Access to the law includes access to the harmonised standards it predicates. But is it right that those standards can include royalty-due patents (SEPs)?

If you have been following the progress of the Cyber Resilience Act (CRA), you may have been intrigued to hear that the next step following publication of the Act as law in the Official Journal is the issue of a European Standards Request (ESR) to the three official European Standards Bodies (ESBs). What is that about? Well, a law like the CRA is extremely long and complex and conforming to it will involve a detailed analysis and a lot of legal advice.

Rather than forcing everyone individually to do that, the ESBs are instead sent a list of subjects that need proving and are asked to recommend a set of standards that, if observed, will demonstrate conformity with the law. This greatly simplifies things for everyone and leads to what the lawmakers call a “presumption of conformity”. You could go comply with the law based on your own research, but realistically that's impossible for almost everyone so you will instead choose to observe the harmonised standards supplied by the ESBs.

This change of purpose for standards is very significant. They have evolved from merely being a vehicle to promote interoperability in a uniform market – an optional tool for private companies that improves their product for their consumers – to being a a vehicle to prove legal compliance – a mandatory responsibility for all citizens and thus a public responsibility. This new role creates new challenges as the standards system was not originally designed with legal conformance in mind. Indeed, we are frequently reminded that standardisation is a matter for the private sector.

So for example, the three ESBs (ETSI, CENELEC and CEN) all have “IPR rules” that permit the private parties who work within them to embed in the standards steps that are patented by those private companies. This arrangement is permitted by the European law that created the mechanism, Regulation 1025/2012 (in Annex II §4c). All three ESB's expressly tolerate this behaviour as long as the patents are then licensed to implementors of the standards on “Fair, Reasonable and Non Discriminatory” (FRAND) terms. None of those words is particularly well defined, and the consequence is that to implement the standards that emerge from the ESBs you may well need to retain counsel to understand your patent obligations and enable you to enter into a relationship with Europe's largest commercial entities to negotiate a license to those patents.

Setting aside the obvious problems this creates for open source software (where the need for such relationships broadly inhibits implementation), it is also a highly questionable challenge to our democracy. At the foundation of our fundamental rights is the absolute requirement that first, every citizen may know the law that governs them and secondly every citizen is freely able to comply if they choose. The Public.Resource.Org case shows us this principle also extends to standards that are expressly or effectively necessary for compliance with a given law.

But when these standards are allowed to have patents intentionally embodied within them by private actors for their own profit, citizens find themselves unable to practically conform to the law without specialist support and a necessary private relationship with the patent holders. While some may have considered this to be a tolerable compromise when the goal of standards was merely interoperability, it is clearly an abridgment of fundamental rights to condition compliance with the law on identifying and negotiating a private licensing arrangement for patents, especially those embedded intentionally in standards.

Just as Regulation 1025/2012 will need updating to reflect the court ruling on availability of standards, so too should it be updated to require that harmonised standards will only be accepted from the ESBs if they are supplied on FRAND terms where all restrictions on use are waived by the contributors.

Links, Tags & Mentions

• #CRA #Patents #SEP #OpenSource #Reg1025 #Standards
• @carlmalamud@official.resource.org

Follow @webmink@the.webm.ink to be informed of new posts. To discuss this post please reply from Mastodon etc. (search for the URL) & include @webmink@meshed.cloud as WriteFreely still doesn't display replies. More.

But reciprocal patent licensing is very common in the software industry generally and open source in particular – it’s part of the terms of the Apache License for example – so the accusation seemed far more likely to be projection by the SEP-dependent legacy industries of Europe. One useful insight into the whispers to which DG COMP responded can be seen in the extra information AOM has added to its legal page in response to the matter. The questions they address have such obvious and innocuous answers that only express sophistry could have been behind such questions, given the sophistication of the actors involved.

This is all crucially important to open source software, and not just as an endorsement of reciprocal terms. While there are edge cases, generally open source projects avoid standards which embed royalty-due patents, not primarily because of the royalties but because of the need to submit to the control implied by privately negotiating terms with the patent holders – an obviously anti-competitive aspect for any market entrant, about which Europeans complain when others do it.

It only takes one patent aggressor to rob everyone of viable open source video, so it seems entirely reasonable to scrupulously maintain hygiene by requiring any beneficiary of AV1 to commit to waiving royalties (and thus their negotiation). AOM is creating standards expressly intended to allow implementation by open source projects, so their terms are both rational and reasonable … unless you want to keep open source out of your cozy market.

The clouds have not all dispersed. AOM’s licensing is unfortunately based on a non-OSI-approved license (for excellent reasons but still an issue). Hopefully this will become more and more unfashionable as open source expands its reach. Also significantly there are hostile patent pools which, unfathomably and without evidence their mountain of claims are actually essential, assert that the AV1 standards infringe patents in the pools.

But this is good progress and underlines that the “reciprocal” mechanisms so common in open source licenses are generally pro-competitive. Perhaps the Commission will now move on to ask why such an obviously anti-competitive arrangement as standards bodies permitting royalty-due patents in their specifications is still tolerated?

Notes, Tags & Mentions

• #OpenSource #FOSS #FLOSS #Patents #SoftwarePatents #SEPs #CODECs #AV1

Follow @webmink@the.webm.ink to be informed of new posts. To discuss this post please reply from Mastodon etc. (search for the URL) & include @webmink@meshed.cloud as WriteFreely still doesn't display replies. More.

I still meet people who think that implementing an “open standard” is something anyone can do freely. But it's unfortunately not so – the word “open” in standards is not used the same way as “open” in software. This difference exists for a reason, resisting even clarification by the European Interoperability Framework (EIF) v1 where pro-patent lobbyists managed to get the clarification removed in the subsequent version. Even if you can get the specification without having to pay a significant sum for the privilege, chances are a standard from a body like ETSI will have a high aggregate patent royalty associated with any implementation.

Why? For years, cartel-like behaviour by technology companies has used patents they have embedded in formal standards to control the markets they monetise. They do this not just legally but with the encouragement of market authorities, who regard it as a reasonable compromise despite the obviously anti-competitive nature of the practice (which they freely admit). So they describe as “open” any standard created under a standards-body process that is theoretically equally open to all, which thus circumvents the anti-trust rules.

Once embedded in the specification, “standard-essential patents” (SEPs) must then be licensed in order to implement technologies the companies include in core standards for mobile phones, media playback, consumer device functions and more. The terms are almost always based on per-unit royalties. This has proved extremely profitable, allowing companies to continue to harvest revenues from markets they may have been unable to monetise fairly via superior products. They are supposed to license on “Fair, Reasonable and Non-Discriminatory” (FRAND) terms, but recent research shows securing licenses can be extremely difficult, if not impossible. The European Commission is now legislating to partially address that in the upcoming SEP Directive, which is also perhaps motivated by a desire to address the use of the same system by China.

But in some ways the royalties are the least issue. By creating SEPs, the corporations also gain market control, again in a way that amazingly does not break any anti-trust laws. The presence of SEPs ensures that all newcomers who are attempting to enter or disrupt a market are forced into NDA-secret negotiations with their incumbent competitors to get licenses. Controlling who can compete is just as valuable to the incumbents.

It is not unknown for incumbents to use the covert control point of terms negotiation to disrupt market access by offering unreasonable terms regardless of commitments to FRAND licensing. This raises the barrier to entry in their markets and keeps costs — and thus consumer prices — high, while the market controllers are able to privately cross-license to each other to keep their own costs controlled and their margins high. The power asymmetry is also a valuable asset; courts start out assuming the supplicant is evading their responsibilities and may well intervene for the plaintiff while the case is running. Even without these extremes, it's common for patent owners to drag their feet to disadvantage licensees.

But what if vendors in China behaved in a similar cartel-like manner and then gained control of a critical mass of SEPs needed to implement critical technologies? What if they also used their patents to block foreign companies from the Chinese market and to tax their products when they are finally allowed? Seemingly with little sense of irony, representatives of the incumbents interviewed by the Financial Times complained of just those scenarios starting to appear because of the single-minded intensity of patenting activities by Chinese companies.

There's no doubt this is a threat to the livelihood of the incumbent companies. But perhaps the problem is not China but the practice of tolerating patents in standards itself? The lesson here is to carefully consider the privileges you exploit, lest others do the same. Live by the SEP, die by the SEP.

Notes, Tags and Mentions

• #FRAND #RAND #SEP #Patents #SoftwarePatents #Standards #SEPD #OpenSource
• If the story is paywalled try a longer ladder for fair use.
• The two papers linked above are worth reading independently of the story as they document the creeping regulatory capture of “FRAND” and the near-impossibility securing licenses for a SEP-encumbered standard:
  • Pocknell, Robert & Djavaherian, Dave, The History of the ETSI IPR Policy: Using the Historical Record to Inform Application of the ETSI FRAND Obligation (September 27, 2022). http://dx.doi.org/10.2139/ssrn.4231645
  • Lundell, Björn; Gamalielsson, Jonas & Katz, Andrew, Implementing the HEVC standard in software: Challenges and Recommendations for organisations planning development and deployment of software (February 3, 2023). https://doi.org/10.18757/jos.2022.6695

Follow @webmink@the.webm.ink to be informed of new posts. To discuss this post please reply from Mastodon etc. (search for the URL) & include @webmink@meshed.cloud as WriteFreely still doesn't display replies. More.