Australia: Consideration for IoT Technology Licence Agreements - Part 1

Last Updated: 6 September 2016
Article by Peter Karcher


  • The Internet of Things ("IoT") refers to the network of interconnected physical devices and equipment, in which those devices are capable of collecting, sending and receiving data autonomously, predominantly via wireless communications.
  • The integrated nature of IoT technology, which generally comprises multiple interacting products and services, raises particular issues when considering licence agreements for such technology.
  • Licensees should closely consider what contractual warranties a technology licensor is giving in respect of both hardware and software components of the IoT system, and what rights the licensee has if the technology falls short of expectation.
  • IoT technology, by its nature, involves the operation of physical objects and human interaction with, and reliance on, those objects. IoT technology therefore carries the risk of personal injury or property damage if the technology malfunctions, so liability for defects, limitations of liability, indemnities, and insurance coverage all require particular scrutiny in IoT licensing arrangements.


I recently moderated a forum on the theme of Succeeding in a Digital Economy attended by over 80 clients and guests of my firm. In the course of my introduction I asked the audience whether they were familiar with the term "Internet of Things". Surprisingly very few were, although I suspect that, like "New Media", "Tweet" and "#Hashtag", that will not be the case for very much longer.

Essentially the Internet of Things refers to the network of interconnected physical devices and equipment (other than computer terminals themselves) which is capable of collecting, sending and receiving data autonomously, predominantly via wireless communications.

The term has in fact been around since 19991, and most people will have already experienced the Internet of Things, or at least read about it conceptually. Driverless cars, Fitbit® watches, and smart thermostats are examples of IoT technology.

On a larger scale, the IoT is creating "Smart Cities" which embody intelligent traffic control and street lighting systems, pollution sensors, and efficient parking grids2. In industry, agriculture and construction, IoT technology is allowing business owners to better monitor, sort, collate and view data on assets such as machinery, crops and buildings. Experts differ on the current scale of the IoT, however there are estimates that between 20 and 50 billion objects will be part of the IoT by 20203.

For simplicity, this article considers a typical IoT scenario in which a particular technology is integrated into a device to allow it to collect and record data about the functioning of the device, and to send that data and receive other information. By being able to send and receive data, the device can be monitored and controlled remotely.

A particular technology licensor will have a core proprietary technology, which may in the form of a chipset or module designed to be incorporated into a newly manufactured or existing product, or piece of infrastructure. The licensor may have proprietary firmware (embedded software) as part of this base technology. A product specific interface may need to be developed in order to get the licensor's technology to "talk to" the licensee's particular product. Then a control system and user interface is required, which for a consumer product may be a simple iTunes/Google App. Or for public infrastructure, a more complex network of receivers and control points may be required, together with a software platform or portal by which the end user communicates with the system.

Given the rise in Software as a Service ("SaaS") and related technologies, these platforms are often hosted by the licensor (or in the Cloud) and maintained and supported by the Licensor, rather than comprising software which is downloaded and installed locally on the user's servers.


The licensing of IoT technology throws up some variations on the usual issues confronting a business when putting in place a technology licence, manufacture or distribution agreement. The added complexity stems largely from the integrated nature of IoT technology, which as can be seen from the introduction above, requires multiple components or services in order to deliver a functional product to the end user. This article is written largely from the perspective of an Australian licensee, manufacturer or distributor. Given that IoT technology is often US based, considerations involving a US licensor also receive some focus in this discussion.

The following sections highlight the issues which, in my recent experience, have proved the more significant or contentious issues in negotiating an IoT licence agreement. There are not a lot of decided cases in the area and it is likely that other issues of significance will emerge as agreements are tested in the courts.


Putting in place a licence agreement requires careful consideration of who is responsible for what, and who bears liability when something goes wrong. Template licence agreements from US licensors will invariably contain minimal or no warranties, as well as seeking to place the bulk of liability on the licensee.

Anyone who has looked at a few US licence agreements will be familiar with the CAPITAL LETTERS DISCLAIMER OF WARRANTIES, THAT PRODUCTS ARE PROVIDED "AS IS" ETC ETC4. This is obviously problematic from a licensee's perspective. While a licensee may be able to procure a limited5 warranty for any hardware components supplied by the licensor, obtaining warranties for the control platform can be more problematic.

In a recent negotiation the CEO of a US tech licensor told me that, while he was comfortable giving a hardware warranty, "software warranties were hard". This is, in part, because software technology may itself be built on existing standards, eg Bluetooth in the case of wireless technology. The functionality of Apps may depend on smartphone manufacturers such as Apple or Samsung and the corresponding operating systems they allow on their devices. Upgrades to technology by these ultimate providers, the release of new device models and operating systems etc, will themselves have an impact on the functionality which a licensor can provide or guarantee in its control system.

Rather than giving hard and fast warranties, a licensor will generally attempt to approach these issues via the concept of "supporting" their products and services. This may include setting out various "service levels", categorising incidents based on how critical their impact is to the system, and identifying target response and resolution times.

From a legal perspective, such service level agreements ("SLAs") can be very rubbery. They generally make no binding promises to fix issues affecting the functioning of the software system, and at best amount to an obligation to "try" to rectify problems. Breach of service levels rarely constitutes a material breach of the licence agreement or entitles the licensee to terminate the agreement.


A licensee in these circumstances should think about trying to negotiate one or more of the following:

  • a definitive warranty regarding the functioning of any hardware or software being supplied by a licensor. For example, if a licensor in the course of selling their technology has represented certain particular functionality on which the licensee has relied, the licensee should ask the licensor to stand behind that with a corresponding warranty. Often this can be achieved by incorporating relevant "scope" or "pitch" documents into the agreement as an annexure. Make sure that any "entire agreement" clause allows for this.
  • a positive obligation on the licensor to meet the stated service levels. At best a licensor will usually put their obligation to meet service levels on a "reasonable/best endeavours" basis.
  • concrete consequences for breach of support obligations/service levels, which may include credits for falling short of target service levels, or a right of termination or compensation in the event of repeated failures.
  • an "Availability" or "Uptime" guarantee for any software control platform. The specifics of this will vary based on the nature of the technology concerned and the licensee's requirements. For example, where the main purpose of the system is to monitor the condition of a device and transmit collected data, it may be sufficient that the system connects to the device and transmits information at least once in a 24 hour period.
    On the other hand, if the devices represent critical components of public infrastructure, for example traffic control systems, any downtime at all for the system is essentially problematic for the licensee.

Other tricks to look for from a licensee's perspective which may affect warranties and corresponding liability on the licensor's part include:

  • exclusions for issues caused by "Third Party Software". As mentioned above, the complex and layered nature of software technology means that often particular applications are built on a more general software technology or standard. At a minimum, licensees need to ask the question of licensors what, if any, third party software is involved in the system. If there is, they should ask licensors what contingencies or workarounds they have in place if the underlying software base were to become unavailable for any reason.
  • over zealous force majeure clauses which may provide "outs" for licensors, including in the event of data/IT security breaches, supply chain failures, and failure of third party components or systems. When acting for a licensee scrutiny should be given to ensure that such clauses only apply to the extent that such circumstances are not matters falling within the sphere of the licensor's contractual obligations. True "force majeure" circumstances should be genuinely beyond the licensor's control, the licensor having done all things reasonably expected to prevent the relevant circumstances arising6.

If a licensee cannot negotiate its preferred legal warranty/support position, then the size and reputation of their licensor partner will be important. At the end of the day it is a commercial question for the licensee, but if it has confidence in the licensor's track record of supporting the technology, it may see less risk in practice of accepting a less favourable contractual position.


Dovetailing with warranties is the issue of who bears liability when there is a failure or defect in the product/service. Given that IoT technology by its nature deals with the operation of physical devices, liability for personal injury and property damage inherently becomes an important risk issue for both parties, far more so than a conventional computer software licensing scenario. Consider the potential risks if a health/body monitoring system were to malfunction, or if your "Smart Home" forgot to turn off your oven or heater at the scheduled time.

Significant factual issues could arise as to causation of a fault in a system which potentially:

  1. involves a module (with firmware) supplied by the licensor;
  2. the module is inserted into a product manufactured by the licensee;
  3. the product utilises a product module interface designed by the parties together;
  4. the system is controlled in practice by a (separate) user interface designed and maintained by the licensor; and
  5. the entire system is controlled and operated by the end user!

Such factual complexities cannot be solved or avoided in the drafting of a licence agreement, however just getting to a point where each party agrees to bear ultimate liability for those parts of the system which they are supplying can be an arduous process.

Licensors will try to limit their liability on a number of levels, which may involve excluding liability for "consequential" loss, and/or placing a monetary cap on any direct loss suffered by the licensee. This can be problematic in the case of personal injury, where the risk of liability arising may be remote, but the potential quantum of loss very high.

In the case of consumer devices where technology may be relatively simple and sold at a small margin or low per unit cost by the licensor, the licensor may not have "priced in" the risk of personal injury liability as part of their commercial model and may therefore be reluctant to assume any responsibility at all. An overseas licensor in particular may see this risk as something to be taken on by the licensee in its role as the device manufacturer and seller to the end customer.

The licensee/distributor on the other hand knows they will be first "in the firing line" if something goes wrong with a product, especially where the technology licensor is based overseas.

Ideally a licensee would want an unlimited indemnity against loss suffered by the licensee relating to personal injury or property damage, where such loss can be attributed to the licensor's negligence or breach of the agreement (the latter can be harder to get than the former). If that is not possible, licensees ultimately need to assess the level of risk posed by the technology in question, however the following are possible compromise positions:

  • excluding only "consequential" and not direct loss; and/or
  • raising the overall liability cap in the case of personal injury.

Licensees should also check that their public and product liability insurance will respond to the full range of circumstances which may be foreseeable in an IoT technology system, and that any releases or limitations of liability granted in favour of the licensor do not prejudice the licensee's ability to claim under the policy.

It is advisable for licensees to seek some assurances in this regard from insurers or brokers based on the liability position as set out in the licence agreement.


Regulatory compliance is another area in which the licensee needs to take some care that they are not signing up for obligations which are beyond their control. For example, in the case of consumer products, a licensor's starting position may be that the licensee should be responsible for any regulatory or compliance issues in the licensee's domestic selling market.

Licensees may be prepared to take responsibility for products which they manufacture, however, the implementation of a consumer product such as a domestic lighting control may depend on a smartphone App maintained by the licensor. End users may in fact register directly with the licensor after downloading the relevant App, thereby entering into an end user licence agreement ("EULA") which the licensee is not even a party to and has no control over.

In the case of US based technologies for consumer products this is particularly an issue with respect to privacy law, for example. Australia has an arguably stricter and more unified regime than the US when it comes to collection, management and disclosure of personal information7. As often as not in my experience, Australian businesses themselves have non compliant privacy policies, therefore the chances that the generic privacy policies of US based licensors will be compliant with Australian law are not good.

Ultimately the starting point should be, as a general principle, that each party takes responsibility for regulatory compliance with respect to those parts of the system which they have responsibility for delivering.


The application of IoT technology in "Smart Cities" or in industry may require the establishment of a network of data receivers and transmitters, separate to the smart devices themselves, to provide an appropriate data link between those devices and the broader public telecommunications infrastructure. Licence agreements should be clear on who owns such intermediate network equipment, both during and after the term of the licence. The network may need to be upgraded or modified during the term, therefore the licence agreement should address who has the right to request changes to network architecture, in what circumstances, who bears the relevant cost, and what effect changes requested by a party may have on liability issues.

Any arrangement whereby equipment owned by one party forms part of a network operated by another raises issues under the Personal Property Securities Act 2009 ("
") if the arrangement qualifies as a "PPS Lease"8. In those circumstances the equipment owner (usually the licensor) will need to register its interest in order to preserve ownership rights against other secured creditors of the operating party (usually the licensee).

To assist in that regard a licensor will want some general provisions in the licence agreement regarding the cooperation of the licensee with registrations, and the waiver of some of the procedural aspects of the PPSA. Similar considerations would arise for the licensee with respect to their end customers if the licensee is the owner of network equipment which passes into the customer's possession.


As with any technology licensing arrangement, there is a range of other issues which will need to be considered in an IoT licence, including exclusivity, sublicensing rights, IP ownership, testing & acceptance procedures, FX provisions, as well as breach and termination. These and other issues will be addressed in detail in Part Two of this article.

While the legal complexities may seem daunting, clients who address the issues raised in this article in an organised but commercial manner will give themselves the best chance of success when embarking on an Internet of Things project.


1 That "Internet of Things" Thing, Kevin Ashton, RIFD Journal, 22 June 2009:

2 Some good examples of IoT technology are provided at:

3 See Gartner Says 6.4 Billion Connected "Things" Will Be in Use in 2016, Up 30 Percent From 2015, Gartner, 10 November 2015: and The Internet of Things: How the Next Evolution of the Internet is Changing Everything, Dave Evans, Cisco, April 2011:

4 This can actually work to a licensee's advantage if the licensor's local lawyers have not inserted an exception for non excludable warranties under the Competition and Consumer Act 2010 and taken advantage of the permitted limitations to resupply of the goods/services concerned, or paying the costs of having the goods/services resupplied – refer Australian Consumer Law Part 3-2, Division 1, esp. ss 64, 64A, although note these provisions only apply to certain types of transactions and may not apply depending on the circumstances.

5 In the sense of the warranty being limited as to time, and often limited to "defects" rather than a warranty as to particular functionality.

6 For example, a licensor should not be entitled to rely on a purported "force majeure" clause that includes "virus/security breach" in circumstances where the licensor has failed to maintain appropriate data security measures.

7 See for example Which countries are better at protecting privacy, by Constance Gurke, BBC Capital, 26 June 2013:

8 Personal Properties Securities Act 2009 section 13.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

Peter Karcher
Some comments from our readers…
“The articles are extremely timely and highly applicable”
“I often find critical information not available elsewhere”
“As in-house counsel, Mondaq’s service is of great value”

Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at and we will use commercially reasonable efforts to determine and correct the problem promptly.