Unlicensed Software Audit Demand Letters

BSA, SIIA & Vendor Software Compliance Audits

Software Audit Overview

📋 How It Starts: Software audits typically triggered by former employee tip, reseller report, or BSA/SIIA investigation. Demand letter arrives requesting voluntary audit or threatening copyright infringement lawsuit.

Types of Software Audits

Audit Type	Who Conducts	Typical Trigger
BSA (Business Software Alliance)	Trade group representing Microsoft, Adobe, Autodesk, etc.	Whistleblower reports; targets mid-large companies
SIIA (Software & Information Industry Association)	Trade group for software/content publishers	Similar to BSA; broader software vendors
Direct vendor audit	Software publisher (Microsoft, Oracle, SAP, etc.)	Contract audit rights; compliance verification
Reseller audit	Authorized reseller reporting suspected piracy	Competitive intelligence; lost sales

Legal Basis for Audits

Copyright infringement: Installing software beyond licensed copies = reproduction/distribution under 17 U.S.C. §106
Contract breach: License agreements specify number of seats/users; excess = breach
Audit rights: Many enterprise licenses include contractual audit provisions
Statutory damages: Up to $150,000 per work for willful infringement (each software title = separate work)

Typical Settlement Structure

BSA/SIIA settlements usually include:

Retroactive licenses: Pay for all unlicensed copies discovered × MSRP × multiplier (1.5–3×)
True-up payment: Bring company into compliance by purchasing needed licenses
Compliance commitment: Implement software asset management (SAM) program
Future audit rights: Agree to periodic audits
No admission of wrongdoing: Settlement framed as "voluntary compliance"

⚠️ Cost Reality: Settlements range from $50k for small companies to millions for large enterprises. Fighting is expensive (federal copyright litigation), so most companies settle.

Responding to Audit Demands

Initial Response Strategy

🚨 Don't Ignore: Ignoring BSA/SIIA or vendor audit letters leads to copyright infringement lawsuit with statutory damages exposure. Engagement is necessary, but on your terms.

Acknowledge but don't admit: Respond that you received letter and are reviewing
Don't provide immediate access: You have no legal obligation to allow audit without court order (unless contract requires it)
Assess internal compliance: Conduct your own audit before letting them in
Engage counsel: Software audit lawyers can negotiate scope and protect your interests
Preserve evidence: Litigation hold on all software inventory records

Self-Audit Checklist

Before responding, determine your exposure:

Inventory all software: What's installed on workstations and servers?
Gather purchase records: Licenses, invoices, proof of purchase for all software
Count installations: How many copies installed vs. licenses owned?
Check license types: Per-device, per-user, concurrent user, enterprise?
Review contracts: Do you have audit obligations in license agreements?
Calculate gap: Unlicensed copies × MSRP × typical multiplier = potential settlement

Negotiating Audit Scope

If agreeing to audit:

Limit scope: Only software from vendors represented by auditor (not all software)
Specify methodology: What tools will be used? Manual vs. automated?
NDA requirements: Protect confidential business information
Dispute resolution: Process for challenging audit findings
Timeline: Reasonable time to prepare and conduct audit
Cost allocation: Who pays for audit? (Usually auditor if initiated by them)

Common Audit Findings

Issue	Explanation	Defense
Over-deployment	More installations than licenses	Prove unused installations, virtual machines counted twice, license transfers
Indirect access / multiplexing	Users accessing via terminal server/Citrix using fewer licenses than users	Challenge vendor interpretation; cite license terms allowing indirect access
Reassignment without proper tracking	Licenses reassigned from departed employees but not documented	Prove licenses were reassigned, not additive
Downgrade rights not recognized	Using older version under downgrade rights but auditor claims separate license needed	Cite license agreement allowing downgrades
Bundled software claimed separately	Software included with hardware/OS counted as separate license needed	Prove OEM/bundled license included

Settlement Negotiation

Leverage points:

Challenge counts: Dispute methodology and inflated numbers
Reduce multiplier: Argue from 3× down to 1.5× or 1× (especially if inadvertent)
Use true-up purchases: "We'll buy licenses going forward at MSRP, reduce retroactive penalty"
Ability to pay: Financial hardship can reduce settlement (but requires documentation)
Litigation cost comparison: Remind them litigation is expensive for both sides

Software Vendor Demand Letters

Vendor-Side: Initiating Audit

If you're a software publisher pursuing unlicensed use:

Pre-Audit Intelligence Gathering

Tip verification: Investigate whistleblower claims (ex-employee, reseller)
Purchase history: Compare customer's purchase records to typical deployment patterns
Technical evidence: License server logs, activation records, support tickets indicating more users than licenses
Public information: Company size (employees on LinkedIn), locations, job postings mentioning your software

Demand Letter Strategy

Professional tone: Frame as compliance verification, not accusation
Contractual audit rights: Cite license agreement audit provision (if exists)
Voluntary cooperation: Emphasize benefits of self-audit vs. litigation
Settlement incentive: Offer reduced multiplier for voluntary compliance
Deadline: 30 days to respond; longer than typical IP demands given complexity

BSA/SIIA Engagement

Software publishers can engage BSA or SIIA to pursue audits:

Advantages: Industry credibility; shared audit costs; intimidation factor
Process: BSA/SIIA sends initial demand; conducts audit; negotiates settlement; vendor receives share
Settlement split: Vendor typically receives retroactive license fees; BSA/SIIA may take percentage

Escalation Path

Stage	Action	Timeline
1. Initial demand	Letter requesting voluntary audit or purchase records	30-day response deadline
2. Follow-up	More detailed evidence of infringement; settlement proposal	Additional 30 days
3. Final demand	Formal settlement offer with deadline; threat of litigation	14-30 days
4. Litigation	File federal copyright infringement lawsuit	After all settlement efforts exhausted

Sample Demand Letters

Sample 1: Software Vendor Initial Audit Request

[Software Company Name] [Address] [Phone / Email] [Date] [Target Company Name] [Address] Attn: Chief Technology Officer / IT Director Re: Software License Compliance Review – [Your Software Product] Dear [Company]: We are writing regarding your use of [Software Product Name], for which [Your Company] holds exclusive copyright and licensing rights. Our records indicate that your company has purchased [number] licenses of [Software Product] over the past [timeframe]. However, we have reason to believe that your actual deployment exceeds your licensed quantity. LICENSE COMPLIANCE VERIFICATION: Section [X] of our Software License Agreement grants us the right to verify compliance with license terms through periodic audits. We are now exercising this right. We request that you: 1. Conduct a self-audit of all installations of [Software Product] within your organization; 2. Provide a detailed report of: • Total number of installations (workstations, servers, virtual machines) • Number of active users • License keys in use • Purchase records and proof of license ownership 3. Submit this information within 30 days. ALTERNATIVE: VOLUNTARY AUDIT Alternatively, we can arrange for an independent third-party auditor to conduct a software asset management audit at our expense. This would involve: • Installation of audit software or manual review (with your approval) • Confidentiality agreement protecting your proprietary information • Jointly agreed-upon audit methodology • Dispute resolution process for any findings SETTLEMENT INCENTIVE: If the audit reveals unlicensed installations, we are prepared to work with you to bring your organization into compliance through: • Purchase of additional licenses at current pricing • Reasonable payment plan for retroactive license fees (reduced multiplier for voluntary cooperation) • Implementation of software asset management best practices This approach is significantly more cost-effective than copyright infringement litigation, which would involve: • Statutory damages of up to $150,000 per software title (17 U.S.C. §504(c)) • Your legal defense costs ($100,000+) • Injunctive relief • Potential criminal penalties for willful infringement for commercial advantage NEXT STEPS: Please respond within 30 days indicating your willingness to cooperate. We prefer to resolve this matter amicably and help you achieve compliance. Contact [Name] at [Email/Phone] to discuss audit scheduling or self-audit procedures. Sincerely, [Your Name] [Title] [Software Company]

Sample 2: BSA Audit Demand

BSA | The Software Alliance [Address] [Date] [Company Name] [Address] Attn: Chief Executive Officer CONFIDENTIAL Re: Software Licensing Compliance Matter Dear [CEO Name]: The Business Software Alliance (BSA) represents the world's leading software companies, including [list: Microsoft, Adobe, Autodesk, etc.]. We have received information suggesting that your company may be using unlicensed software from one or more BSA members. INFORMATION RECEIVED: We have obtained credible information indicating that [Company Name] has installed and is using commercial software products without proper licensing, including: • [Software Product 1] - estimated [X] unlicensed installations • [Software Product 2] - estimated [Y] unlicensed installations • [Additional products] USE OF UNLICENSED SOFTWARE: Using software without proper licenses violates federal copyright law (17 U.S.C. §101 et seq.) and exposes your company to substantial liability, including: • Statutory damages: $750 to $150,000 per infringed work • Actual damages and infringer's profits • Injunctive relief • Attorney's fees and costs • Potential criminal penalties VOLUNTARY COMPLIANCE PROGRAM: BSA offers a Voluntary Compliance Program that allows companies to self-report unlicensed software use and avoid litigation. Benefits include: • Significantly reduced settlement amounts compared to litigated cases • Confidential resolution • Assistance implementing software asset management policies • No public disclosure of non-compliance NEXT STEPS: We request that you respond within 30 days to: 1. Acknowledge receipt of this letter 2. Conduct an internal software audit 3. Work with us to resolve any unlicensed use If we do not receive a response, BSA members reserve all rights to pursue legal action, including filing federal copyright infringement lawsuits seeking maximum statutory damages. We strongly encourage voluntary cooperation. Please contact me directly at [Phone] or [Email] to discuss resolution. This matter is time-sensitive. We look forward to your prompt response. Sincerely, [BSA Representative Name] [Title] BSA | The Software Alliance

Sample 3: Company Response to Audit Request

[Your Company Name] [Address] [Date] [Software Vendor / BSA] [Address] Re: Response to Software Audit Request dated [Date] Dear [Vendor/BSA]: We acknowledge receipt of your letter dated [Date] regarding software license compliance. We take software licensing compliance seriously and maintain policies to ensure we operate within our license entitlements. However, we have several concerns about the audit request: 1. CONTRACTUAL AUDIT RIGHTS: We have reviewed our license agreements with [Vendor]. [If no audit right: Our agreements do not contain audit provisions, and we are under no legal obligation to permit inspection without court order.] [If audit right exists: Section [X] provides audit rights, but subject to [limitations: reasonable notice, defined scope, NDA, etc.].] 2. SCOPE OF REQUEST: Your request appears overly broad. We are willing to cooperate in a reasonable compliance review limited to: • Software products for which you have identified specific concerns • Methodology we mutually agree upon • Protection of our confidential business information under NDA • Dispute resolution process if we disagree with findings 3. PRELIMINARY REVIEW: We have conducted a preliminary internal review and believe we are substantially in compliance with our license obligations. [If minor issues: We have identified [X] potential discrepancies totaling [number] licenses, which we are prepared to address through purchase of additional licenses at standard pricing.] 4. PROPOSED RESOLUTION: We propose the following: • We will conduct a comprehensive self-audit within [60] days • We will provide summary findings (specific to software products you identified) • For any shortfalls, we will purchase true-up licenses at current MSRP • [If appropriate: We request waiver of retroactive penalties given our good-faith compliance efforts and willingness to resolve promptly] Please advise if this proposal is acceptable. We prefer to resolve this matter cooperatively without need for formal audit or litigation. Sincerely, [Your Name] [Title]

Defense Strategies

Challenging Audit Findings

Methodology disputes: Challenge automated tools that double-count, miss license transfers, or ignore license types
License interpretation: Argue your interpretation of ambiguous license terms (per-device vs. per-user, etc.)
Proof of purchase: Locate old purchase records, invoices from acquisitions, OEM licenses
Multiplexing defense: Terminal server/VDI use may be licensed (depends on license terms)
Downgrade rights: Using older versions under downgrade provisions doesn't require separate licenses

Reducing Settlement Amounts

Strategy	Approach
Challenge inflated counts	Dispute number of unlicensed copies; demand detailed methodology; conduct own audit
Reduce multiplier	Argue inadvertent non-compliance; cooperated fully; no commercial piracy intent → 1–1.5× instead of 3×
True-up offset	Purchase going-forward licenses at MSRP; offset against retroactive penalty
Financial hardship	Provide financials showing settlement would cause undue hardship; request payment plan
Laches defense	If vendor waited years to audit, argue unreasonable delay

When to Litigate vs. Settle

Settle if:

Audit findings are largely accurate
Settlement is reasonable (1–2× MSRP for retroactive, purchase going-forward licenses)
You want to maintain vendor relationship
Litigation costs exceed settlement amount

Consider litigation if:

Audit methodology is fundamentally flawed
Vendor claims are pretextual or abusive
Settlement demand is grossly excessive (5–10× MSRP)
You have strong defenses (license interpretation, proof of purchase vendor can't refute)
No contractual audit right exists and you want to force vendor to prove case

⚠️ Litigation Reality: Federal copyright cases are expensive ($200k–$500k through trial) and outcomes uncertain. Most rational businesses settle for 1.5–3× retroactive licenses rather than roll dice on statutory damages.

Preventing Future Audits

Software asset management (SAM): Deploy tools to track installations vs. licenses
Centralized purchasing: All software purchases through single IT procurement process
Regular self-audits: Quarterly reviews of compliance (find issues before vendors do)
License optimization: Right-size licenses; terminate unused subscriptions; negotiate enterprise agreements
Employee training: Prohibit installing personal or unlicensed software on work devices
Audit trail: Maintain detailed records of all purchases, installations, decommissions

Attorney Services for Software Audits

Facing Software Audit?

I represent companies responding to BSA, SIIA, and vendor audits, negotiating settlements, and defending copyright infringement claims. I also advise software publishers on audit programs and enforcement.

For Companies Being Audited

Respond to BSA, SIIA, and vendor audit demands
Negotiate audit scope and methodology
Conduct privileged internal compliance assessments
Challenge audit findings and inflated counts
Negotiate settlement terms and payment structures
Defend copyright infringement litigation if settlement fails
Implement software asset management policies

For Software Vendors

Design and implement audit programs
Draft audit demand letters and settlement proposals
Engage BSA or SIIA for collective enforcement
Negotiate license compliance agreements
File and prosecute copyright infringement lawsuits
Draft license agreements with enforceable audit rights

Why Specialized Counsel Matters

High-Stakes Negotiations: Software audits involve complex technical issues (license types, deployment models, multiplexing) combined with copyright law and contract interpretation. Experienced counsel reduces settlement costs by 30–50% on average through effective negotiation and audit challenge.

Representative Matters

BSA audits (Microsoft, Adobe, Autodesk products)
Oracle license compliance reviews
SAP indirect access disputes
Vendor audit right enforcement
Software copyright infringement defense
Enterprise license agreement negotiation

Schedule a Call

Book a call to discuss your software audit matter. I'll assess the audit demand, evaluate your exposure, and recommend strategy for negotiation or defense.

Contact Information

Email: owner@terms.law

Frequently Asked Questions

No. Without contractual audit rights, you have no legal obligation to permit audit or provide information without court order. However, refusing to cooperate often leads to copyright infringement lawsuit. Pragmatic approach: conduct self-audit, determine exposure, then decide whether to cooperate or force them to sue. If you're substantially compliant, cooperation may resolve quickly. If you're significantly non-compliant, litigation may be inevitable either way.

Formula: (Number of unlicensed copies) × (MSRP per license) × (Multiplier 1.5–3×) + (True-up licenses for future compliance). Example: 50 unlicensed copies × $500 MSRP × 2× multiplier = $50,000 retroactive + purchase of 50 licenses at $500 = $25,000 true-up = $75,000 total. Multiplier varies: 1–1.5× for inadvertent/cooperative; 2–3× for willful or uncooperative. Settlements range from $25k (small business) to millions (enterprise).

Yes. Everything is negotiable: number of unlicensed copies (challenge methodology), multiplier (argue good faith, cooperation), payment terms (installment plan), and true-up requirements. Vendors want settlement more than litigation (litigation is expensive and uncertain). Use this leverage. Also consider: purchasing future licenses offsets retroactive penalty; financial hardship documentation; correcting vendor's inflated counts. Skilled negotiation typically reduces initial demands by 30–50%.

Escalation: (1) Follow-up demand letters with more detailed evidence; (2) Final settlement offer with litigation threat; (3) Federal copyright infringement lawsuit seeking statutory damages ($750–$150k per work), injunction, and attorney's fees. Ignoring doesn't make it go away—vendors/BSA have resources to pursue litigation. Better approach: engage early, assess exposure, negotiate from informed position. Early cooperation typically results in better settlement terms than waiting until they file suit.