Perspective | Legal Risks for Companies Downloading and Using Pirated Software

The author believes that pirated software is not simply “non-genuine software”; rather, any software used without the authorization of the software copyright holder or beyond the scope of such authorization qualifies as pirated software. The defining characteristic of pirated software is its infringement upon the copyright holder’s exclusive rights. According to Article 8 of the “Regulations on the Protection of Computer Software,” the copyright holder of software enjoys, by law, rights including the right to reproduce, the right to distribute, and the right to transmit via information networks. Any software that exercises these rights without permission falls within the legal definition of piracy.

The types of pirated software confirmed in judicial practice include:

1. Cracked version: Activated via the KMS activation tool, Registration machine Software versions that use technical means to bypass the copyright holder’s protective measures;

2. Pirated copies: Copies created by unauthorized duplication of legitimate installation files;

3. Unauthorized Use Version: For example, using single-user licensed software on multiple devices, or using enterprise-level software beyond the permitted number of users;

3. Third-party pre-installed unauthorized version: Software pre-installed by device suppliers or service providers without authorization.

Regardless of the method of acquisition, the aforementioned software constitutes an infringement on intellectual property rights.

The ways in which enterprises use pirated software exhibit diverse characteristics, including both proactive acquisition and passive involvement. These primarily fall into the following four categories:

Illegal downloading: This is the most common approach. Enterprise technical personnel download files marked with “ Greening Edition “Cracked” software often comes with tools such as registration generators and crack patches on certain platforms, allowing users to bypass legitimate verification altogether. For example, construction companies download cracked project management software from engineering forums to use in municipal construction projects, aiming to cut costs. Similarly, machinery manufacturers download and install CAD development software from open-source websites for the design of their own products.

Third-party unauthorized provision: When pre-installing systems, computer vendors sometimes install pirated office software to lower their quoted prices; or IT service outsourcing companies, in an effort to cut service costs, provide enterprises with unauthorized copies of software. For instance, a manufacturing company discovered that its assembled computers had been pre-installed with pirated CAD software by the supplier, ultimately leading to an infringement dispute.

Employee installation: Employees download and install pirated software on company devices for their personal work tasks, or they copy pirated software used at home onto company devices, or they log into pirated software accounts using their personal social media accounts. If the company has not established a mechanism to control software usage, such actions can easily lead to corporate liability for infringement.

Use beyond the scope: Although the company purchased genuine licenses, it expanded the scope of usage by duplicating installation packages and sharing activation codes in order to cover more devices. This semi-genuine state also constitutes infringement. For example, a certain technology company purchased 10 genuine licenses. EDA software However, it was installed and used on 20 devices and ultimately faced prosecution for exceeding authorized limits.

In the face of accusations of copyright infringement and piracy, companies do have room to mount a defense—but they must rely on legitimate grounds and a complete chain of evidence. In judicial practice, there are three main types of effective defenses:

Verify the software's legal origin: This is the most direct and effective defense against liability. Enterprises must provide comprehensive evidence, such as procurement vouchers, authorization agreements, and invoices, to prove that the software in question was obtained from the manufacturer or a legitimate distributor and that its scope of use did not exceed the terms of the authorization. For example, when a company was accused of using pirated Office software, it submitted Microsoft’s Volume Licensing (VL) bulk licensing agreement and payment receipts, and the court ultimately ruled that no infringement had occurred.

Advocating for the transfer of third-party liability: If pirated software is pre-installed by the device supplier or provided by an outsourcing vendor, companies can invoke the “software compliance guarantee clause” in their contracts to assert that liability should be borne by the third party. For instance, when a company discovered that the Windows system pre-installed by its computer supplier was pirated, it successfully shifted the responsibility for compensation to the supplier by relying on the contractual provision stating that “the supplier guarantees the authenticity of the pre-installed software.” However, the company must also prove that it was not at fault.

Proof of no subjective intent: In cases where employees privately install pirated software, companies can provide evidence—including the anti-piracy provisions from the Employee Handbook, records of compliance training, and regular audits of software assets—to demonstrate that they have fulfilled their management obligations and acted without any subjective intent to infringe. However, this defense can only mitigate liability and is unlikely to result in complete exemption from responsibility. In commercial settings, defenses such as “fair use” or “lack of knowledge about piracy” are generally considered ineffective. Judicial practice has made it clear that, as commercial entities, companies have a duty of care to verify the legality of software and cannot rely on claims of “unawareness” as a defense.

In light of provisions from the Copyright Law, the Criminal Law, and other relevant regulations, as well as typical case examples, enterprises that use pirated software will face triple risks—civil, administrative, and criminal—and may even trigger a chain reaction of operational crises.

Civil torts represent the risk that businesses are most likely to encounter. As long as there is commercial use involved, copyright holders can claim compensation. The amount of compensation is calculated in a tiered manner according to the formula: “Actual Losses – Illegal Gains – Multiple of Licensing Fees.” When it is difficult to determine the exact amount, the court may refer to a multiple of 1 to 5 times the licensing fee. In cases of particularly serious circumstances, punitive damages may also be awarded. In 2015, Dassault Systèmes of France sued Zhongshan Xinhai Company for pirating and using SOLIDWORKS software [Case No.: (2015) Yue Zhi Fa Zhu Min Chu Zi No. 4]. In the first-instance judgment, the court calculated the compensation by multiplying RMB 38,000 per software suite by 65 units, arriving at a total of RMB 2.47 million. The court ruled that Xinhai Company must compensate Dassault Systèmes for economic losses in the amount of RMB 2.47 million.

According to Article 24 of the Regulations on the Protection of Computer Software, enterprises shall bear civil liabilities including ceasing the infringement, eliminating the adverse effects, making public apologies, and compensating for losses. If the infringement also harms the public interest, the copyright administrative authority shall order the cessation of the infringing acts, confiscate the illegal gains, seize and destroy the infringing copies, and may impose a fine as well. In cases of serious circumstances, the copyright administrative authority may also confiscate materials, tools, equipment, and other items primarily used for producing infringing copies. In cases that constitute criminal offenses, criminal penalties shall be imposed in accordance with the Criminal Law. Crime of Infringement of Copyright The provisions on the crime of selling infringing copies shall be enforced, and criminal liability shall be pursued in accordance with the law: (1) copying or partially copying software protected by copyright; (2) distributing, renting, or transmitting via information networks software protected by copyright to the public; (3) intentionally circumventing or disabling technical measures adopted by the copyright holder to protect their software copyright; (4) intentionally deleting or altering electronic information related to rights management in the software; (5) transferring or licensing others to exercise the copyright holder’s software copyright. For those engaging in any of the behaviors described in the preceding paragraphs (1) or (2), a fine of 100 yuan per item or between one and five times the value of the goods may also be imposed. For those engaging in any of the behaviors described in paragraphs (3), (4), or (5), a fine of up to 200,000 yuan may also be imposed. For example, in 2019, the Market Supervision Administration of Ganzhou City issued Administrative Penalty Decision No. (Ganzhou) Shijian (Qi) Penalty [2019] No. 4 against the First People’s Hospital of Longnan County for using pirated “Medical Imaging Information System (PACS) Software (copyright owned by Shenzhen LanYun, version: 7.0 Build 0908201)” and “Mingwei Medical Imaging System [abbreviated as: PACS] V8.0.” The decision ordered the confiscation of illegal gains totaling RMB 161,000.00 and imposed a fine equal to twice the value of the goods, amounting to RMB 322,000.00. The total amount of fines and confiscated funds amounted to RMB 483,000.00.

Serious instances of pirated software use will constitute criminal offenses, violating Article 217 of the Criminal Law—the crime of infringement upon copyright. For example, a technology company that sold and used cracked EDA software for its own purposes, illegally profiting 3 million yuan, saw its legal representative sentenced to five years in prison and the company fined 2 million yuan. According to a case released by the Ministry of Public Security in 2025, a senior executive of a certain enterprise instructed employees to use pirated design software; because the illegal gains reached 400,000 yuan, the executive was sentenced to three years in prison and fined an additional 500,000 yuan personally. Criminal liability not only can destroy an individual’s career but also bring catastrophic consequences to the enterprise itself.

Using pirated software can also trigger a hidden crisis: A multinational corporation was exposed in India for using pirated engineering software, an incident that led to serious consequences. According to reports, three European and American clients terminated their cooperation with the company as a result, causing the company to lose over 200 million yuan in annual revenue. This incident not only had a direct impact on the company’s financial interests but also severely damaged its reputation. For companies planning to go public, mandatory disclosure of any litigation involving piracy could directly lead to the postponement or even cancellation of their IPO.

The core of mitigating the risks associated with pirated software lies in establishing a systematic compliance framework that integrates cost control with enhanced management, thereby striking a balance between legality and efficiency.

1. Standardized Procurement and Customization: For software that is indispensable in the course of a company’s production and business operations, prioritize procurement from manufacturers or authorized distributors. Customize software modules to meet the specific needs of the company’s business activities, and retain complete documentation such as licensing agreements and invoices. At the same time, clearly specify in the procurement contract the supplier’s responsibility for ensuring software compliance, thereby maximizing the utilization of the software’s core functions to support the company’s production and business activities while minimizing procurement costs.

2. Establish a software asset ledger: Conduct comprehensive regular inventories, recording software names, versions, installed devices, authorization types, and expiration dates to establish a “one person, one device, one record” management model. At the same time, carry out company-wide training sessions to highlight the dangers of pirated software and develop clear rules for software download and usage. Include a clause prohibiting the use of pirated software in the Employee Handbook, and provide intellectual property training to new employees upon onboarding. Organize at least two specialized training sessions annually and keep detailed records. Implement access control measures for the technology department, strictly prohibiting the unauthorized installation of unapproved software. Establish a standardized process for “software installation requests—review—registration.”

3. Low-cost alternative: For non-core business requirements, open-source software can be used as a substitute, such as using... LibreOffice Replace Office with GIMP, or replace Photoshop with GIMP; alternatively, apply for government subsidies for software legalization—some regions offer financial subsidies to small and medium-sized enterprises for purchasing genuine software, thereby reducing compliance costs.