Got a software license audit letter from BSA - am I screwed?

Our company (manufacturing, 45 employees) just received a letter from the Business Software Alliance demanding a full software license audit within 21 days. They claim they have "credible evidence" of unlicensed software use.

Honestly - yeah, we probably have some compliance issues. When I started as IT manager 8 months ago, software licensing was a mess. Previous IT guy just installed whatever was needed without tracking licenses. I've been trying to clean it up but haven't finished.

I'm pretty sure we have:

• 3-4 unlicensed copies of Adobe Creative Cloud
• Maybe 5-6 extra Windows Pro installs beyond our volume license
• Some AutoCAD installations that might not be properly licensed (our engineers share logins)

The letter says we have to provide a complete inventory of all software, license documentation, and proof of purchase within 21 days or they'll pursue legal action.

What should I do? Ignore it? Respond and hope for the best? Hire a lawyer immediately? How bad can this get?

IP attorney here. DO NOT IGNORE THIS. BSA letters are serious and they absolutely will sue if you don't respond.

Here's what happens next:

1. If you ignore it: They file a copyright infringement lawsuit. Statutory damages can be $750-$150,000 PER SOFTWARE TITLE, plus attorney fees. For even a modest case, you're looking at $100K+ in damages.

2. If you respond and cooperate: You'll likely settle for 2-5x the retail cost of the unlicensed software plus back maintenance/subscription fees. Much cheaper than litigation.

What to do RIGHT NOW:

• Hire an attorney who specializes in software licensing disputes (don't use your general business lawyer)
• Conduct internal audit ASAP to know your actual exposure
• Do NOT delete or uninstall anything - that's destruction of evidence
• Have your attorney respond to BSA requesting extension to gather information
• Start settlement negotiations through counsel

Budget for this: $10K-$30K in legal fees, plus settlement amount which could be $20K-$100K depending on violations. It sucks but it's way less than litigation.

@IPAttorney_Sarah $100K+ settlement?? Our CEO is going to lose his mind. We're a $3M/year revenue company, that's huge for us.

Two questions:

1. How did they even find out? We didn't report ourselves obviously. Do they just randomly target companies?

2. If I run the audit myself and find we're missing like $15K worth of licenses, can I just go buy them now and then say we're compliant?

Went through BSA audit in 2023. To answer your questions:

1. They usually find out from disgruntled employees who report companies to their hotline. Sometimes IT vendors tip them off. Occasionally it's just industry targeting.

2. NO - don't just buy licenses and pretend you were always compliant. They want proof of WHEN you purchased licenses vs when you installed software. If you try to backdate compliance it looks like you're covering up, which makes settlement harder.

Our situation: We had about $25K in unlicensed Microsoft and Adobe products. Settled for $62K total ($25K for licenses, $18K in back maintenance, $19K penalty). Painful but could've been way worse if we fought it.

The key is cooperating fully and showing good faith. We got credit for immediately buying the proper licenses as part of settlement.

@ITManagerDan - Don't panic about the $100K number. That was worst-case litigation scenario. If you cooperate and settle, it'll likely be much less.

Typical settlement formula:

• Cost of missing licenses (retail price)
• Back maintenance/subscription fees (usually 2-3 years)
• Penalty multiplier (1.5x - 3x depending on severity and cooperation)
• Your legal fees to negotiate

So if you have $15K in unlicensed software:

$15K (licenses) + $9K (3 years maintenance at ~20%) + penalty multiplier of 2x = ~$48K settlement, plus your legal fees (~$8-12K).

The multiplier goes DOWN if you:

• Respond quickly and cooperatively
• Conduct thorough self-audit
• Immediately purchase compliance licenses
• Implement compliance procedures going forward

The multiplier goes UP if you:

• Delay or obstruct
• Destroy evidence
• Underreport violations
• Were previously audited and still non-compliant

Former software asset manager here. For your internal audit, use tools like:

• Microsoft: MAP Toolkit (free) or License Advisor
• Adobe: Adobe License Decoder or manual Creative Cloud admin console review
• General: Lansweeper, Spiceworks, or PDQ Inventory to scan all endpoints

Document EVERYTHING:

• Every installation found
• All license certificates/purchase orders you have
• Email trails showing purchase approvals
• Credit card/invoice records from software vendors

The better documented your audit, the more credibility you have in negotiations. If you show up with a professional inventory and honest accounting, BSA is more likely to be reasonable.

Update: Talked to CEO and CFO. They're freaking out but agreed to hire an attorney. Got a referral to someone who handles these cases.

Started running inventory scans. It's looking worse than I thought:

• 7 unlicensed Adobe CC seats (we only bought 3, have 10 active)
• 12 extra Windows Pro beyond our volume agreement
• 6 AutoCAD seats vs 4 licenses
• 2 copies of some random engineering software I didn't even know we had

Rough math is like $35K in retail software cost. Based on @IPAttorney_Sarah formula I'm looking at $70-100K total exposure. CEO is talking about firing the previous IT guy but he left 2 years ago so probably can't do anything.

CFO perspective: This is why we budget for software compliance audits. Set up recurring calendar reminders to audit your software annually. It's way cheaper to stay compliant than to settle violations.

For going forward after you settle this:

• Implement software request/approval workflow
• Quarterly license reconciliation
• Offboarding checklist that includes returning software licenses
• Employee training on not sharing logins or installing unauthorized software

Most importantly: Document that you've implemented these controls as part of settlement. Shows good faith and reduces penalty multiplier.

@ITManagerDan - $35K in unlicensed software is significant but not catastrophic. You're solidly in settlement territory, not "make an example of them" litigation territory.

Your attorney will likely:

1. Request extension of response deadline (usually granted)

2. Conduct privileged internal audit (protects you from having to disclose everything)

3. Initiate settlement discussions before submitting full response

4. Negotiate payment terms (many settlements allow 12-24 month payment plans)

The fact that you're a small manufacturer, the violations appear negligent rather than intentional, and you're cooperating will all help. Don't be surprised if you settle for $60-80K total including legal fees.

Budget for it, learn from it, implement controls, move on.

Quick update: Attorney sent letter to BSA requesting 45-day extension to compile records. They granted 30 days.

We're finishing the full audit and attorney is already having preliminary settlement discussions. BSA's initial demand was $145K (!!!) but attorney says that's standard - they always start high and expect to negotiate down.

He thinks we'll settle around $65-75K based on our cooperation and the nature of violations. We're also immediately purchasing all the proper licenses we need (~$38K) which will count toward settlement.

Still expensive and painful, but at least there's a path through this that doesn't destroy the company.

For anyone else reading this thread in similar situation: Take software licensing seriously. The BSA is aggressive and they have the resources to pursue companies of any size.

They represent Microsoft, Adobe, Autodesk, Oracle, and dozens of other major vendors. When you see their demand letters, they're not bluffing.

Final resolution: We settled for $68,500 total. Breakdown was:

• $38,000 for proper licenses (we had to buy them)
• $22,000 in back maintenance fees
• $8,500 penalty (they waived most of it due to cooperation)

Plus $11,200 in legal fees. All in, about $80K to resolve.

Payment plan over 18 months. We have to submit quarterly compliance reports for 2 years.

Expensive lesson but could have been way worse. Implementing all the compliance procedures recommended here. Never want to go through this again.

Thanks everyone for the advice, especially @IPAttorney_Sarah. Hiring the right attorney made a huge difference in the settlement amount.