Open source software (OSS) is the backbone of modern development, but as adoption grows, so do the legal challenges around license compliance. Two recent court cases – Sebastian Steck (and SFC) v. AVM and Entr’ouvert v. Orange S.A. – have reinforced the importance of businesses adhering to OSS licenses. These cases highlight the legal enforceability of OSS license obligations, the financial and reputational risks of non-compliance, and the increasing willingness of courts to impose significant penalties.
I had the opportunity to discuss these cases during a webinar with Russ Eling of OSS Consultants, where we explored our 2025 predictions and “license compliance taken more seriously than ever” was one of the five. To illustrate this point, I highlighted these two court cases, which serve as strong examples of how businesses are facing legitimate legal and financial consequences for failing to comply with OSS licenses.
Here’s what we can learn from them.
Sebastian Steck v. AVM: David vs. Goliath
The first case is a classic David vs. Goliath story. Sebastian Steck, an individual developer, took on AVM, a major European router manufacturer, over violations of the GNU Lesser General Public License (LGPL) v2.1.
In 2021, Sebastian Steck purchased an AVM FRITZ!Box 4020 router and requested access to the FRITZ!OS source code, the operating system that the router runs (which is a modified version of Linux). While AVM provided the source code, it was incomplete, lacking the necessary scripts for compilation and installation. These scripts are essential for users to compile and reinstall modifications of the original software on their devices, as stipulated by the LGPL. As a result of this, and with support from the Software Freedom Conservancy (SFC), Steck filed a lawsuit against AVM in a Berlin court in July 2023.
In June 2024, the court ruled in Steck’s favor, awarding him €7,500 in legal expenses and AVM ultimately provided the missing scripts. While the fine was relatively small, the symbolism of an individual enforcing OSS license obligations against a corporate giant makes this case significant. It demonstrates that even single developers can hold companies accountable under open source licenses.
Entr’ouvert v. Orange S.A.: A Record-Breaking Fine
The second case involves a huge fine – a rare event in open source legal disputes. Entr’ouvert, a French software company, developed Lasso, an authentication library licensed under GNU General Public License (GPL), version 2. Orange S.A., a telecom giant, modified and distributed Lasso without complying with the GPL, failing to provide the corresponding source code.
Entr’ouvert sued Orange, and in February 2024, the Paris Court of Appeal ruled in favor of Entr’ouvert, ordering Orange to pay over €900,000 in damages. What makes this ruling particularly noteworthy is that it included €150,000 in moral damages—an extremely rare consideration in OSS-related cases. This ruling sends a strong message that courts are willing to impose heavy penalties on companies that disregard OSS licensing terms.
Key Takeaways
These two cases reinforce several crucial points about OSS license and copyright compliance:
- OSS obligations are not optional: Companies must treat open-source license obligations as seriously as proprietary software agreements.
- OSS licenses are legally enforceable: Courts have consistently upheld open-source license terms, showing that violations can and will be pursued.
- Violating OSS licenses can lead to big fines: The €900,000 fine against Orange sets a precedent that non-compliance can be costly.
Both cases demonstrate that open source license compliance is not just a legal formality – it’s an enforceable requirement. Businesses using OSS need to have defined third-party software usage policies and rigorous governance processes, backed by software composition analysis (SCA) tooling, to avoid legal risks.
This is exactly why discussions like the one I had with Russ Eling are so important. As open source adoption continues to grow, so will legal scrutiny. Corporations, particularly those manufacturers of software-embedded products, must take these lessons seriously to avoid financial, operational and intellectual property impact.
Frequently Asked Questions
What are common risks of consuming open source software?
While there are certainly more that could be named, let’s look at three primary risks associated with using open source software: Dependency Risk, Legal Risk, and Source Code Data Leakage. Learn more about risks related to consuming open source software.
What are software licenses and obligations?
Integrating OSS into your software product offers cost-effectiveness, rapid development, and community collaboration. However, it also brings copyright and licensing considerations. Each OSS project is protected by copyright law, and the license associated with it dictates how you can use, modify, and distribute the software. Check out the definitions of open source, copyright, and software license; and common license obligations.
How do I implement open source license compliance?
Open Source Software Compliance Management ensures organizations understand and adhere to the licensing requirements of the open source components they use. Follow these basic steps to implement open source license compliance for software development.
