Decompiling the rules on trade secrets, software and reverse engineering


My last post concerned trade secret litigation (read it here), and since I am (at least momentarily) quite fascinated by the subject of trade secrets, I decided to do a follow-up post on another topical issue in this field. In trade secret law, two types of behavior are generally considered to be allowed: i. independent discovery and ii. reverse engineering. Especially the latter sparked discussion in the EU with the arrival of the new Trade Secrets Directive (2016/943) (“TSD”). Reverse engineering is allowed based on Art. 3 (1) (b) and recital 16 of the TSD. Recital 16 of the TSD stipulates that

“[…] Reverse engineering of a lawfully acquired product should be considered as a lawful means of acquiring information, except when otherwise contractually agreed. The freedom to enter into such contractual arrangements can, however, be limited by law.”

Let’s pause here for a moment and decompile this provision:

  • Main rule: If you lawfully acquire a product, you may reverse engineer it.
    • Exception: Reverse engineering is not allowed if it has been contractually agreed that such behavior is not permitted.
      • Exception to exception: However, the freedom to enter into such an agreement restricting the permissibility of reverse engineering may be restricted by law. This, in a sense, takes you back to the main rule in the first bullet point.

Now, an interesting question would be, how does all this fit in with e.g., software licenses or contracts? Based on the Software Directive (2009/24) (“SD”), decompilation to achieve interoperability is allowed (Art. 6), and contractual restrictions of this right may be considered null and void (Art. 8 (2)). So, one could ponder whether the SD “by law” limits the right to contractually restrict the permissibility of reverse engineering (third bullet point above)? Probably not, since based on Art. 8 (1) of the SD, trade secret legislation should not be affected by the SD. This may lead to some tensions between the TSD and the SD.

The above in effect means that the TSD and the SD should be separated, at least to a certain extent. Ergo, you may contractually agree that reverse engineering is not permitted in the regime of the TSD – but you may not in the more general regime of the SD. Such a contract provision would be effective to argue that no reverse engineering is allowed (unless restricted by law), and hence there could be a violation of trade secret law. But such a provision would probably not be effective in the SD regime (in relation to decompilation), which may lead to quite a few problematic scenarios.

Are you still hanging in there? Another related question is which type of contractual restrictions would be effective based on the TSD (if this possibility is not limited by law). Is it enough e.g., with a shrink-wrap license? What about standard conditions or business practice in the relevant field? These questions will probably to a large extent be a question of the relevant national contract law.

Once the TSD is implemented in national legal orders, questions involving these types of issues may rise in contracts and courts. It may all feel a bit muddled, I know, welcome to the awesome jungle of trade secrets and EU law. More than often, you may find that the devil is in the detail.

Vilhelm Schröder

Print Friendly

Leave a Reply

Your email address will not be published. Required fields are marked *