Any organisation developing or fine tuning AI systems, particularly LLMs, needs to be ALL OVER how their IP is protected. IP protection for model components such as weights is a complex legal issue. Model weights in AI are numerical values that determine the strength of connections between nodes in a neural network. AI models adjust these weights during training to improve predictions or decisions based on input data. This adjustment process allows the model to "learn" from vast amounts of data, fine-tuning its accuracy in tasks such as image recognition or language translation. Traditionally, copyright does not extend to facts or the functional aspects of a creation. Model weights straddle this boundary, being both a product of immense computational effort and a representation of the underlying data on which the AI was trained. Current legal frameworks do not explicitly address the status of AI-generated data, including model weights (however in the USA it seems to be the case AI generated data is not protected by copyright). The principles underlying the EU’s Software and Database Directives provide a foundation for analysis. While the software enabling AI functionalities might be copyrightable as a literary work, the status of model weights is more ambiguous due to their nature as outputs from processing vast datasets, rather than direct human creation. The key question revolves around originality and the role of human authors in the creation process. According to the CJEU, for a work to be protected under copyright, it must be the author's own intellectual creation, reflecting the author's personality and choices (the Painer case). These criteria becomes blurred when considering model weights, where the "creation" process is largely automated and driven by algorithms following predefined objectives. Given the challenges associated with copyright protection, the sui generis rights established under the EU Database Directive offer an alternative approach. These rights protect substantial investments in obtaining, verifying, or presenting the contents of a database, regardless of originality. Model weights could potentially be viewed as part of a database, particularly if one considers the extensive computational resources and expertise required to train AI models. However, this interpretation hinges on whether model weights can be considered a "database" in the legal sense. The Directive's broad definition of databases may provide sufficient ground for this argument, especially given the structured nature of model weights within an AI's architecture. The potential application of copyright or sui generis database rights to AI model weights has significant implications for the commercialisation of AI technologies. Recognising these protections would grant developers legal mechanisms to control the use, distribution, and modification of their AI models, influencing licensing agreements and business models within the AI industry.
Engineering Software Licensing
Explore top LinkedIn content from expert professionals.
-
-
Last week, I overheard a CIO say, “If we can’t see it, we can’t control it.” It hit home ⚾ So many teams still struggle with SaaS license sprawl, paying for tools no one actually uses. But here’s the real shift: forward-thinking organizations are moving from “just stay compliant” to “actively reharvest and reallocate.” License harvesting isn’t just about cutting costs. It’s about making sure every license delivers value, and every euro spent is traceable to impact. When management and procurement becomes a lever for optimization, not a blocker, IT and product teams suddenly have the freedom to innovate without waste. It’s a mindset change: from hoarding licenses “just in case” to treating software like any other strategic asset: Monitored, measured, and constantly right-sized. Anyone else seeing this mindset take root? How are you making license reharvesting part of your operating rhythm?
-
🚨 Salesforce SELA Contracts – Don’t Fall for the Bundling Trap If you're negotiating a Salesforce SELA (Salesforce Enterprise License Agreement), beware: 👉 Bundled pricing might look like a discount—but it often locks you into shelfware and unnecessary products. We’ve seen too many CIOs realize—too late—that their “custom deal” was just a pre-packed bundle with inflated baseline costs. In our latest breakdown, we cover: ✅ How to secure decoupled pricing and maintain flexibility ✅ What to push back on during SELA negotiations ✅ Real-world tactics to avoid overcommitting on products you don’t need 🎥 Watch: Salesforce SELA – Avoiding Bundling Traps and Securing Decoupled Pricing If you're entering renewal talks or facing a multi-cloud lock-in risk, this is essential viewing. #Salesforce #SELA #CloudNegotiation #Procurement #CIO #SaaSContracts #EnterpriseSoftware #VendorManagement #RedressCompliance
-
Great devices ship when RA and engineering build together 🤝 Regulatory can feel like a moving target for tech teams. The cure is not more paperwork. It is shared structure. Treat compliance as a product feature: clear intended use, clean design inputs, linked risks, and evidence that matches what you claim. When RA sits inside the build loop, teams move faster and avoid late surprises from NBs or FDA. Practical moves that work: ↳ Embed an RA partner in sprint planning and backlog grooming. ↳ Write design inputs with acceptance criteria that cite the rule or standard. ↳ Keep a simple trace matrix that links user needs, risks, tests, and GSPR or 21 CFR clauses. ↳ Schedule quick risk check-ins at every design review. ↳ Freeze claims and IFU language before verification starts. ↳ Run a pre-submission file skim together and fix gaps early.
-
🧩 Technical Standards every MedTech professionals should know! Whether you're dealing with a Class I device, Class III or building an AI-based SaMD, aligning with the right standards is critical for regulatory success and product quality. But where do you start? Which ones are essential for your compliance? Of course, specific standards depend on device type, intended use, and market. But today I decided to share those standards that form the foundation of regulatory expectations across the industry. 👇 Here's a selection of technical standards every MedTech or regulatory team should be aware of, with recent updates and what’s coming! 🛡️ 𝗚𝗲𝗻𝗲𝗿𝗮𝗹 𝘀𝗮𝗳𝗲𝘁𝘆 𝗮𝗻𝗱 𝗾𝘂𝗮𝗹𝗶𝘁𝘆 📌 ISO 13485 Medical Devices - Quality Management Systems 📌 ISO 14971 Medical Devices - Risk Management 📌 IEC 62366-1 Medical Devices - Usability Engineering 📌 ISO 10993 series Biological Evaluation for Medical Devices 📌 IEC 60601 Series Electrical Safety Requirements 📌 ISO 15223-1 Medical Devices - Labelling 💻 𝗦𝗼𝗳𝘁𝘄𝗮𝗿𝗲, 𝗜𝗻𝗳𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗮𝗻𝗱 𝗔𝗜 📌 IEC 62304 Software Life Cycle Processes 📌 ISO 27001 Information Security Management Systems 📌 ISO 42001 Information technology - Artificial intelligence - Management system 🧪 𝗖𝗹𝗶𝗻𝗶𝗰𝗮𝗹 𝗜𝗻𝘃𝗲𝘀𝘁𝗶𝗴𝗮𝘁𝗶𝗼𝗻, 𝗖𝗹𝗶𝗻𝗶𝗰𝗮𝗹 𝗣𝗲𝗿𝗳𝗼𝗿𝗺𝗮𝗻𝗰𝗲 𝗦𝘁𝘂𝗱𝗶𝗲𝘀 📌 ISO 14155 Medical Devices - Clinical Investigations 📌 ISO 20916 IVDs – Clinical performance studies 📣📣 What’s New: 📘 ISO 14155:2026 → Clinical investigation of medical devices for human subjects — Good clinical practice → Edition 4, 2026 published in March. 📘 ISO 10993-7:2026 → Biological evaluation of medical devices Part 7: Ethylene oxide sterilization residuals → Edition 3, 2026 just published. 📘 ISO 20417:2026 → Medical devices - Information to be supplied by the manufacturer → 2026 Edition published, and 2021 officially withdrawn. 📣 What’s Coming: 📘 ISO 18969 → A new standard for clinical evaluation of medical devices → Under development, now in Draft International Standard (DIS) stage. ⚠️ Staying up to date and monitor standards stage is not just good practice, it's essential to ensure compliance as expectations evolve. New versions may change what's acceptable in risk management, testing, documentation, and more. This is why, on the MedBoard platform regulatory intelligence is not just about regulations and guidance. 👉 Real-time monitoring includes standards updates, adoptions, and country recognitions. So teams can stay informed, all in one place. 💬 Which of these do you use most? #MedBoard #MedTech #MedicalDevices #RegulatoryAffairs #QualityManagement #RiskManagement #ClinicalEvaluation #Compliance #ISO13485 #ISO14971 #MDSW #ClinicalAffairs #PostMarketSurveillance
-
I reviewed an AI vendor's standard enterprise agreement recently. Liability capped at 12 months' fees. No IP indemnification for AI outputs. The DPA permitted "de-identified" data use for "service improvement", meaning the vendor could train models on derivatives of your data. The AI-specific section was two paragraphs bolted onto a SaaS MSA. This is the norm. AI contracts are still drafted on SaaS skeletons, but the risks are different. SaaS manages access to software. AI manages systems that process, learn from, and generate outputs using your data, risk categories traditional frameworks weren't built for. After negotiating a fair number of these, here are the patterns that keep surfacing. Lesson 1: Standard terms heavily favour the vendor Stanford/TermScout research: only 17% of AI contracts include documentation compliance warranties (vs. 42% in SaaS). Only 33% offer IP indemnification. Liability caps sit well below enterprise software norms. AI vendors argue, not without merit, that probabilistic outputs make rigid warranties difficult. But negotiate tiered warranties linked to use-case risk, performance metrics with remedies, and indemnification covering training data provenance and output IP claims. Lesson 2: The AI addendum is where real protection lives Most agreements separate AI terms from the core MSA. This addendum is where data training restrictions, output ownership, audit rights, and performance standards should be addressed. If the vendor doesn't offer one, ask. If it's two paragraphs of aspirational "responsible AI" language with no operative provisions, push back. Lesson 3: Output ownership needs explicit treatment Copyright protection for AI outputs is unsettled. Your agreement should assign output ownership to the customer, confirm no secondary use rights for the vendor, and address the IP chain: the vendor should represent its model was trained on permissioned data. If they won't warrant provenance, understand the exposure you're accepting. Lesson 4: Audit rights and transparency are negotiable You should have the right to audit, or receive third-party reports on, the vendor's AI practices. Fairness testing, bias evaluations, training data documentation. These are standard expectations under the NIST AI RMF and EU AI Act. At minimum, require model cards describing intended use and known risks. Lesson 5: Build regulatory change into the contract The EU AI Act's GPAI obligations took effect August 2025. Texas, Colorado, Utah, California are advancing AI legislation. Include a mechanism for amendments triggered by law changes, without full MSA renegotiation. AI vendor agreements are maturing. But you don't have to wait for the market. If your vendor says "we can't change standard terms", in my experience, they usually can. (Depends on party position, deal size, and context. Not legal advice.) #AIContracts #ContractNegotiation #InHouseCounsel #AIinLegal I go deeper in my newsletter. Link in the comments.
-
Finally! The EU MDCG has delivered the regulatory clarity we've been waiting for Digital Health and Apps Stores in the EU. The new MDCG 2025-4 Guidance on Medical Device Software Apps officially confirms what many of us have been advocating: Apple and Google are now explicitly classified as Medical Device Software Distributors under EU MDR & IVDR Article 14 because of their Apps Stores. This means both tech giants bear legal liability for medical device software apps distributed through their platforms. No more regulatory grey zone. 𝐖𝐡𝐚𝐭 𝐓𝐡𝐢𝐬 𝐂𝐡𝐚𝐧𝐠𝐞𝐬: For Platform Operators: - Legal responsibility to ensure proper MDR/IVDR compliance before allowing medical device apps on their stores - Obligation to verify manufacturer compliance documentation - Potential liability for non-compliant medical device software distribution For SaMD Developers: - Clearer regulatory pathway with defined distributor responsibilities - no loss of connection to their patients - Reduced compliance uncertainty when launching digital therapeutics - should they use app stores or not? - Platform operators now share accountability in the medical device supply chain - closing the gap on traceability to better protect people from harmful and faulty Digital Health apps. The guidance specifically addresses section 3.2, establishing that major app stores cannot simply act as neutral platforms when distributing medical device software. They're now active participants in the regulatory framework. This development fundamentally shifts how digital health solutions reach patients. Every digital therapeutics company, SaMD developer, and health app creator now operates under a framework where Apple and Google must actively ensure medical device compliance. 𝐓𝐡𝐞 𝐑𝐞𝐚𝐥𝐢𝐭𝐲 𝐂𝐡𝐞𝐜𝐤: While this provides much-needed clarity, implementation will be complex. How will these platforms verify compliance? What review processes will they establish? The next 12 months will be critical as both sides adapt to these new obligations. Would we see the same interpretation in the EU, UK, or AUS? At Complear, we've been preparing for this regulatory evolution. We're developing digital tools to help both platforms and manufacturers navigate these new distributor obligations efficiently. We are witnessing a new era of software accountability, with even Big Tech platforms having to comply with everyone else's rules, and assume their critical role in medical device distribution of Digital Health. #MDCG #MedicalDevices #SaMD #DigitalHealth #MDR #IVDR #RegulatoryCompliance
-
🚨 𝗧𝗵𝗲 𝗦𝗼𝗳𝘁𝘄𝗮𝗿𝗲 𝗟𝗶𝗰𝗲𝗻𝘀𝗶𝗻𝗴 𝗟𝗮𝗻𝗱𝘀𝗰𝗮𝗽𝗲 𝗜𝘀 𝗕𝗲𝗶𝗻𝗴 𝗥𝗲𝘄𝗿𝗶𝘁𝘁𝗲𝗻. In just the past few weeks, we've seen seismic shifts in how software publishers approach licensing—and the implications that are far-reaching. 🔍 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 is aligning its online services pricing globally, removing regional pricing advantages. SPLA licenses are being restricted to only a handful of cloud providers, effectively locking out third-party platforms. Compliance risks and cost escalations are now a real threat for many. 🎨 𝗔𝗱𝗼𝗯𝗲 has restructured its Creative Cloud offerings, introducing AI credit tiers and hiking prices. The move signals a broader trend: AI is no longer a feature—it’s a licensing metric. Even single-app plans now come with drastically reduced AI credits, nudging users toward more expensive bundles. ☕ 𝗢𝗿𝗮𝗰𝗹𝗲 has intensified its push for Java licensing under a universal employee-based model. Organizations are being approached based on download logs and IP tracking, often pressured into multi-year contracts. The cost impact? In some cases, over 1,000% increases. 📉 𝗜𝗻𝗱𝘂𝘀𝘁𝗿𝘆-𝘄𝗶𝗱𝗲, perpetual licenses are fading fast. Subscription fatigue is growing, yet vendors continue to double down on recurring revenue models. Meanwhile, the secondary market for software licenses—especially in Europe—is quietly gaining momentum, offering legal, cost-effective alternatives. 🤖 AI is entering license management: Real-time audits. Automated reallocation. Predictive compliance alerts. 🌐 Regulatory forces like the EU Data Act and the Cloud Act are reshaping how vendors store and process customer data, with direct implications for licensing terms and cross-border operations. 💬 𝗪𝗵𝗮𝘁 𝗧𝗵𝗶𝘀 𝗠𝗲𝗮𝗻𝘀 Software licensing is no longer just a procurement issue—it’s a strategic imperative. The rules are changing, and so must our approach. 1. Are we prepared for vendor lock-in? 2. Are we auditing usage vs. entitlements? 3. Are we exploring open-source and secondary market options? 4. Are we ready to negotiate with AI-powered insights? 📢 SAM, ITAM team, this isn’t just about cost—it’s about control, compliance, and clarity in a rapidly evolving digital ecosystem. 🗯️ 𝗜𝘀 𝘆𝗼𝘂𝗿 𝗶𝗻𝗯𝗼𝘅 𝗮𝗹𝗿𝗲𝗮𝗱𝘆 𝗶𝗻 𝘁𝗵𝗲 𝗳𝗶𝗿𝗲 𝗳𝗶𝗴𝗵𝘁𝗶𝗻𝗴 𝘀𝘁𝗮𝘁𝗲 ❓ #SoftwareLicensing #DigitalStrategy #AI #ITGovernance #CIOInsights #Adobe #Oracle #Microsoft #OpenSource #Compliance #EnterpriseTech
-
🚫 Stop Over-Validating Software in Medical Device Quality Systems I continue to see medical device manufacturers struggling with an overly complex approach to software validation. All too often, GAMP® 5—a framework designed primarily for pharmaceutical manufacturing systems—is applied by default. The result? 🔹 Excessive documentation 🔹 Long validation timelines 🔹 High costs with limited added compliance value 👉 Software validation for medical devices should be risk-based. There are established, regulator-recognized tools specifically designed for medical device quality management systems (QMS), including: ISO/TR 80002-2 (software validation for medical devices) and FDA Computer Software Assurance (CSA) guidance. These approaches align with ISO 13485, 21 CFR Part 820, and FDA expectations—while enabling a far more efficient and pragmatic validation strategy. Are these methods as exhaustive as GAMP® 5? No. Are they appropriate, defensible, and compliant for many medical device software applications? Yes. 📊 Recently, I used these approaches to validate: Temperature monitoring system → validation planning completed in 6 hours. Mid-sized ERP system → validation planning completed in 14 hours. The outcome: compliant software validation, reduced effort, and faster deployment—without compromising patient safety or regulatory expectations. If you’re working in Quality Assurance, Regulatory Affairs, CSV, or Digital Transformation and want to modernize your software validation approach, feel free to connect or reach out.