IT contracts and GDPR in France
11/3/26

Source code and intellectual property in France: the complete guide to protect your software creations

Is source code intellectual property? Copyright protection, transfer of rights, open source, counterfeiting, filing and audit: a complete guide by a business lawyer in Paris.

Source code is the beating heart of any software, mobile application, and website. It often represents months or even years of development, and is a major strategic asset for businesses. However, many managers and executives are still unaware of the legal rules that govern its ownership, protection and operation.

Whether you are the founder of a startup that is developing a SaaS, the manager of an SME that uses an IT service provider, or technical director supervising a team of developers, this guide offers you a complete and operational overview of the law applicable to source code in France. The objective is to give you the keys to secure your digital assets, anticipate disputes and structure your contractual relationships with clarity.

Is source code intellectual property?

The answer is clear: yes, the source code is protected by intellectual property, and more specifically by copyright. To fully understand this mechanism, it is necessary to go back to the founding texts and the logic behind them.

What the Intellectual Property Code says

The Intellectual Property Code (often abbreviated to “CPI”) is the central piece of legislation on copyright, patents, trademarks and designs. It brings together all the provisions that organize the protection of intellectual creations in France.

THEArticle L112-2 of the CPI lists works protected by copyright. Its 13° is expressly aimed at “software, including preparatory design hardware”. This formulation is broad and covers not only the final program, but also the upstream work: functional specification books, analysis files, technical architectures, models and, of course, the source code itself.

The source code is thus qualified asWork of the mind. This qualification is fundamental, because it gives rise to a set of moral and property rights for the benefit of its author, without any formality being necessary.

The distinction between source code and object code

For the uninitiated, it is useful to specify the difference between these two concepts:

The Source code corresponds to instructions written in a human-readable programming language (Python, JavaScript, Java, PHP, C#, etc.). It's the “human” text that the developer is writing.

The object code is the compiled version of the source code, transformed into binary language (a series of 0s and 1s), directly executable by the machine but unreadable for humans.

Both are protected by copyright. Moreover, the TRIPS agreements (article 10.1) provide that computer programs, whether expressed in source code or object code, are protected as literary works within the meaning of the Berne Convention. The Court of Justice of the European Union confirmed this position by specifying that source code and object code are forms of expression of a computer program that deserve copyright protection.

The condition of originality: an indispensable criterion

All intellectual work is not automatically protected: it still has to be Original. In terms of software, originality is appreciated as a personalized effort that goes beyond the simple implementation of automatic and restrictive logic.

In concrete terms, this means that the developer must have made creative choices in the way in which he has structured, organized and written his code. An extremely basic script that only mechanically applies a mathematical formula will have more difficulty in demonstrating its originality than a complex software presenting a novel architecture and technical solutions.

Concrete example: Imagine two developers tasked with creating an inventory management tool. The first uses a standard framework without providing any significant customization. The second designs an original architecture, combines personalized prediction algorithms and develops an innovative user interface. The code of the second will be much more easily qualified as original and therefore protected.

It is up to the author who invokes protection to provide proof of the originality of his code, in particular by documenting the technical choices made. That is why he is essential to keep the preparatory design material (specifications, specifications, technical documentation), as these elements constitute valuable evidence in the event of a dispute.

Copyright applies to the source code: moral and property rights

When a source code meets the condition of originality, its author benefits from two distinct categories of rights, which form the basis of its protection.

The moral rights of the developer

Moral rights are rights perpetual, inalienable and imprescriptible. In particular, they include:

The Paternity law : the author of the source code has the right to be recognized as such. He may require that his name be mentioned.

The Right to respect for the work : the author can oppose any modification of his code that would distort his work.

The right of disclosure : the author alone decides when and under what conditions his code is made public.

However, in terms of software, moral rights are the subject of significant restrictions provided for in article L121-7 of the CPI. Unless otherwise agreed, the author of a software may not oppose the modification of the software by the assignee of rights, nor exercise his right to repent or withdraw. This limitation is explained by the evolving nature of software, which requires constant updates.

Patrimonial rights: the economic exploitation of the source code

Patrimonial rights allow the author to exploit his work economically. In terms of software, theArticle L122-6 of the CPI defines three exclusive prerogatives:

The right of reproduction : the author may authorize or prohibit any copy of his software, whether permanent or temporary, total or partial.

The right to change : the author controls the translation, adaptation, arrangement or other modification of his code, as well as the resulting reproduction of the software.

The marketing right : the author controls the distribution of his software for a fee or free of charge, including rental.

These property rights continue to exist. 70 years after the death of the author (or, for collective works, 70 years after publication). After this time, the work falls into the public domain.

Concrete example: If a freelancer has developed an application for your company and you have not provided for a transfer of rights in the contract, this freelancer remains the owner of the economic rights. It could theoretically prohibit you from modifying the code or from having it evolve by another provider. It's a classic trap that can have significant operational and financial consequences.

Who does the source code belong to? The question of ownership of rights

The issue of source code ownership is undoubtedly the one that generates the most litigation in practice. The rules vary significantly depending on the status of the person who wrote the code.

The source code created by an employee: automatic devolution to the employer

THEArticle L113-9 of the CPI provides for a regime derogating from ordinary copyright law. While in principle, the author of a work retains the rights to it even if he is an employee, the economic rights to software and its documentation created by one or more employees in the exercise of their duties or according to the instructions of their employer are vested in the employer, who is the only one authorized to exercise them.

This automatic devolution assumes the meeting of three cumulative conditions :

It must be a Software work (and not a graphic creation, a text or a photograph, which fall under the general regime).

The software must have been created by one or more employees.

Development must have been completed in the performance of the employee's duties or at the instructions of the employer, that is to say on working time, with the resources of the company, or following a mission expressly granted.

Attention: this automatic devolution only concerns economic rights. The employee maintains his moral rights, even if they are restricted in terms of software.

Concrete example: A developer hires as a software engineer to create, on his working time and with company hardware, a new feature for his employer's product. Property rights automatically belong to the employer, without the need for a transfer contract.

On the other hand, if the same employee developed software completely unrelated to his professional missions, in his free time and with his personal equipment, he could keep the rights to it. The border is sometimes difficult to draw.

Source code created by an external service provider: no automatic transfer

This is where the most common pitfalls are located. Contrary to a very common idea, ordering software from a service provider does not automatically make the client the rights holder.

Article L111-1 of the CPI establishes the principle according to which the existence of a contract for the rental of a work or service does not constitute an exemption from copyright. In other words, the service provider (freelancer, web agency, web agency, ESN, SSII) remains the owner of its source code, except express and written transfer of rights.

The transfer must respect the formalism ofArticle L131-3 of the CPI, which requires the following to be mentioned in the act of transfer:

Each of the rights transferred (reproduction, adaptation, distribution, etc.).

The extent and destination of the transfer.

The place and the duration.

Where applicable, remuneration arrangements.

If the assignment clause is insufficiently detailed or lacking, the service provider can claim ownership of the source code, and the client finds himself in a situation of dependency: he uses software that he does not own, that he cannot freely modify or entrust to another service provider.

Concrete example: An SME has a custom e-commerce site developed by a web agency. The contract provides for the delivery of the site but does not contain any clause for the transfer of rights. After a commercial dispute, the agency refused to transmit the source code. The SME finds itself “imprisoned”: it cannot have its site developed by a third party, or even access the source code. Unfortunately, this is a common scenario.

The case of the intern and the researcher: recent developments

Ordinance No. 2021-1658 of December 15, 2021 extended the automatic devolution mechanism beyond employees alone, by creating a Article L113-9-1 of the CPI. From now on, property rights on software created by interns, doctoral students and other non-employees welcomed under an agreement by a research structure are automatically devolved to the host structure, under two conditions: the person must receive financial or material compensation and must be placed under the authority of a manager of the structure.

This text fills an important gap, as the status of the code created by an intern was previously a source of uncertainty. However, it is recommended to provide explicit rights transfer clauses in internship agreements to avoid ambiguity.

How do you protect your source code? Concrete measures

If copyright arises automatically as soon as the work is created, without formality, the difficulty lies in the proof fatherhood and antecedence. Here are the concrete mechanisms to put in place.

Depositing the source code with a trusted third party

Depositing the source code with a specialized organization is the most robust protection measure. THEProgram Protection Agency (APP), founded in 1982, is the reference organization in France. It offers a deposit and receivership system that allows:

Of pre-constitute proof of paternity of the work thanks to a certificate of deposit.

Of Give a certain date to creation, which is essential to demonstrate precedence in the event of litigation.

Of Trace the evolution of the software by successive deposits with each major update.

Of reassure the co-contractors thanks to the Escrow mechanism (see below).

The APP has sworn agents authorized to ascertain copyright infringements, which gives significant probative value to its certificates in court.

Other solutions exist to constitute proof of precedence, although they are less complete: theSoleau envelope (available from the INPI), filing with a notary, or even sending a registered letter to yourself containing a digital medium.

Source code espionage (espionage)

Escrow is a tripartite contractual arrangement that makes it possible to reconcile the interests of vendor (who wants to protect their source code) and the shopper (who wants to guarantee the sustainability of its software).

The principle is simple: the supplier deposits its source code with a Third-party receivership (the APP, Vaultinum, Fidealis, Continew, etc.). An Escrow Agreement defines the conditions under which the customer will be able to access the source code, typically in the event of: bankruptcy of the supplier, cessation of activity, non-compliance with maintenance obligations, etc.

This mechanism has become a standard in SaaS contracts and business software licenses. It is a powerful commercial argument for software publishers, as it reassures customers that the solution will last without compromising the confidentiality of the code.

Essential contractual clauses

Beyond the repository, source code protection requires a solid contract architecture. Here are the essential clauses to include in your development contracts:

La clause for the transfer of intellectual property rights, written in accordance with article L131-3 of the CPI, which details the rights transferred, their extent, destination, duration and territory.

La confidentiality clause (NDA), which prohibits the provider from disclosing or reusing the source code developed on your behalf.

La eviction guarantee clause, by which the service provider guarantees that it is the owner of the rights and that the code does not infringe the rights of third parties.

La reversibility clause, which organizes the transmission of source code and documentation at the end of the contract.

La open source clause, which oversees the use of open source components in code and identifies applicable licenses to avoid any risk of “contaminating” proprietary code (see below).

Example of a transfer of rights clause:

“The Service Provider transfers to the Customer, exclusively and for the whole world, for the entire legal period of copyright protection, all the economic rights on the Software and its documentation, and in particular the rights of reproduction, representation, adaptation, adaptation, modification, modification, modification, translation and marketing, on any medium and by any process known or unknown to date, including the source code, the object code and the preparatory design materials.”

Software source code protection: technical and legal specificities

The software patent: additional protection under certain conditions

In Europe, the principle is clear: software “as such” cannot be patented. Article 52 of the European Patent Convention expressly excludes computer programs from patentability.

However, software can be protected by a patent if it is integrated into a Invention implemented by computer which makes a technical contribution beyond the simple program. In concrete terms, the patent does not protect the source code itself, but the innovative technical functionality that the software makes it possible to achieve.

Concrete example: A software that optimizes the energy consumption of an engine in real time thanks to a specific algorithm could be the subject of a patent relating to the underlying technical process.

However, this path is expensive and complex. It is especially relevant for companies investing heavily in R&D and wishing to protect specific technical innovations.

Protection through trade secrets

The Business secrecy, governed by articles L151-1 and following of the Commercial Code, offers additional protection for the source code. Provided that reasonable confidentiality measures are put in place (restricted access, confidentiality clauses, security protocols), the source code can be protected as a trade secret.

This protection is particularly suitable for algorithms, methods and know-how which do not necessarily benefit from protection by copyright (lack of originality) or by patent (lack of technical contribution).

Open source, free license and source code intellectual property

Open source software is still protected by copyright

This is a frequently encountered misunderstanding: Open source does not mean royalty-free. Software distributed under an open source license is indeed protected by copyright. Its author does not relinquish his intellectual property rights; he simply chooses to grant broader rights of use, modification, and distribution than under a proprietary license.

Failure to comply with the terms of an open source license constitutes a counterfeiting which exposes the offender to civil and criminal sanctions. This point is fundamental: just because the code is accessible does not mean that it can be used without constraints.

The main families of open source licenses

There are two main categories:

Les permissive licenses (MIT, BSD, Apache 2.0): they allow code to be reused, including in proprietary projects, provided the author and the original license are mentioned. They offer great flexibility.

Les copyleft licenses (GPL, LGPL, AGPL, CeCILL): they require that derivative works are also distributed under the same license. That's what we call the“contaminating” effect or “viral.” If you incorporate GPL-licensed code into your proprietary software, you may be forced to release all of your code under the GPL.

The risk of contaminating the proprietary code

The main risk for businesses lies inuncontrolled integration of open source components in a proprietary code. If a developer uses a library under a strong copyleft license (GPL, for example) in a commercial project without measuring the consequences, the company could find itself in the position of having to publish all of its source code under a free license.

Concrete example: A startup developed SaaS accounting software. One of its developers integrates a library under the GPL license to manage PDF exports. If the license is not respected, a competitor could require the release of the source code of the entire application, or a rights holder could act in infringement.

This is why it is essential to set up a open source components management policy, including an inventory of licenses used and a regular audit.

Source code audit: an essential security tool

What is a source code audit?

THEsource code audit is a technical and legal examination of software code, carried out by IT experts and/or specialized lawyers. It can cover several dimensions:

La intellectual property compliance : verification of ownership of rights, identification of third-party components and open source licenses used, detection of possible plagiarism.

La cyber security : looking for vulnerabilities, security breaches and poor development practices.

La code quality : evaluation of the maintainability, documentation and robustness of the software.

Under what circumstances should an audit be carried out?

Source code auditing is particularly recommended in the following situations:

Before a acquisition or fund raising (technological due diligence), to assess the real value of the software asset and identify legal risks.

During a Change of IT provider, to check the status of the code and ensure reversibility.

In case of Suspicion of counterfeiting, to compare the disputed code with the original source code and to establish similarities.

To check the open source license compliance and prevent the risk of contaminating the proprietary code.

Is it legal to consult the source code of software?

The answer depends on the context. French law provides exceptions to copyright in terms of software, but they are strictly regulated.

Decompilation: a limited exception

THEArticle L122-6-1 of the CPI authorized the decompilation of the object code (the opposite operation of compilation, which allows the source code to be partially reconstructed) under a very specific condition: it can only be performed for ensure interoperability of independent software with other programs. The information obtained cannot be used for other purposes, nor communicated to third parties, nor used to develop competing software.

Observation, study and testing of the software

The legitimate user of software can observe, study, or test its operation to determine the ideas and principles that are the basis of its elements, provided that this is done during normal loading, display, execution, or storage operations. This means that you can analyze the behavior of software that you have legally acquired, but not copy or reproduce its source code.

The backup copies

The user with the right to use a software can carry out a backup copy if it is necessary to maintain the use of the software. However, this exception is limited to this single use.

In practice: pay attention to contractual clauses

Beyond legal exceptions, software license agreements often contain restrictive clauses that further limit user rights (prohibition of reverse engineering, decompilation, code analysis, etc.). You should carefully read the general conditions of use before undertaking any process of analyzing the source code of third party software.

Source code counterfeiting: risks and sanctions

What is software counterfeiting?

Counterfeiting is defined as violation of one of the rights of the author of a software defined in article L122-6 of the CPI. It can take several forms:

La Servile copy : the identical reproduction of the source code of a software.

La partial copy : the resumption of certain protected elements of the software (parts of the source code, architecture, structure).

THEUnauthorized use : the exploitation of software outside the framework provided for by the license (exceeding the number of authorized users, continuation of use after the expiration of the license, unauthorized modification of the source code).

To establish counterfeiting, judges rely on a Cluster of clues and are attached to Similarities between the software in question, not their differences. A technical expertise report, comparing the number of identical lines of code, the algorithmic structures and the particularities of style, is generally decisive.

Penalties incurred

Type de sanctionDetail
Sanction penaleLe délit de contrefaçon est puni de 3 ans d'emprisonnement et de 300 000 euros d'amende (articles L335-2 et L335-3 du CPI).
Sanction civileLe contrefacteur peut être condamne au versement de dommages et intérêts pour réparer le préjudice subi : consequences économiques negatives, manque a gagner, perte subie, préjudice moral et benefices realises par le contrefacteur.
Mesures d'interdictionLe tribunal peut ordonner la cessation de l'exploitation du logiciel contrefaisant, sa destruction et la publication du jugement.
Saisie-contrefaçonLe titulaire des droits peut obtenir du President du Tribunal judiciaire une ordonnance autorisant un huissier, assiste d'un expert, a proceder à la saisie du logiciel contrefaisant (article L332-4 du CPI).

Convictions for source code counterfeiting can be very severe. Courts have handed down sentences of several million euros, in particular in cases involving the poaching of employees and the taking over of a competitor's source code.

Unfair competition: a complementary basis

In addition to infringement proceedings, it is often possible to act on the basis of Unfair competition (article 1240 of the Civil Code). This basis is particularly useful when it is not possible to demonstrate the originality of the software (a necessary condition for infringement proceedings), but when unfair behavior can be established: parasitism, slavish imitation, massive poaching of employees.

Python, JavaScript, Java source code: does the language change protection?

No, the programming language used is irrelevant. Have your source code written in Python, in JavaScript, in java, in C#, in PHP, in Ruby, in Go or in any other language, copyright protection is the same.

What matters is the originality of the work: the architectural choices, the structuring of the code, the technical solutions selected, the programming style. Python source code can be just as original and protectable as Java or C++ source code.

On the other hand, some programming languages are more “readable” than others, which can facilitate unauthorized reproduction. Interpreted languages (Python, JavaScript, PHP) are by nature more exposed than compiled languages (C, C++, Java), because the source code is directly accessible in distributed files. This is an element to take into account in your protection strategy.

Best practices for managers and managers: a regulated subject

Source code protection is a subject that lies at the intersection of intellectual property law, contract law, labor law, and corporate law. The issues are too high to be addressed without legal support.

The most common mistakes — absence of a rights transfer clause in a service contract, uncontrolled use of open source components, absence of probationary evidence, ownership conflict with a former employee or a co-founder — can have major financial and operational consequences for a company.

It is strongly recommended to call on a specialized lawyer for:

Write or audit your software development, service and license agreements.

Structure transfers of intellectual property rights in your employment contracts and internship agreements.

Establish a management policy for open source components.

Organize the repository and the ESCROW of your source code.

Defend your rights in case of counterfeiting or unfair competition.

Anticipated legal support makes it possible toavoid disputes And of secure the value of your digital assets over the long term.

FAQ: Source code and intellectual property

Is source code intellectual property?

Yes. The source code is protected by the copyright as a work of the mind, in the same way as a literary or artistic work. Article L112-2 of the Intellectual Property Code expressly includes software in the list of protected works. Protection is automatically created as soon as the code is created, without any registration formalities, provided that the code is quirky (that it reflects a creative effort specific to its author).

Is it legal to consult the source code of software?

It depends on the context. La Decompilation (reconstitution of the source code from the object code) is authorized only for a specific purpose: to ensure interoperability with other software (article L122-6-1 of the CPI). Observation, study and testing of the software are possible under normal use. On the other hand, any reproduction or reuse of the source code without the authorization of the rights holder constitutes an infringement. You should also check the terms of the license agreement, which may restrict these rights.

How can I protect my source code?

Several mechanisms can be combined: the deposit with a trusted third party (APP, Vaultinum, etc.) to pre-constitute the proof of authorship and the date of creation; the writing of solid contract terms (transfer of rights, confidentiality, guarantee of eviction); the establishment of a Escrow contract to secure relationships with your customers; the realization ofregular audits to verify the compliance of open source licenses; and possibly the filing of a patent if the software integrates a patentable technical innovation.

What is the Intellectual Property Code?

The Intellectual Property Code (CPI) is the legislative text that brings together in French law all the provisions relating to literary and artistic property (copyright, related rights) and to the industrial property (patents, trademarks, designs and models). It is organized into two main parts and is the legal framework of reference for the protection of intellectual creations, including software and its source code.

What is a source code audit?

A source code audit is a thorough review software code, created by technical and/or legal experts. It makes it possible to verify the ownership of intellectual property rights, to identify the third-party components and open source licenses used, to detect possible plagiarism, to assess security vulnerabilities, and to measure the overall quality of the code. It is particularly recommended before a business acquisition, a fund raising, a change of service provider or in case of suspicion of counterfeiting.

What is the difference between open source license and royalty-free software?

A software Open source is not “royalty-free” software. It remains protected by copyright, but its author chooses to grant broader rights of use, modification and distribution, under a license (MIT, GPL, Apache, etc.). Strictly speaking, “royalty-free” software is software whose author has relinquished all rights, which is extremely rare. Failure to comply with the terms of an open source license is an infringement that is subject to sanctions.

Article written by Guillaume Leclerc, business lawyer in Paris, 34 Avenue des Champs-Élysées

Articles connexes

Voir tous nos articles juridiques

Guillaume Leclerc
Auteur 

Guillaume Leclerc

Lawyer since 2018, I advise and represent companies and managers to secure their current commercial relationships (negotiation and drafting of contracts) as well as in the management of their disputes.