IBM United Kingdom Limited v LzLabs GmbH & Ors

The court found that Winsopia breached its IBM Customer Agreement (the ICA) by carrying out and facilitating extensive reverse‑engineering and related uses of licensed IBM mainframe software (including disassembly, decompilation, use of compiler listings and debugging traces, and transfer of inadequately 'scrubbed' materials). The judge construed the ICA as licensing "ICA Programs" and their component parts and held that many of the defendants' activities fell outside the contractual authorisations. The court held that the Software Directive (2009/24/EC) and the relevant CDPA provisions (notably sections 50A, 50B, 50BA and 50C) permit limited acts of observation, study, testing, error correction and decompilation for interoperability but do not authorise the broad pattern of reverse engineering, copying and transfers identified in these proceedings.

The court found that LzLabs and the beneficial owner, Mr Moores, procured and/or encouraged Winsopia’s breaches and that LzLabs, Winsopia and Mr Moores were liable for an unlawful‑means conspiracy. By contrast the two director‑defendants (Mr Cresswell and Mr Rockmann) were held not liable for procurement in their capacity as directors of Winsopia because they fell within the protection of the principle in Said v Butt, having acted bona fide within the scope of their authority in that role. The court also held IBM validly exercised contractual audit rights and validly terminated the ICA. On limitation, the court held the ICA contained a two‑year contractual limitation clause binding as between IBM and Winsopia but that the defendants had deliberately concealed relevant facts; accordingly limitation was postponed until IBM discovered, or with reasonable diligence could have discovered, the concealment.

This is a first instance Technology & Construction Court judgment concerning alleged reverse engineering and misuse of IBM mainframe software supplied under an IBM Customer Agreement (ICA) to Winsopia. IBM (claimant) alleged that Winsopia used its licensed z/OS software and tools to enable LzLabs (developer of the "Software Defined Mainframe" or SDM) to develop software that runs mainframe applications on x86/Linux without recompilation. IBM pleaded breach of the ICA, procurement of breach by other defendants, unlawful means conspiracy and sought declarations, injunctions and damages or an account of profits. The hearing addressed liability only.

Parties and factual background:

• IBM United Kingdom Limited licensed z/OS components to Winsopia under an ICA concluded on 15 August 2013.
• LzLabs GmbH (developer of the SDM) contracted with Winsopia for discovery, testing and related services. Winsopia became a wholly‑owned subsidiary of LzLabs and provided a mainframe test environment.
• The defendants implemented and later relaxed "clean room" procedures (codes of conduct and a discovery request (DR) process, and a CPX scrubbing tool) to permit Winsopia to assist LzLabs while seeking to avoid unauthorised transfers of IBM material.

Nature of claim / relief sought:

• IBM sought declarations on the validity of termination, injunctive relief restraining use of IBM licensed software (and related procurement), and an account/damages for misuse and reverse engineering.
• Defendants counterclaimed that the SDM was developed lawfully and relied on the Software Directive (and CDPA) exceptions for observation, study, testing, interoperability and error correction.

Key issues identified and decided:

1. Construction of the ICA: the court construed "ICA Programs" broadly to include machine‑readable instructions and components (CSECTs, macros, copybooks, compiler‑inserted fragments, etc.) and held the licence and the restrictions (including prohibition on reverse engineering, and prohibition on transfer outside the Enterprise) applied to component parts as well as whole programs.
2. Application of the Software Directive and CDPA: the court set out the scope of Articles 5 and 6 and the corresponding CDPA provisions (sections 50A, 50B, 50BA, 50C and section 296A). It held those statutory exceptions are to be read narrowly and do not authorise wholesale disassembly, transfer and reuse of proprietary parts; contractual provisions contrary to Articles 5(2)/(3) and Article 6 are null and void only to the extent required by the directive, but the statutory exceptions were not engaged for the activities found to be carried out.
3. Alleged technical breaches: the court reviewed in detail many discrete allegations (disassembly of IGZCUST, use of the Load Module Decompiler, compilation listings, traces, SLIP traps, XDC, macros and copybooks, and failures of the CPX scrubbing process). It found many specific breaches of the ICA (detailed in the judgment) and that much of the information had been supplied to LzLabs and used in SDM development.
4. Procurement and conspiracy: the court held LzLabs and Mr Moores procured Winsopia’s breaches and that LzLabs, Winsopia and Mr Moores participated in an unlawful means conspiracy. LzLabs UK’s procurement claim failed for lack of evidence. Directors’ liability: Mr Cresswell and Mr Rockmann were not liable in their capacities as Winsopia directors because they acted bona fide within their authority (Said v Butt defence).
5. Audit and termination: IBM’s audit request was valid under the ICA and Winsopia’s refusal supported termination; alternatively the breaches were repudiatory. IBM’s termination was upheld.
6. Limitation: the contractual two‑year bar in clause 1.11.4 applied between IBM and Winsopia, but the court found deliberate concealment of the Winsopia–LzLabs relationship and related wrongdoing, so limitation was postponed until discovery (or discoverable with reasonable diligence); the clause did not apply to claims against non‑contractual parties.

Concise account of the court’s reasoning:

• On construction the court applied well‑established principles of commercial construction (Arnold v Britton, Rainy Sky etc.) and concluded the ICA’s definitions encompass program components; restrictions therefore extend to CSECTs, macros, copybooks and compiler‑inserted fragments.
• The Software Directive was treated as the background statutory matrix: the court accepted its exceptions (observation/study/testing and decompilation for interoperability) but emphasised their narrowness and that the statutory exceptions do not authorise the broad pattern of reverse‑engineering activities found here.
• On the facts, the DR process, the secondments and the relaxed clean room procedures provided LzLabs with direct access to Winsopia’s mainframe outputs and, often, unredacted internals. The CPX scrubbing and other processes were imperfect and many IBM components were transferred or not adequately redacted; LzLabs subsequently used that material to improve SDM modules. The court found sufficient causal connection to establish procurement and conspiracy liability as to some defendants.
• On limitation the court applied leading authority (including the Supreme Court’s guidance on deliberate concealment and reasonable diligence) and held that deliberate concealment by the defendants postponed limitation until discovery.

Procedural posture and next steps: this is a first instance judgment on liability only; the court adjourned to a later hearing to determine remedies, quantum and consequential relief.

The court found that Winsopia breached the ICA by extensive reverse engineering and impermissible use or transfer of component parts of IBM programmes (CSECTs, macros, compiler outputs, traces and similar materials). LzLabs and Mr Moores unlawfully procured those breaches; LzLabs, Winsopia and Mr Moores were liable in unlawful‑means conspiracy. Mr Cresswell and Mr Rockmann were not liable in their capacities as directors of Winsopia because they acted bona fide within their authority (Said v Butt). The court held IBM’s audit demand was valid and IBM validly terminated the ICA. The court also held that deliberate concealment by the defendants postponed limitation so as to preserve IBM’s claims. The judgment sets out detailed, itemised findings of contractual breach and legal analysis of the Software Directive, CDPA exceptions, procurement and conspiracy doctrines, and limitation principles.