Recently my company was asked by a customer to develop a control board that includes firmware and PCB layout development. After finishing development the customer will buy the control boards at certain quantity every year.
We are now at making contract stage, the customer is wanting my company to handover both the firmware source files and PCB layout files after development. We could give the PCB layout files but we don’t want to give the firmware files as we’re worried about they may find third party to produce the control board so that we may have nothing.
However from the customer point of view, they are concerned that they could be in risk situation if my company for some reason stops selling the boards. Is there any “common” practice to make contract regarding this?
The most common practice in this case is to place the software and PCB’s in Escrow – essentially an independent third party hold copies of the files and releases when certain conditions are met (or not) by the various parties. The Escrow agreement defines the conditions that allow the release of the files (typically bankruptcy, contractual failure etc).
There are companies that specialise in this, however is is something that your lawyers can do on your behalf. In more than one case where I have worked, the files have been encrypted and sent to the customer with each update. The encryption key has been lodged with the companies lawyers (in some cases ours, in some cases the customers), along with the agreement of when the key is to be released to the customer, and what the customer is allowed to do with those files. (e.g. – the customer can use the files to continue to manufacture products we cannot supply, but it does not own the IP, and therefore may not sell the source or use it for any other purpose. The advantage of this is there is you do not get a bill from the lawyers every time you release an updated product.
The Escrow agreement is critical and must be drawn up very carefully. It is not something that you should attempt without legal advice.
You’re writing a contract. Have the contract define the terms under which they could use the source. Include a term that says that they’re only able to take the source to a 3rd party on the condition that your company no longer exists and/or refuses to do business with them. To give yourself extra protection, you could put the code in escrow and have a 3rd party hold it until they are allowed to have it.
This is not a technical problem – leave the details to the business and legal departments.
Because this is a rather common concern, it has a convenient solution called Source Code Escrow. The idea is to deposit and periodically update the sources with a third party which will hand them over to the customer of your company should your company go into bankruptcy.