 First of all, disclaimer for everyone here. If you're here thinking I'm talking about IP as internet protocol I hate to make it disappointed, but this is IP as in intellectual property, not IP internet protocol So we're not doing that talk It would be very strange to use OpenChain as a management tool for that kind of IP So anyhow, just to gauge the room is everyone familiar with OpenChain already? Seeing most people are good. We'll anyhow cover what OpenChain is just as sort of covering the fundamentals for everyone It's comfortable with what we're talking about But starting here, I have a confession to make. I am a former patent guy I used to work with the IP department of Ericsson the patent department I did that for a long time before joining the Ericsson Ospo So these are sort of my observations on how OpenChain is useful To get your Ospo or your open source compliance team to talk to your IP team Because in terms of compliance Both teams share a lot in common in terms of goals. They both have the goal of reducing the risk for the company by good compliance But open source is seen as sort of a strange thing for for the IP department So they don't really understand it So they could really become a valuable ally to you in in terms of Getting proper compliance process implemented and getting the company to take this seriously But we'll we'll get there in this talk So Some of you have seen this slide before because I always do it because it's a very good slide and I like to reuse So this is the open source awareness curve at the IP function in the company or the IP department So the first stage is we don't use open source Do we I think that Everyone sooner or later come to realize that we use open source. Not only do we use open source? We use a lot of open source Extreme amounts of open source in in our company. It's 80 to 90 percent open source in our products in terms of lines of code So the next stage you enter into bargaining as an IP person. Can we please stop doing this? It's strange I don't understand it. I don't want us using this. I only see risk here No, we're not gonna stop using open source It'd be laughter that laugh out of the the room if you have suggested at engineers, right? So what can you do you enter the depression stage? We are screwed. We can stop using the source I don't understand this with how should I do? Hopefully you emerge somewhere on on the other side as sort of the acceptance stage in Okay, we need to be smart about this and we need to develop strategies and processes to manage open source and manage the associated IP risk that comes with it so I Want to show in this talk sort of how open chain is a very useful tool to get IP people to the the acceptance stage where we offer them sort of a full methodology of Doing it and we do it in in in the boring form of an ISO standard So of course, it must be good because it's an ISO standard, right? We need to take that seriously So what's my job? I think this is sort of relevant for what is talk as well in terms of how how I view myself as sort of an IP person gone Fully to the open source side and instead of what I'm able to do and sort of how you it I'm partly a lawyer I'm partly a guardian for for the the IP. I'm partly an enabler of us making open source contributions Partly I tried to solve problems. I'm a bit of a psychologist to people bit of a technologies to lawyers I know more technology than them. I don't know more technology than my engineers differently But I'm at least able to translate sometimes Gardner in the sense that we need to grow an internal culture around open source Translator in terms of trying to translate What does these mean in the open source context to what does this mean the IP context and and how do we get people talking to We're out to each other and I think everyone here can relate to the fact that we're all sort of cultural anthropologists in the sense that we live among this strange tribe of open source people observing how they work right So I want to also say a few words about my employer Ericsson and just why Sort of it's a relevant then then the context I'm talking about when I talk about IP and Ericsson because for us It's it's a huge business asset so we have This is it's just some facts about the company we don't have to just spend too much time here But we can move on to I thought I had a slide on that apparently I did not have a slide on that Here it is. Sorry the number in in terms of patents. We have more than 60,000 granted patents worldwide and We generate about a billion US dollars a year in licensing revenue for those So of course our our IP division is our patent department is very much driving a business of their own, right? That need that's an asset that needs to be protected We need to balance our open source need versus our IP needs and get both to support each other So how have things happened in Ericsson what is is sort of our open source journey We have as many other have covered here today. We've gone from seeing it as as technology supply It's just something we pick up at something we use To being realizing there is it's no free lunch. We need to be part of it. We need to be contributing here And in terms of of joining up and being part of the community and contributing and and sort of all these things have Led us to get there eventually and virtualization of the networks. That's really been been a key driver in that In terms of of the volume of open source we use at Ericsson We have that have sort of scaled and trended upwards immensely as well from 6,000 Components and components doesn't then include dependencies. It's just top-level individual components that being brought in 6,000 in 2006 to 22,000 and on track to be a lot more than that in 23 So we consume a lot of open source. We have a lot of patents. They generate a lot of value Those are three key to take away so far Some of the projects that are super relevant for us is Sort of seen here. I think a lot of the projects are or represented here today The project I care about is the one over there open chain I care about the other ones as well, but that's that one. This is very close to my heart We don't have to cover how we we are organized But in terms of over Ospo it it's sort of I like to view it as three C's it's consumption It's contributing and it's compliance and it all starts with consumption if we didn't consume any open source We would not need to contribute to any open source, right? That's where it all starts So we use open source that leads to need to contribute, but we need to do all this with good compliance That's not the need to have for any or a good to have It's a need to have for us to be able to do this in a good way. We need to do it with good processes So some of the risks we talk about internally in Ericsson are sort of These and and you will see IPR as in in intellectual property rights are sort of On both sides here and something that needs to be managed and or and a risk that needs to be understood The fun thing is when one sort of when we add in the context of M&A's then we're not only And we're dealing with all of this but we're dealing with all of it as once for companies we acquire, right? So in that context We're dealing with the company all of our companies old sins And I have another talk that I've done another time on sort of how is open-chain useful as a tool in M&A transactions Those of you that those of you if you will attend the open compliance summit I think there is a panel on that as well If you're interested and I hope you're able to join us with that So that's the context that sort of Ericsson's view on on we have a lot of IP assets. We're using a lot of open source And we need to balance the needs of the company here So how do we get sort of understanding on both sides here? And here we have open-chain as sort of one of the solutions and one of the The ways to address this So what we have is I'm just gonna quickly go over open-chain And then we're gonna try to translate this into IP language and IP speak if you will so What open-chain sort of dictates it doesn't dictate the how right it just dictates what? What on a high level what do you need right? But it doesn't go into exactly what you should do So for example if we take a stupid example here on the first bullet It's the organization has an open-source policy. Okay, but open-chain will not tell you what that open-source policy should be That open-source policy and to be conformant with this might very well be No use of open source at all That's our policy I mean, it's a valid policy according to this. It's a bad policy But that's that's up for you to decide right what you want in your company You can still be conformant with such a policy It's not a very good policy, but open-chain doesn't go in to tell you The why it's a bad policy or what your policy should be it just says you should have a policy And the same goes for that the relevant staff has undergone training related to open source It doesn't go into the details of what that training should be or what it should cover or what it should look like There should be training and you need to define what the relevant staff is for how you scope your program We offer training material. I think arm very generously a few years ago Contributed their entire training deck to open chain So anyone can go online and find ready-made material But we're not going to tell you that you need to have use this training Can develop your own training cover the things that are relevant for your company and your situation, right? Open chain also says there should be a process for addressing open source software compliance in inbound software the software we consume That's very very reasonable and there should be a process for addressing open source software compliance during internal development And also for addressing open source software compliance in outbound products and services So that we covered in tire chain here in in terms of Of open source license of open source software compliance Then there should be a process for managing outbound open source contributions Again, we don't tell you what that process should be like We have says you should have a process if your process is every engineer is free to contribute to any project They like that's a valid process. That's good. You can have that Um, and then there should be documentation on how do we accomplish this? How do we go about? How are all these things done that should be documented? Uh, and there should be open source compliance artifacts that are structured sort of That the proof of this should be structured the same as every other company using the standards so that we can Easily verify if you're compliant to the standard because what we have in open chain is that it's a self certification We have external certification available. But the baseline is that you certify yourself, right? And then it's up to your customers to See, oh your your conformance to this you say can we see your your Conformance artifacts or compliance artifacts so we can verify That you are a conformance and that way sort of the market takes care of offsetting a minimum accepted bar In in that context, right? Much more on that later So what is sort of the intellectual property issues with open source? I would say one is that open source is seen as scary. That's the scary thing. They don't we don't really understand, right? It's a very different ip mindset in culture There's very little common language between traditional ip management Professionals and the open source community They're often very different or slightly different Missions in these organizations It's to some degree. It's different ideolo ideologies. That was a hard word between the organizations And open source is fundamentally it's based on copyright And that's a very hard ip right to manage because it's not a registered right. It just exists, right? So I don't think anyone here can honestly say that they know about all the copyright their company holds Because it's not registered anywhere. It's not it's not actively managed in the same way as a patent where you Every year you need to pay to keep the patent alive, right? That gives you an incentive to actively manage these assets, but with copyright. It's we have everything. It's it's just there It's managed, right? So we're going to cover a little bit on sort of how to resolve those issues But i'm going to give you a sort of quick translation guide here for For open chain to ip management or ip language if you will So we covered that the organization Has an open source policy. Okay. So in ip management terms, this means that the company accepts The company at the policy level sets what third party the ip dependencies are we willing to accept? Because in ip terms open source is it's not a software asset. This is not that it just represents ip that is external to the company That we have a dependency on So third party ip dependency sorry So here it's just with the policy we say, okay We are willing to accept third party ip dependencies if they're under permissive licenses, perhaps But we're not willing to accept copyleft Terms for our third party ip dependencies Or we go more detailed and say, uh, we're willing to accept copyleft provisions, but not Not if they have a network trigger such as adp l and not in in this particular product So secondly the relevant staff has undergone training to relate to open source. So in ip terms, it's That ip managers needs to understand this third party ip dependency To make you know informed decisions and not decisions based on on the wrong facts They need to understand it. Perhaps not everyone in the ip department or patent department needs to understand that But at least to some degree people do need to understand it so that there's someone who really understands that And that goes to address the first point we had before that open source is scary If you know about it, it's not scary. It might be Detailed and might be complex and complicated, but it's not scary So the third point here in That there is a process for addressing open source software compliance frame bound software It's that's just about making sure that ip risks in terms of compliance risks are managed already when you bring in the software, right? So already as as early as possible you manage these risks and when managing them in In in the product internal development Then it's about managing it in Each specific use case. So intake. Okay, then we have the specific use case. So that's bring us any particular ip risk problems. Okay, then we manage it there And then finally managing it in when in the released product. Okay, that's making sure that ip risks are managed in each When we release it to the market So that we have through the entire chain managed ip risk And to some degree, I think most here that that has patent department or an ip team They are doing this for your products anyhow But they probably don't have open source and open source compliance as part of that process Because they need to make sure that they have secured The adequate licenses to put the product on the market. It might be trademark licenses. It might be Uh licenses for proprietary software and it might be patent licenses they need But they probably have a process to manage ip risk It's just about getting open source and open source license compliance into that process Or at least make sure that they know about it and they care about it and that they Sort of support you in managing that risk So that they see that this is a risk they should care about and it's it's a risk that fits well into their existing structure and Finally the part about the open source contributions and having a process for that That's about ensuring that if you have valuable patents that You agree is not Would not be better off in an open source setting It might be where you intend to keep a competitive advantage or you actually intend to exclude because that's where you build on top Then of course, there should be a process that ensures that no unintended ip leakage happens and I think that's where Most ip organizations are afraid with open source that they they see that if we contribute we would lose These assets again It's about the information that that risk is is limited in most cases Do what you actually contribute and you're in control and you can put these Processes they shouldn't be too heavy because that hinders contribution But there should be some process that gives sort of peace of mind to everyone right And finally that there is documentation for how all of this is accomplished in lawyer terms. That's about Excuse my language covering your ass To make sure that I have documented all these things There's documentations all the way for all of this So no one can come after me and claim I didn't do anything or that we didn't have a process because it's documented So what's the ip solution then in in terms of what's scary? So what's what's the ip solution? I will think that Either you can go with saying that open source is here to stay deal with it I don't think that's necessarily sort of very productive Instead I think that creating allies out of the the patent department or the ip department Ultimate because ultimately you share a goal in reducing risk And open source license compliance is about reducing risk. It's about us doing the right thing But for the company it's about us reducing risk for them, right? And the more mature the the ip department is the easier is that conversation I mean, I think everyone or most here is familiar with the ospo maturity model I think there's a similar model for ip departments But I think the more mature the ospo the more mature the the ip department I think We are probably better off speaking to each other at that level If one is very immature and one is very mature Then there is a disalignment in sort of the levels people are talking at So I'll skip this but but the ip department's Maturity model then we can compare that to the the ospo maturity model But essentially I mean stage zero that's establishing an ip department. I think that With ospo's we probably will get to the same state with us with an ip department It's just something you have right. It's just good operations. Someone needs to manage that I don't think there's any major company today that questions need to have an ip department Or a patent department that manages patents and trademarks and trade secrets Hopefully we would get there with With ospo's as well. It's not something that's questioned. It's just parts of good operation If it's called an ospo if it's called an open source office if it's called the open source group That's less important, right? But but having somewhere where you manage open source Hopefully get there so stage one of the maturity Model is really having an ip strategy just on patent patent not just anything that's patentable, right? Because I think most Most companies have more patentable ideas than their budget to file patents There's a good reason for that. You don't need to patent every idea. It's no point. It should support your strategy Second stage is very similar to To the ospo stage it's about providing ip education awareness and services internally Making sure that people are aware that that they should file patents and and sort of how they can be used in the business third stage is viewing ip as a business asset that can create value slash licensing income But the fourth stage I would say is exactly identical to the To the ospo model in terms of leadership that Become a strategic business decision making partner for the company and for the other parts of the company And here I will say it's would be especially important to become that to the ospo And for the ospo to be a strategic partner for the ip department I will say we are not there with ericsson, but I would like us to get there um Further some Addressing some of the concerns here that open source is scary with that education, right? Educator ip organization Uh, they should be part of your open chain education program if they Are not already at least some of the managers should be So that they get an understanding for open source what it is what its potential benefits are then It's a very different the part about the different mindset I mean find common values agree to move forward with what's best for the business Because in fact sometimes there will be hard trade-offs that needs to be made. This is a valuable patent If we make this open source contribution that will be made really available for anyone in this community Okay, that that's a liability for the ip department But the business value of making that contribution might be much much higher in terms of what you get back, right? And sometimes the opposite might be true the value of this patent is actually greater than than the value of this contribution so The the the idea is is not to optimize for your team. It's to optimize for the company, right? And that's putting ego and short-sighted thinking aside and that's very hard to do But at least agreeing on that baseline is very good The fact that there's very little common language that exists between ip and open source I think education there again And using open chain as a common language and understanding that in terms of of ip the ideal Ideology of open source and the sort of all the touch of feeling good reasons why we should do open source doesn't apply, right? It's it's not really applicable to that So it's about using open chain as sort of a very hard coded Hard coded translation guide essentially and get an understanding that The ip team doesn't necessarily view open source As any different from anything else. It's it's just an ip dependency a third party ip dependency They'd not control but where they the difference between Normal ip dependencies is that they would have negotiated that they would have been negotiated contract that that created that You don't negotiate open source licenses. You take them as is The other scary part here That I didn't cover in this slide is probably the fact that a lot of these licenses They lack sort of basic legal provisions In terms of there's very few licenses that has you know a choice of law provision, right? Or a conflict resolution clause Or penalties clause except for that your license is cancelled Those are like very basic provisions that as a lawyer you're taught that all agreements should have these things Very few open source licenses do and for very good reason I don't think we've seen any successful or major open source licenses that have a choice of law provision For example, and I mean that that could be a liability, but it certainly helps with uptake I think probably one of if not the least successful open source licenses Was the airline public license which ericsson released in 99 and it had the funny clause that The in terms of dispute the the governing law was swedish law And the where you should go to settle the matter was the stock on district court And I think that was part of hindering its uptake Because if you're a lawyer at the japanese or a chinese or for that matter a u.s company you look at this in like Sweden I don't know if that's where they make the chocolate or the watches or if that's ikea I know even less about their laws. I'm not going to recommend my client to use this Because I don't know anything about and I can't in good faith advice I mean you probably have more lawyers in the u.s than you have swedish people so It just shows that it's not really a good idea to always craft the perfect license, right It was a very good license from a legal point of view from an open source point of view and an adoption point of view Horrible and that's why we changed it to a patchy Some 20 years later Perhaps a little bit too late, but but at least we did it eventually um So sorry that was sidetrack back back to my slide here On the different missions. So the ip team wants to maximize the value of the company's ip portfolio and protect that value I think sort of here The goal to come over that is really prove that making it available as open stores Is the best way to do that that you get greater value from this ip by making it available Because you will get all of these other benefits and I were super happy with the sony presentation Before just showing the value of data, right? And it's the same here if you can have a data driven approach to prove this Then I think you will have a very easy time convincing everyone Because ultimately It's it's what the ip team wants is just to maximize the ip It's not that they don't want you to do things they just want to maximize the value of the ip because that's the asset They're they're there to protect and if you can prove that this enhances the value of the ip Or at least it doesn't decrease the value of the ip then I think everyone is happy different ideologies, I think it's sort of Sure, we have different approaches to things and collaborations, but fundamentally We should share the same ultimate goal of success of the organization and the company we're in So again aligning on that fundamental and agreeing that sometimes it will mean that sort of your interest will have stand back Sometimes my interest will have to stand back and sometimes You know the business unit's interest will have to stand back for sort of the greater good of the company And open source is As I said, it's it's copyright. It's fundamentally hard to manage that But I think at least bring it up that we probably have a large part of our ip assets in this company That is completely unmanaged because no one is taking overall responsibility for the ip that is open source You are taking responsibility for the patents for the trademarks, but those are easy to track right so we probably in the same way as we we Need to evolve to take Take data seriously and actively manage that. We need to actively manage copyright and and and open source So again, if I haven't already convinced you on On why open chain? I think it's it's Japan proves this very well. There's a very very active community around open chain That could help you in adoption And we have for for example for the ip topic We have a white paper published that I co-wrote with a colleague For other things we have other resources, but the point here is you don't have to reinvent the wheel when adopting open chain There's there's so much already done the github is A that we have is a great resource. It's somewhat unstructured and perhaps we should look at that, but it's still a great collection of resources And if you then in trying to adopt open chain if you can get the ip or patent department on your side in this As a risk reduction tool I think you will have Gained a lot because they have access to Different parts of the company and different parts of the organization. You are probably don't have the same access to So they can really help you champion in this So another point of open chain is that i'm a lawyer by training But probably not my profession these days is Lawyers are expensive and to any lawyer in the room. I'm sorry, but that's the truth, right? We're very expensive So they should spend less time Negotiating non-value ads with your customers And non-value ads is like what is good compliance? How should our open source compliance program looks like? What should our espom look like instead saying we're open chain conformant And we're going to deliver you an espom according to this new spdx profile, for example That's that's removing so much friction From the conversation and i've been part of a lot of conversations with our customers Where it's sort of we start from from a position that they don't really understand open source, right? So we first need to convince them that it's not scary and we can use this And having open chain is part of that discussion and showing that this is the industry standard This is how people are managing this you don't really need to be worried about us Not managing this Good or that we introduce any risk to you because we use the industry standard and how we manage open source And for those of you that haven't joined open chain Especially if you're from from industries that are sort of underrepresented in open chain I think one of the reasons that ericsson joined open chain is that we wanted to define to our industry what good What good practices Are in in open source compliance Because otherwise again, we will face Different requirements from different customers in different parts of the industry requiring us to do different stuff If we instead join up we can define to the industry. These are best practices This is how things should be done and aligning everyone to that same vision And again, it's it's about if if you sort of Require open chain from your your suppliers. I think it helps to have the credibility to be involved in this And to be certified yourself even if it's a self certification. I think that really helps in in your credibility And Finally again, you don't have to go at this alone It's it's sort of the open chain community is definitely there to help you We have many many different working groups. We have many many different Different for us for people to meet to talk We have the open compliance summit next week. We're open chain is sort of one of the the major topics that will be discussed But this message rings through for the context of this talk as well that you don't have to do it alone in your company as well Find allies in the company whose mission of risk reduction sort of resonates with your own And get them on your side for for the benefit of rolling out open chain as a mechanism of risk reduction That could be the legal department. That could be the ip department. It could be your security team And then looking at our security specification because that that's it's not a mirror image, but it's very similar to To our license compliance spec So if you adopt one, you will have a very easy journey adopting the others So find those allies and find those communities internally Whose mission and values alliance to your own? I think that will make a Open chain adoption journey so much easier At least it has done that in in in our case Because then then you get a far wider reach So with that any questions Thank you for the great presentation and I have one question How is your hospital configured who is involved in because It's a little difficult to contact with between the ospo to with legal department ip department. It's the first step for us Yes, so so our ospo is from It's organized under the cto office a group function technology And then we sit in the standardization group. I think the One of the ideas with that was that we realized that we need to do open source with sort of the same diligence And the same professionalism that we do that we do open standards So that was one of the reasons to put there. There's other reasons as well So if you're ospo is organized sort of From from ip or from legal Then I think You will have less of these problems, right? I still think that sort of depending on on where you end up you might still need to realign With them from time to times But just definitely I think this this is a problem And this is a view that comes partly at least from the fact that we are Not organized and we're not founded with compliance as sort of the The first mission we had it was just on the list of things we needed to do when we established So we don't come from from a licensed compliance Baseline so we were more like on the contribution and culture baseline without having done that thing first which could create some problems Any other questions if not, I will give everyone five minutes earlier lives back and five minutes earlier coffee