AI and Software: Understanding Legal Risks and Protection

min readpublished onupdated on

It is possible to commit an act of counterfeiting by integrating code suggested by AI when the associated licence does not allow this. There is also the question of whether software made up of code generated by AI remains "original", which is a condition of copyright protection.

IA and software: understanding legal risks and protection
AI and Software: Understanding Legal Risks and Protection
Table of contents

Risk of violating the licence of code suggested by artificial intelligence

When AI suggests code, it is not creating new code, but drawing on existing code from its databases. It is therefore essential to know to which licence this code is attached. If the original code is protected by a licence that prohibits its use under certain conditions, reproducing it could constitute an infringement of copyright. This is a particularly high risk in the case of AI, which can generate code based on a multitude of different sources. To be able to suggest code, AI, particularly machine learning systems, has been trained on vast databases containing billions of lines of source code from a variety of sources, including open source projects, code libraries, developer forums and other resources. Artificial intelligence learns patterns and structures from these databases and uses this knowledge to generate code.

However, the source code on which the AI is based may be protected by intellectual property rights. Some of these licences may be permissive, allowing wide use and modification of the code. Others may be more restrictive, limiting the use, distribution or modification of the code. For example, some licences may prohibit commercial use of the code, while others may require that any modifications must also be made open source.

If a developer incorporates code subject to a restrictive open source licence, this could potentially constitute a breach of the original source code licence, exposing developers and their companies to the risk of legal action for infringement of intellectual property rights. However, when these tools suggest code, they give no information about its legal status or the licence to which the code is subject.

This risk is not theoretical, last November Microsoft, GitHub and OpenAI were the target of a class action in the United States concerning Copilot, GitHub's AI, accused of violating the terms of open source licences and infringing developers' rights. The claim is for nine billion dollars in damages.

Copilot is a tool developed by GitHub that uses artificial intelligence to suggest code to developers. It uses Codex from OpenAI to generate code recommendations, particularly for Microsoft's Visual Studio. It has been trained on billions of lines of code from various public sources, including numerous open source projects. Copilot is able to transform natural language instructions into code suggestions, which can help developers code faster and focus on business logic rather than the code base. It accurately suggests the next step in a development by suggesting code as the person is programming. It goes through the suggestions to decide whether to accept or reject them.

Another question arises for developers who create software from lines of code generated by artificial intelligence. If this source code is subject to a contaminating open source licence such as the GPL, the software that incorporates the code suggested by the AI will be subject to this licence. However, if the developer is unaware of the legal status of the code, due to a lack of information from the AI, the developer runs the risk of unknowingly breaching the licence and being subject to prosecution.

Finally, there is the question of whether software developed from code generated by an AI is protected by copyright. In most countries that have signed the Berne Convention, software is considered to be an intellectual work and is therefore protected by copyright. The only condition for its protection is originality, i.e. proof of a personalised effort that goes beyond the simple implementation of an automatic and constraining logic.

Today, the contribution of Artificial Intelligence is limited to suggesting codes. However, copyright protection is not limited to source code, but also covers object code, preparatory work, architecture, tree structure, databases, graphical interfaces, fonts, etc. In addition, software development goes well beyond writing the source code and covers many aspects: technological choices, deployment, security constraints, etc. As long as the software as a whole is considered original, it remains protected by intellectual property rights, namely copyright.

Finally, the code generated by an AI tool may pose a security problem, due to the existence of faulty code or code containing security flaws. Developers need to be careful when using Copilot, for example, because of the high rate of faulty code. Not to mention the fact that Copilot is unable to provide any context for the supplied file.

In conclusion, it is essential that developers and companies ask themselves about the rights and licences for code generated by artificial intelligence that they incorporate into their own code, and about the guarantees they are able to provide, in particular by checking the conditions of use of the code.



The opinions, presentations, figures and estimates set forth on the website including in the blog are for informational purposes only and should not be construed as legal advice. For legal advice you should contact a legal professional in your jurisdiction.

The use of any content on this website, including in this blog, for any commercial purposes, including resale, is prohibited, unless permission is first obtained from Vaultinum. Request for permission should state the purpose and the extent of the reproduction. For non-commercial purposes, all material in this publication may be freely quoted or reprinted, but acknowledgement is required, together with a link to this website.

Marine Yborra CMO Vaultinum
Marine YBORRAMarine is our Marketing Director. She is a branding and brand activation specialist with international experience in BtoB and BtoC.