Hungary: Software procurement

Considerations to prevent legal problems
17 Feb 2025    4 minute read
Digital Transformation Cybersecurity & Data Privacy

In brief

  • In case of developing custom-made software, it is important what rights remain with the developer.
  • For "off-the-shelf" software, it is key to properly reflect the buyer's specific needs in the license terms.
  • Whether an existing software can be lawfully customized may depend materially on the technical details of the subsequent development and the license terms of the existing software.
  • Software support services should be already considered during procurement.
  • If confidential information is processed with the software, secret protection and data protection compliance are key.

Contents

In more detail

Digital transformation has become a priority for all major companies. This is being driven only further by the spread of artificial intelligence's commercial use cases and ever-tightening data protection and cybersecurity regulations. However, procuring enterprise software (concerning both the development of custom-made software and "off-the-shelf" software developed for mass use) may give rise to various legal issues. Promptly identifying and addressing these issues can help prevent considerable legal and operational expenses, as well as other inconveniences.

In the case of custom-made software, it is important, among other things, to understand what rights remain with the developer. The software's source code may be protected by copyright, and the solutions included in the software individually ordered by the buyer may be based on valuable trade secrets or know-how. A key issue may be whether the developer would be entitled to resell the developed software, either in its original or partially modified form, to third parties, including the buyer's competitors. It is also prudent to consider which rights the buyer should acquire to meet their specific needs and have this reflected in the software development agreement. Is it necessary to acquire all economic rights in relation to the software to be developed, or is it sufficient to obtain a license to use the software? Naturally, if the buyer company chooses to obtain a license, the scope of the license is also crucial. As one may expect, the scope of rights obtained and the scope of a license might also have an impact on pricing.

In the case of "off-the-shelf" software, service providers often implement general terms and conditions. However, such terms and conditions are sometimes overly general or do not govern key matters, which might prevent the buyer company from using the software in the way it intended. A typical mistake is when the buyer procures the software to use it at the group-level or together with its retail network, but this is not reflected properly, from a legal perspective, in the license terms, which results in other group members or retailers not being entitled to use the software. In the event of unlawful use of the software or use that goes beyond the terms of the software license agreement (the license terms), the right holder of the software might, for example, make claims against the buyer for license fees after the unlawful use.

The buyer should also take the time to consider, even at the time of procurement whether they plan to later order unique additional developments (enhancements) to the software, as the case may be, from a software developer who is different from the original supplier. This is because the lawfulness of those enhancements may depend, to a great extent, on the technical details of the relevant enhancement and the license terms of the existing software.

The buyer's to-do list is not completed just with the purchase of the software license. To use the software properly, it is essential to integrate it into the already-existing IT environment, handle any technical and user problems, install — and, as the case may be, develop — necessary updates and train employees to use the software. The buyer should already be considering these tasks at the time of concluding the contract in relation to the software. In the case of custom-made software, it is also worth considering whether the buyer "chains" itself to the software developer. If so, it is advised to agree on (and, ideally, include in the relevant contract) the magnitude of foreseeable technical support fees.

Finally, if the software's operation involves the processing of confidential information (e.g., personal data or trade secrets), the buyer must comply with applicable law and, as the case may be, with the terms of its contracts with its business partners (e.g., provisions related to confidentiality and data processing) when using the software. Relevant regulatory and contractual breaches might not only have serious legal consequences but might also raise trust issues from the business partners' perspective. Therefore, it is always recommended to analyze the software and the contract for its use from a data protection and confidentiality perspective and take the necessary measures. These include assessing and documenting the management of potential confidentiality and data protection risks, preparing the relevant data privacy documentation or updating existing documentation, and negotiating appropriate data privacy and confidentiality provisions for the contract with the vendor.

If the software transmits personal data to the supplier's servers (e.g., in the case of cloud hosting), some servers may be located outside the European Economic Area, which might result in additional legal and practical risks for certain countries (e.g., India, China or, in certain cases, the United States). In such cases, the buyer should analyze whether the European Commission has adopted an "adequacy decision" regarding data protection for the country of destination. If there is none, the buyer should assess the measures under which the transfer may be lawful.

The protection of personal data is also important during software development and bug (defect) fixing. Such data may be processed for testing only in justified cases. In these instances, where possible, it is recommended to substitute personal data with fictive data.

Contact Information
Dr. Gaál András LL.M.
Associate
Budapest
Read my Bio
andras.gaal@bakermckenzie.com

Copyright © 2025 Baker & McKenzie. All rights reserved. Ownership: This documentation and content (Content) is a proprietary resource owned exclusively by Baker McKenzie (meaning Baker & McKenzie International and its member firms). The Content is protected under international copyright conventions. Use of this Content does not of itself create a contractual relationship, nor any attorney/client relationship, between Baker McKenzie and any person. Non-reliance and exclusion: All Content is for informational purposes only and may not reflect the most current legal and regulatory developments. All summaries of the laws, regulations and practice are subject to change. The Content is not offered as legal or professional advice for any specific matter. It is not intended to be a substitute for reference to (and compliance with) the detailed provisions of applicable laws, rules, regulations or forms. Legal advice should always be sought before taking any action or refraining from taking any action based on any Content. Baker McKenzie and the editors and the contributing authors do not guarantee the accuracy of the Content and expressly disclaim any and all liability to any person in respect of the consequences of anything done or permitted to be done or omitted to be done wholly or partly in reliance upon the whole or any part of the Content. The Content may contain links to external websites and external websites may link to the Content. Baker McKenzie is not responsible for the content or operation of any such external sites and disclaims all liability, howsoever occurring, in respect of the content or operation of any such external websites. Attorney Advertising: This Content may qualify as “Attorney Advertising” requiring notice in some jurisdictions. To the extent that this Content may qualify as Attorney Advertising, PRIOR RESULTS DO NOT GUARANTEE A SIMILAR OUTCOME. Reproduction: Reproduction of reasonable portions of the Content is permitted provided that (i) such reproductions are made available free of charge and for non-commercial purposes, (ii) such reproductions are properly attributed to Baker McKenzie, (iii) the portion of the Content being reproduced is not altered or made available in a manner that modifies the Content or presents the Content being reproduced in a false light and (iv) notice is made to the disclaimers included on the Content. The permission to re-copy does not allow for incorporation of any substantial portion of the Content in any work or publication, whether in hard copy, electronic or any other form or for commercial purposes.