Open Source License: “I Used a GPL Library in Proprietary Code: The Legal Cleanup Cost.”

I used a library licensed under GPL v3 in a client’s closed-source SaaS product. The client was audited during an acquisition, and the buyer’s lawyers found the GPL code. They are demanding the client open-source their entire codebase or rewrite the software. The client is suing me for the $200,000 rewrite cost and the “diminished value” of their IP.

Key Takeaways

  • IP Infringement: Misusing a license is a form of copyright infringement.
  • Professional Negligence: Failing to check the license compatibility is a professional error.
  • “Viral” Licenses: GPL infects the whole codebase. The damages are massive because the client’s proprietary code is now technically “free.”
  • Mitigation: Insurance pays for the “rectification” (the rewrite) to avoid the larger lawsuit of losing the IP.

The “Why”: The Intellectual Property Extension

The Trap: Some E&O policies exclude “Copyright Infringement” unless it’s specifically endorsed.
You need a policy that covers “Intellectual Property Liability” arising from your software development services.
Note: Some policies exclude “Open Source violations” specifically. You must check the fine print for “OSS Exclusion.”

The Investigation: I Quoted 3 Major Carriers

1. CNA (Tech Choice)

  • My Analysis: They are sophisticated. They understand open source. Their “Information Risk” policy usually covers the liability from “unintentional violation of software license agreements.”

2. The Hartford

  • My Analysis: They have a specific endorsement for “Software Copyright.” As long as you didn’t do it maliciously (knowing it was GPL and hiding it), they cover the negligence.

3. Embroker

  • My Analysis: Tech-focused startup policies here usually include this. They know modern coding is 90% libraries.

[IMAGE: Diagram showing “Copyleft” viral effect on proprietary code]

Comparison Table: License Violation Liability

CarrierCovers OSS Violations?Exclusion CheckCostBest For…
CNAYesCheck “OSS Exclusion” $Enterprise Devs
HartfordYesStandard IPAgencies
GenericNoIP Exclusion$Avoid

Step-by-Step Action Plan

  1. Isolate the Library: Identify exactly which dependency is GPL.
  2. Estimate Rewrite: How many hours to swap it for an MIT/Apache alternative?
  3. Notify Carrier: Report “Copyright / License Breach Claim.”
  4. Do Not Open Source It: Don’t let the client release their code yet. Fix the library first.

FAQ

Is this a crime?
No, it’s a civil breach of copyright license.

I used a package manager (npm). Am I liable?
Yes. You are responsible for the dependency tree you import.

Will insurance pay for the rewrite?
Yes, if it mitigates the larger claim of “Your IP is worthless.”

Scroll to Top