Subscribe

Reverse-engineering and disassembly of IBM mainframe software in breach of software licence (IBM v LzLabs) – Part 1

19 May 2025. Published by Helen Armstrong, Partner and Oliver Sainter, Senior Associate

In IBM United Kingdom Ltd v LzLabs GmbH and others [2025] EWHC 532 (TCC), the High Court has provided useful guidance on what constitutes unlawful reverse engineering and the extent of the Software Directive's statutory exceptions to software copyright protection set out in the Copyright, Designs and Patents Act 1988 (the CDPA). 

Background

IBM and Winsopia, a subsidiary of LzLabs, entered into a licence agreement (the ICA) for use of IBM's mainframe software and other products (the IBM Software) within the Winsopia enterprise (defined as Winsopia and its subsidiaries).

The ICA expressly prohibited Winsopia from:

  • Reverse assembling, reverse compiling, otherwise translating, or reverse engineering the IBM Software unless expressly permitted by applicable law; or
  • Sublicensing, assigning, renting or leasing the IBM Software or transferring them outside Winsopia's enterprise in the UK.

Winsopia supplied LzLabs with IBM programs and outputs, which LzLabs used to develop and market its own mainframe software (known as the Software Defined Mainframe (SDM)) in competition with IBM.

IBM became suspicious and requested an audit of Winsopia's compliance with the terms of the ICA.  Winsopia refused to comply on the grounds that the request exceeded the ambit of IBM's contractual audit rights and sought to impose unreasonable demands within unreasonable timeframes.

IBM then purported to terminate the ICA and other related licence agreements. Winsopia disputed the validity of the termination.

The claim

IBM commenced court proceedings, alleging that Winsopia's actions breached the ICA's restrictions on reverse engineering of the licensed software and transferring IBM code and that LzLabs and the other defendants had procured that breach of contract.  IBM sought a declaration that it had lawfully terminated the ICA, an injunction restraining further use of the IBM Software, and an account of profits and/or damages.

The defendants argued that Winsopia did not reverse engineer IBM Software and only transferred customer applications, not IBM Software. They defended the claim on the basis that their activities, undertaken as lawful users, fell under the following rights conferred by the Directive 2009/24/EC (the Software Directive), as embodied in the CDPA 1988:

  • Decompilation where necessary for the purposes of interoperability only – i.e. creating other software that can be operated with it or another program (CDPA 1988, Section 50B);
  • Observation, study and testing of the functioning of a computer program in order to determine its underlying ideas and principles (CDPA 1988, Section 50BA); and For the purpose of correcting errors, unless the agreement states otherwise (CDPA 1988, Section 50C)

(together, the Statutory Exceptions).

At the trial on liability, the court found that many of Winsopia's actions – such as reverse engineering by disassembling IBM code, transferring IBM code fragments to LzLabs, and recreating IBM data structures – breached the ICA's restrictions and did not fall under the permitted exceptions. However, some isolated activities were allowed under the interoperability exception.

Key issues

The court considered several key issues. This article focuses on the following:

  • The key legal principles applicable under the Software Directive and CDPA 1988;
  • Whether any of the alleged breaches fell within the Statutory Exceptions;
  • Whether Winsopia's actions were in breach of the ICA.

The validity of IBM's audit request and subsequent termination of the ICA is examined in a second article, which you can find here.

Was the Software Directive / CPDA 1988 engaged?

While this was not a claim for breach of copyright (as IBM had the benefit of a direct contractual claim under the ICA), the court did consider the application of the Software Directive/CPDA 1988 in the context of the interpretation of the ICA and the application of the Statutory Exceptions.

In particular, the CPDA 1988 stipulates that where a person has a contractual right to use a computer program, any contractual clause purporting to prohibit or restrict the interoperability and observation, study and testing Statutory Exceptions set out above shall be void.

While the issues of construction relating to the ICA were fact specific, the court held that:

  • The ICA was to be construed against the factual matrix of the Software Directive, so as to avoid any conflict where possible.
  • If it were impossible to construe the relevant provisions of the ICA in accordance with the provisions of the Software Directive, the conflicting provisions would be null and void.

In this case, the relevant clause of the ICA prohibiting acts of reverse engineering contained the proviso “unless expressly permitted by applicable law without the possibility of contractual waiver”.  The court accordingly held that this indicated a common intention to read the words in the light of, and subject to the provisions of the Software Directive, including the Statutory Exceptions.

Key legal principles

In its examination of the issues, the court drew on the following key legal principles derived from the Software Directive and subsequent case law:

  1. Copyright protection for computer programs extends to expression of the program, but not functionality per se.

    In particular, copyright protects the source code, object code and the design of the program – i.e. the way in which the program is drawn up and designed.  It does not protect the ideas and principles underlying the functionality of the program – i.e. the service which the user expects from it.

    That said, expression of the author’s creativity is not limited to the source code and object code - it extends to other content that expresses creativity. This would include the choice, sequence and combination of words, figures or mathematical concepts selected by the author of the program are. 

  2. The Statutory Exception permitting observation, study and testing of the functioning of a program by a lawful user does not extend to copying/adapting the source code.

    This exception reflects the principle above, namely that reproducing functionality  does not infringe copyright, but reproducing/adapting the underlying source code to replicate the functionality would.  A lawful user (such as a licensee) is therefore entitled to observe the output of a program in response to a given input in order to determine its behaviour and reproduce the same functionality in another program. They are not, however, entitled to gain access to the source or object code of the computer program and reproduce the expression of the intellectual creation of the copyright owner;

  3. The Statutory Exception permitting decompilation by a lawful user where necessary for the purpose of interoperability as subject to the legitimate interests of the copyright owner. 
    Accordingly, a lawful user of a computer program is entitled to decompile and/or reproduce that part of the program known as the interface, described in Article 6 of the Software Directive as the logical and physical interconnection and interaction required to permit all elements of software and hardware to work with other software and hardware and with users in all the ways in which they are intended to function. If, however, the source code or object code is used to create another computer program that is substantially similar in its expression, such conduct is likely to constitute partial reproduction in breach of copyright.

The above principles caused the parties to focus on the extent to which the Software Directive grants any right to a lawful user of licensed software to reverse engineer an interface and, in that context, what is meant by an interface.  The court, however, ultimately held that the key issue was not whether an interaction could be described as an interface, but whether the particular code was an "expression" (and not merely ideas or principles) for the purposes of applying the testing Statutory Exception or "information necessary to achieve interoperability" for the purposes of applying the interoperability Statutory Exception. 

The court acknowledged that the Software Directive is framed in very general language and therefore that its application to any given set of facts requires careful analysis of the technical and factual context in which the issue is to be determined.

Application of the legal principles to the facts

IBM's position on breach was that Winsopia used or permitted the IBM mainframe software to be used for the purpose of development of the SDM and/or otherwise reverse engineered parts of the IBM mainframe software.

The court noted that the prohibited actions under the ICA (being reverse assembly, reverse compilation, other translation, or reverse engineering of the IBM software programs) did not have a standard definition within the computer science community.  At a high level, however, the experts agreed on the following descriptions:

  • Reverse assembly – using a tool to rebuild assembly code from binary object code;
  • Decompiling – using a tool to recreate a high-level language source code from a program's binary object code;
  • Translation – changing the language or form of the code whilst retaining its sense;
  • Reverse engineering – testing or analysing the internal structures or workings of an application to ascertain how it has been built and/or how it is executed.

The court analysed each alleged breach in detail and, while a small number fell within the interoperability Statutory Exception, the court ultimately held that the majority of actions by Winsopia amounted to breaches of the ICA.   

Notably, the Judge held that the breaches committed by Winsopia "could not be described as isolated errors; their nature and extent, and the duration over which they occurred, are indicative of deliberate and systematic disregard of the terms of the ICA”.  Further, the court found that Winsopia had concealed its connection with LzLabs when entering into the ICA, that LzLabs had procured breach of the ICA by Winsopia and that there had been an unlawful means conspiracy between the defendants in respect of reverse engineering the IBM Software to develop and market its own substitute.

Key takeaways

There is no unrestricted right to reverse engineer computer programs in the UK, without the copyright owner's authorisation. This case demonstrates that the UK courts are not afraid to find companies in breach of licence agreements (and copyright legislation) and will interpret the Statutory Exceptions in the Software Directive / CDPA 1988 narrowly. 

In particular:

  1. The exception under Article 5(3) allowing "observation, study and testing" of the functioning of a program by a lawful user to determine its underlying ideas and principles does not extend to reserve engineering, copying, or adapting source code or object code where there is a reproduction of the expression of the copyright author's own intellectual creation.

     

  2. Decompiling or reproducing an interface for interoperability purposes under Article 6 is subject to the Berne 3-step test and if the code is used to create another computer program substantially similar in its expression, there is a risk of copyright infringement.

IT companies involved in alternative software and system development where there are proprietary software and systems in the market, such as IBM's, should consider ways to ensure that "clean room" procedures remain clean and that internal codes of conduct regarding separation are adhered to. Where these procedures and practices fall down, the judgment brings into focus the stringent analysis the courts will apply in examining licensee rights under the Software Directive and in construing a software licence that restricted some or all aspects of reverse engineering.

More broadly this costly and complex case involving multiple experts reinforces the fact that giant mainframe software licensors such as IBM will aggressively defend their IP rights when faced with a licensee that refuses to cooperate with audit requests and apparent breaches.

Licensees should carefully consider the principles and requirements of the Software Directive/CDPA when seeking to rely on the Statutory Exceptions and should cooperate with audit requests.

The case may be subject to appeal by LzLabs.

Stay connected and subscribe to our latest insights and views 

Subscribe Here