision procedure is like – i.e. what questions will be asked, which actions will be taken, and the like. By filling out the list, the taxpayers get a picture of the level of risk of their business, so they get a chance to take action and measures to reduce that risk in a timely manner.

The advantage of the list is that the legal requirements are made more accessible and understandable for software users, which significantly contributes to their education, better awareness, and certainly the prevention of unlawful business activities.

The questions in the list are divided into several parts:

1) Bookkeeping records of electronic computers and software license use

The answers in this section are not subject to scoring, since they do not affect the level of risk from the point of view of the legality of software. The main purpose of this part is to state the general state of the computer equipment from the accounting aspect and in the reality.

2) Determining the legality of installed computer programs and databases

This section’s answers are scored in order to serve as a determination point of the risk level. In this group included are questions related to determining the legality of the particular software used by the company, which are classified under several categories:

  • Microsoft products,
  • databases (such as Oracle),
  • computer-protection programs (such as anti-viruses and firewalls),
  • CAD/CAM computer programs (for instance, Autodesk),
  • computer programs for image editing, graphics, and print (such as Adobe),
  • other computer programs.

3) Awareness of the software copyright protection 

The answers in this section are also not scored, since they do not affect the level of risk from the point of the legality of software but serve the prevention and advisory purposes.

After completing the control list, the total number of points you have collected will determine the level of risk from the point of view of the legality of the software: marginal, low, middle, high, or critical.

The Phases in the Inspection Supervision

The Law on Inspection Supervision prescribes several types of inspection supervision: regular, irregular, combined (combination of the previous two), control, and additional. In accordance with the prescribed provisions, the inspector is obliged to inform the taxpayer in writing of a planned control at least 3 days in advance, unless there is a justified concern that the supervised entity will damage the upcoming control by their actions, or another legally prescribed reason occurs. Simultaneously, the inspector notifies the taxpayer about the internet page on which the software control list is published.

Thus, in most cases, a prior notice by the inspector and a written warrant for control (when its use is required) are two preconditions that, once fulfilled, open the door for the competent inspector to carry out supervision in accordance with their powers.

  • The first step includes checking basic information about the company, which the inspector will carry out by inspecting the documentation kept in the company’s seat, such as public documents, or certificates from the register of business entities.
  • After checking the basic information, the inspector will proceed to determine the number of computers that the company possesses and keeps in its business facilities. This is done based on the inventory list for the previous year and physical insight into the number of computers.
  • Additionally, all installed software is listed in order to control the entry of software into a ledger account, based on which the number and types of installed software on the computers are determined.

In the event the taxpayer possesses a great number of computers, the inspectors may selectively list the installed software only on certain, randomly selected computers. If it is determined that there is unlicensed software on any of them, every software which the company possesses shall be checked.

  • Finally, the tax inspector proceeds to examine the legality of the software, depending on the software type and the manufacturer. While conducting the examination, the inspector will follow the rules prescribed by the particular software manufacturer, hence, the control itself can differ accordingly, depending on the computer program in question.

For example, when it comes to the Windows operating system, the following is checked:

  • the original package of purchased software;
  • the existence of COA on the chassis of the computer or the FPP box, if the operating system wasn’t purchased simultaneously with the computer;
  • the existence of a volume licensing agreement and comparison of the number of purchased licenses listed in the agreement with the number of installed programs on the computers;
  • invoice issued when the software has been purchased.

Furthermore, do not be surprised in case the inspector calls for you to declare a certain fact or circumstance, in case the determination of a particular fact is not possible even after the factual control has been completed.

What Happens If Any Irregularities Are Identified?

Where certain irregularities and illegalities in the use of software are found, the inspector may impose some administrative measures on the subjects of inspection supervision, in accordance with the powers prescribed by the Law on Inspection Supervision. These measures may include:

1) Prevention measures, aimed at instructing you to decrease the risk of the unlawful conduct, such as:

  • warning of legal obligations and sanctions for non-compliance,
  • ordering the undertaking of certain actions or restraining from harmful actions,
  • indicating the possibility of negative consequences.

2) Measures for eliminating illegalities in accordance with special laws

  • These measures are imposed by a separate decision by the inspector in case the supervised entity fails to remove the irregularities found during the inspection supervision within the given deadline. Such a possibility remains at the inspector’s disposal for 60 days, starting from the day when the taxpayer received the record of the performed supervision. In case the taxpayer fails to take action as instructed within the additional 15 days from the day of determination, the tax inspector shall file a report for a commercial offense or misdemeanor report, in accordance with the Commercial Offenses Act, i.e., the Law on Misdemeanors.

3) Special measures of orders, prohibitions, and confiscation, such as:

  • prohibition of business operations,
  • prohibition to carry out activities,
  • confiscation of items, documents, and goods.

4) Measures for the protection of rights of third parties, with the purpose of introducing third parties, who were harmed by the actions of the subject of the control, with the findings of the inspection and issued measures.

In other words, if the inspectional supervision shows that you have unauthorizedly installed company A’s software, that means that you have violated its right. In such case, the inspector is authorized to inform company A of such an event, as well as of the measures that were imposed on you.

It can be concluded that in case it is determined that you have committed any unlawful activities with regard to the software use, the inspector has a wide range of powers at their disposal to use. In addition to the abovementioned, a possible criminal, misdemeanor, or commercial offense proceedings initiated as a result of the conducted inspection supervision, may result in imposing some of the aforementioned fines.

What Happens with Data Safety During the Inspection Supervision?

In light of the issues we deal with in this blog, it is inevitable to ask the following question: how safe is the inspection control from the aspect of business entities that are supervised?

On one side, basically, all data that is being kept on the computers of the supervised entities becomes available to the inspector, which may be very risky for confidential or other important data. The explanation of the Tax Authority about the supervision of illegal software does not include any guarantee that the inspector will not, during control, invade the privacy of the supervised entity to an extent greater than necessary.

Even though the general principle of proportionality can be considered applicable in that case, we believe that there is no company that would be glad to leave its valuable information unprotected from unauthorized disclosure, modifications, or destruction.

Not only that, but what about the safety of the control that the inspector will carry out on the computers of the business entity that is the subject of control? Is there a possibility of damaging the operating system, the transmittance of viruses, or otherwise disrupting the established flow of information within the controlled entity? Could that result in harming its business?

These questions should be answered in order to make the entire procedure of software legality control transparent and clear to taxpayers. It is certain that clarifying the existing doubts would contribute to greater engagement of business entities in terms of self-checking and would also increase their motivation to cooperate with the competent authorities. We hope that the competent authorities will soon see the need to provide answers to these questions.

[1] Source: Official website of the Tax Administration of the Republic of Serbia, available at http://www.poreskauprava.gov.rs/sr/o-nama/softver.html

Latest Post

STAY TUNED

Stay in the loop with the most important updates