Open Source Software Management & Compliance

Strategic – Efficient – Compliant

Your expert for questions

Marcel Scholze
Director at PwC Germany
Tel: +49 69 9585-1746

Open Source Software: not if, but how

Open Source Software (OSS) is everywhere – in consumer electronics, household appliances and medical technology, from automobiles and production lines to enterprise IT and mobile services, in all these areas you can find OSS directly or indirectly. Emerging technologies such as Blockchain, Artificial Intelligence (AI) or Robot Process Automation (RPA) also use Open Source Software.

The progressive digitalisation of products and services and the increasing importance of disruptive technologies means the question for companies is no longer whether but how they use and deploy OSS. “Shared Economy” and developer cooperations avoid in-house capacity bottlenecks and achieve faster time-to-market as well as providing the required openness and transparency.

“I haven’t encountered really well-managed Open Source Software use and compliance in many companies and this has to change. I recommend that you first develop a strategy for OSS deployment on the following basis: what potential do you want to achieve and what risks do you want to avoid.”

Marcel Scholze, Director at PwC responsible for Open Source Software Management and Compliance


{{contentList.dataService.numberHits}} {{contentList.dataService.numberHits == 1 ? 'result' : 'results'}}

Chances and risks of OSS

Through the targeted use of OSS you can save costs and development capacities, at the same time participate in the latest developments, help set standards and become less dependent on software manufacturers. It is, however, important to ensure open source compliance for software licenses to avoid unintentional license violations which could lead to financial, continuity and reputational risks.

Have you seized the opportunities that Open Source Software offers your company and adequately mitigated the risks? Do you have the OSS compliance of your (software) suppliers under control?


Cost and time savings

  • Acceleration of own software development and reduction of time-to-market
  • Elimination of one-off and recurring license costs
  • Strengthened negotiating position with proprietary suppliers

Use and share available knowledge

  • Shared use and exchange of knowledge and development capacities
  • Achieve compliance when applying current OSS frameworks for “Emerging Technologies” (for example for Blockchain, RPA, AI)
  • Inspire, retain and attract digital talents

Become independent

  • Reduction of the vendor lock-in effect
  • Ensure IT security, quality and transparency through OSS communities
  • Influence and participate in the establishment of open standards


Legal risks

  • Requirement to disclose the adapted source code and your own IP
  • Claims for damages
  • Obligation to cease further use (product recall)

Support and further development

  • Termination of OSS developments by the communities (dead-end fork)
  • Liability gap between own product liability and liability for OSS components
  • No obligation for maintenance, support and quality by the communities

Take advantage of our holistic approach to create trust in Open Source Software and use it in the best way possible.

Our support services for setting up an integrated OSS management and compliance programme

OSS Compliance Certification

  • Certification of the OSS management system of (software) suppliers, for instance according to OpenChain or an individualized test program ("OSS Management compliant by PwC")  
  • Support in OpenChain Self-Certification including the preparation and introduction of the necessary documents and processes
  • Global provision of PwC OSS compliance attestation for your clients via the PwC platform

View more


  • Identification and analysis of company-specific OSS opportunities 
  • Identification of the resulting application-specific OSS risks and definition of risk appetite 
  • Definition of strategic OSS focus areas (e.g. specific business areas, application scenarios (Use, Contribute, Create), strategically relevant communities)

View more


  • Design and implementation of an OSS organizational structure (e.g. clarification of central OSS responsibility)
  • Design and implementation of OSS processes (e.g. OSS process for trusted suppliers, contribution process)
  • Documentation of OSS roles (tasks, capabilities and responsibilities)
  • Documentation of the OSS guidelines (e.g. OSS Code of Conduct)

View more

Training and communication

  • Determination of OSS training needs based on the OSS strategy and the OSS role model
  • Design of OSS training courses in suitable formats (e.g. e-learning, classroom)
  • Designing and implementing an OSS communication concept (ensuring that all stakeholders receive relevant OSS information, policies etc.)
  • Structuring OSS information and communication channels (e.g. social OSS intranet, OSS Wiki)
  • Design and implementation of an OSS whistleblower approach

View more

Tools and automation

  • Creation of document templates for processes (e.g. OSS self-assessment and usability check)
  • Creation of guidance documents for (legal) OSS license requirements (e.g. OSS License Charts)
  • Ensuring OSS compliance through source code scanning
  • Support of OSS compliance and risk identification within the scope of due diligence in M&A transactions

View more

Monitoring and improvement

  • Design of a KPI system to monitor and improve the implementation of the OSS strategy.
  • OSS management system maturity assessment including presentation of optimisation measures (assessment according to OpenChain Standard, for example)
  • Conducting (group-wide) OSS surveys to create transparency about OSS usage and OSS compliance (OSS Footprint Analysis)
  • Certification of the OSS management system of (software) suppliers, e.g. according to OpenChain or individualized test program ("OSS Management compliant by PwC")

View more

“If you ask yourself these questions, you can set up the right compliance measures - in-house as well as for external suppliers - and the corresponding processes. The aim is to establish trust in the use of open source software in-house and with your suppliers.”

Marcel Scholze,Director at PwC responsible for Open Source Software Management and Compliance

Contact us

Marcel Scholze

Marcel Scholze

Director, PwC Germany

Tel: +49 69 9585-1746

Charlotte Schaber

Charlotte Schaber

Lawyer, PwC Legal AG, PwC Germany

Tel: +49 89 5790 - 5984

Julian Schauder

Julian Schauder

Manager, PwC Germany

Tel: +49 211 981-4786

Follow us