IP Management

Disclaimer: This skill provides general educational information about intellectual property concepts and practices. It is not legal advice. Always consult a qualified IP attorney before making decisions that may have legal consequences for your organization.

Intellectual property management is the practice of identifying, protecting, and leveraging the intangible assets of an organization - inventions, brand identity, creative works, and confidential know-how. For software companies, IP decisions affect competitive moats, open-source strategy, hiring, M&A, and regulatory exposure. This skill covers the full IP lifecycle: choosing the right protection mechanism, complying with open-source license obligations, managing patents and trademarks, and building policies that prevent IP loss.

When to use this skill

Trigger this skill when the user:

• Needs to choose an open-source license for a new project or repository
• Wants to audit third-party open-source dependencies for license compliance
• Is filing or researching a trademark application
• Needs to protect trade secrets in a company or product
• Is negotiating or reviewing IP assignment clauses in contractor or employment agreements
• Wants to build or review a company IP policy
• Needs to understand the difference between patent, trademark, copyright, and trade secret
• Is evaluating whether to open-source internal tooling

Do NOT trigger this skill for:

• Contract negotiation beyond IP clauses (use a contracts or legal operations skill)
• Software licensing agreements between commercial vendors (SaaS terms, enterprise contracts)

Key principles

1. Protect early - IP rights are often time-sensitive. Patent applications in most jurisdictions operate on a first-to-file basis. Trademark rights are strengthened by early registration and consistent use. Waiting until a product launches to think about IP protection means leaving gaps that competitors can exploit.

2. Open-source licenses have real obligations - Using open-source code is not free of legal risk. Copyleft licenses (GPL, AGPL) impose reciprocal disclosure requirements. Ignoring these obligations can result in forced open-sourcing of proprietary code, injunctions, and reputational damage. Every dependency has a license; treat it as a contract.

3. Trade secrets need active protection - A trade secret is only legally protected if the owner takes reasonable steps to keep it secret. That means access controls, NDAs, confidentiality policies, and employee training. A trade secret shared carelessly in a public Slack channel or leaked through a contractor is lost forever.

4. IP assignment in employment contracts must be explicit - In most jurisdictions, work created by an employee in the scope of their job belongs to the employer by default - but "scope" is ambiguous. Contractor work is often not assigned by default. Every employment and contractor agreement must contain an explicit, broad IP assignment clause. Audit historical agreements before an acquisition.

5. Audit regularly - Open-source dependency licenses change between versions. New hires bring IP from former employers. Contractors create work under unclear ownership. Regular IP audits - at least annually and before any M&A process - catch problems while they are still fixable.

Core concepts

IP types

When to use which:

• Use patents for novel algorithms or technical methods that could be independently reinvented by a competitor.
• Use trademarks to protect brand identity and prevent customer confusion.
• Use copyright to prevent verbatim copying of code and documentation (it is automatic; open-source licenses are built on top of copyright).
• Use trade secrets for formulas, datasets, processes, or architecture that derive value from remaining confidential and cannot be reverse-engineered easily.

Open-source license spectrum

Licenses range from permissive (few obligations) to strong copyleft (reciprocal disclosure required). The spectrum:

Permissive                    Weak copyleft       Strong copyleft
    |                              |                    |
   MIT        Apache 2.0         LGPL          GPL       AGPL
    |              |               |             |          |
Use freely,  + patent grant,  Linking OK,   Modifications  Network use
attribution  + patent peace   but mods to   must be GPL    must be AGPL
only         clause           lib = LGPL

See references/license-comparison.md for a detailed comparison table including BSL (Business Source License) and compatibility matrix.

IP ownership in employment

Default rules (varies by jurisdiction):

Risk at M&A: Acquirers conduct IP due diligence. Missing assignments, unclear contractor agreements, and "moonlighting" projects create escrow holdbacks and deal risk. Audit before starting any fundraising or acquisition process.

Common tasks

Choose an open-source license

Decision matrix:

1. Do you want to allow proprietary use without sharing back?
   YES -> Go to step 2
   NO  -> Choose GPL-3.0 (or AGPL-3.0 if server-side use matters)

2. Do you want a patent grant to protect users?
   YES -> Apache-2.0 (preferred for corporate use)
   NO  -> MIT (simplest, most permissive)

3. Is this a library that will be linked into proprietary apps?
   YES -> Consider LGPL-2.1 or MIT/Apache (LGPL allows proprietary linking)
   NO  -> MIT or Apache-2.0

4. Do you want a time-delayed open-source commitment (startup model)?
   YES -> BSL (Business Source License) with a defined change date

5. Is this infrastructure software where SaaS competition is the concern?
   YES -> AGPL-3.0 (requires disclosure even for network use)

Practical recommendations:

• Libraries intended for broad ecosystem adoption: MIT or Apache-2.0
• CLI tools and standalone applications: MIT, Apache-2.0, or GPL-3.0
• Server software where you want to prevent closed-source forks: AGPL-3.0
• Commercial open-core products: BSL with 4-year change date to Apache-2.0 or GPL

Audit open-source dependencies

Compliance audit process:

1. Inventory all dependencies - Run a software composition analysis (SCA) tool:

   • Node.js: license-checker, licensee, or fossa
   • Python: pip-licenses or licensecheck
   • Java/JVM: license-maven-plugin or gradle-license-plugin
   • Go: go-licenses
   • Multi-language: FOSSA, Snyk, or Black Duck

2. Classify by risk tier:

   Tier	Licenses	Action
   Green	MIT, BSD-2, BSD-3, ISC, Apache-2.0	Approved; attribution required
   Yellow	LGPL-2.1, LGPL-3.0, MPL-2.0, CDDL	Legal review required; use restrictions apply
   Red	GPL-2.0, GPL-3.0, AGPL-3.0, SSPL	Block unless product is also open-source
   Unknown	No license, custom license	Block; contact maintainer or find alternative

3. Generate NOTICE/CREDITS file - Include all required attributions. Apache-2.0 requires reproduction of the NOTICE file. MIT requires copyright notice.

4. Track license changes on upgrades - Licenses can change between major versions (e.g., BSL projects that have not yet reached their change date may tighten terms).

5. Automate in CI - Add SCA tool to CI pipeline. Fail the build on Red-tier licenses appearing without explicit approval.

File a trademark application

Process (US - USPTO; adapt for other jurisdictions):

1. Clearance search - Before filing, search the USPTO TESS database and common-law sources (web, app stores, domain registrations) for confusingly similar marks in the same class. A conflicting mark is grounds for refusal or opposition.

2. Identify goods/services class - Trademarks are registered per Nice Classification class. Software products typically use Class 42 (software as a service) and/or Class 9 (downloadable software). Registering in the wrong class provides no protection.

3. Choose filing basis:

   • Use in commerce (1(a)) - Mark is already in use. Requires specimen showing use.
   • Intent to use (1(b)) - Mark is not yet in use. Requires Statement of Use filing before registration is granted.

4. File the application - Via USPTO TEAS Plus (lower fee, stricter requirements) or TEAS Standard. Include: mark drawing, goods/services description, filing basis, specimen (if use-based).

5. Respond to office actions - Examiner may issue office actions requesting clarification or raising refusals. Respond within 3 months (extendable to 6).

6. Maintain the registration - File a Section 8 Declaration of Use between years 5 and 6 after registration, and renew every 10 years. Failure to maintain = cancellation.

International: Use the Madrid Protocol via WIPO to file in multiple countries with a single application based on a home-country registration or application.

Protect trade secrets

Trade secret protection program:

1. Identify what qualifies - Document all information that has economic value from being secret: source code, ML model weights, pricing algorithms, customer lists, roadmap, formulas. Create and maintain a trade secret register.

2. Access controls - Restrict access to need-to-know. Use role-based access in code repositories, databases, and documentation systems. Log all access.

3. Agreements:

   • All employees sign NDAs and IP assignment agreements on day 1.
   • All contractors sign NDAs before receiving any confidential information.
   • Review agreements of new hires for non-competes or IP ownership conflicts from prior employers.

4. Physical and digital security - Encrypt sensitive data at rest and in transit. Enforce MFA on systems holding trade secrets. Monitor for and respond to data exfiltration alerts.

5. Offboarding procedure - Revoke access on the day of departure. Collect devices. Send a reminder letter referencing ongoing confidentiality obligations. For senior departures, consider exit interviews with counsel present.

6. Response to misappropriation - If a trade secret is leaked: preserve evidence, engage counsel immediately, assess Defend Trade Secrets Act (DTSA) claim in the US, seek injunctive relief before the information spreads further.

Manage a patent portfolio

Key decisions:

• File or not? Patents are expensive ($15k-$50k+ per patent to grant in the US) and take 2-4 years. File only for inventions that are novel, non-obvious, useful, and represent a real competitive moat or defensive value.

• Provisional vs. non-provisional - File a provisional patent application first ($3,200 small entity / $1,600 micro entity) to establish a priority date cheaply. You have 12 months to file the non-provisional application.

• Defensive publication - If you do not want to file a patent but want to prevent competitors from patenting an invention, publish a defensive disclosure (e.g., via IP.com or the Linux Foundation's Open Invention Network).

• Patent maintenance - US utility patents require maintenance fees at years 3.5, 7.5, and 11.5 after grant. Missing a fee abandons the patent. Track all deadlines.

• Patent landscape analysis - Before entering a new technical area, commission a freedom-to-operate (FTO) analysis to identify blocking patents. Do not rely on in-house engineers to self-assess FTO risk.

Handle IP in contractor agreements

Minimum required clauses:

1. IP assignment - "All work product, inventions, and deliverables created by Contractor in connection with this agreement are hereby assigned to [Company], including all intellectual property rights therein."

2. Work-for-hire language - Include "to the extent any work product qualifies as a work made for hire under 17 U.S.C. § 101, it shall be a work made for hire."

3. Prior IP carve-out - Require contractor to list any pre-existing IP they intend to use in deliverables. Obtain a license to that IP, or prohibit its use.

4. Non-disclosure - Contractor agrees to keep all Company confidential information secret during and after the engagement.

5. No third-party IP - Contractor warrants that deliverables do not infringe third-party IP and do not incorporate GPL/AGPL code without written approval.

Red flags to investigate during contractor onboarding:

• Contractor previously worked on a competing product in the same technical area
• Contractor has a prior employer IP assignment that may cover the work
• Contractor intends to use their own open-source libraries under copyleft licenses

Create an IP policy

Minimum viable IP policy for a software company:

1. Scope - What IP the policy covers (code, inventions, trademarks, data, documents).

2. Ownership - All IP created by employees within the scope of employment belongs to the company. All IP created by contractors under agreement belongs to the company.

3. Open-source use policy - Approved license tiers (Green/Yellow/Red classification). Process for requesting approval of Yellow or Red licenses. Prohibition on committing AGPL/GPL code to proprietary repositories without legal review.

4. Open-source contribution policy - Process for contributing company code to external open-source projects. Requires manager + legal approval for non-trivial contributions.

5. Trade secret handling - Definition of confidential information. Access control requirements. NDA requirements for third parties.

6. Reporting obligations - Employees must disclose inventions to the company within 30 days of creation. Use a standard invention disclosure form.

7. Enforcement and review - Policy reviewed annually. Violations are a disciplinary matter.

Anti-patterns

Gotchas

1. AGPL dependencies in SaaS products require full source disclosure - AGPL's "network use" clause means that if your SaaS product runs AGPL-licensed code on a server that users interact with over a network, you must provide the complete source code of your entire application to those users on request. This applies even if you never distribute the binary. Run SCA tooling with an AGPL check before adding any dependency.

2. Contractor IP assignment must predate the work, not follow it - An IP assignment clause signed after the work is created may not be enforceable in some jurisdictions - the contractor may argue there was no consideration. Require signed agreements before repository access is granted and before any work begins, without exception.

3. Provisional patent applications create a false sense of protection - A provisional application secures a priority date but provides no actual patent protection. If you miss the 12-month deadline to file the non-provisional application, the provisional expires and the priority date is lost. Calendar the deadline at filing and treat it as a hard deadline, not an advisory.

4. Trademark "use in commerce" specimens must show actual use, not intended use - The USPTO will reject specimens that show a mock-up, website screenshot with no purchase path, or a product page that doesn't yet sell. The specimen must show the mark used in connection with the actual sale or transport of goods or services. File on an intent-to-use basis if the product isn't launched yet.

5. New hires may bring IP obligations from their previous employer - Work created by an employee that relates to their former employer's business may still belong to that employer, regardless of what your employment agreement says. For engineers hired from direct competitors, have counsel review any prior IP assignment agreements before they begin work in the same technical area.

References

For detailed guidance on specific IP management domains, load the relevant file from references/:

• references/license-comparison.md - open-source license comparison table (MIT, Apache-2.0, GPL, LGPL, AGPL, BSL), compatibility matrix, and use-case guidance

Only load a references file when the current task requires it.