The background

The immediate urgency of the software patent issue has changed character, although as Panos Alevropoulos observed, battles were won, but the war is not over 12. For ordinary users, the threat has shifted from product suppression to invisible royalty stacking. For developers, the battlefield has fragmented across the Atlantic. And for EU governments pursuing digital sovereignty, the old “sword of Damocles”—the failed Software Patent Directive of 2005—has been replaced by a sharper blade: the Unitary Patent Court.

Patents still exist and remain a threat, even when nice-sounding language and seemingly generous grants of IP rights are involved. The difference now is that the defenses available in 2026 are structural as well as legal—but they require precise navigation.

The European Patent Convention (EPC) excludes “programs for computers as such” from patentability under Article 52(2)(c) and (3) EPC 3. However, this exclusion is not absolute. The European Patent Office (EPO) has developed a “two-hurdle” approach (also known as the COMVIK approach) that allows software patents to be granted when they possess a “further technical effect” beyond the self-evident technical effect of running on hardware 3.

The first hurdle—patent eligibility—is remarkably low. A claimed subject-matter possesses technical character if it “uses technical means,” such as a conventional PC or hardware components 3. The second hurdle—inventive step—is where the EPO separates patentable inventions from excluded software. Only features contributing to a technical problem are considered; purely abstract or business-related features are disregarded 3. This approach was confirmed by the Enlarged Board of Appeal in Referral G 1/19 (March 2021), which established that computer-implemented simulations are patentable if they solve a technical problem 3.

However, this legal framework creates a bubble. The EPO has been granting software patents at increasing rates—rising from 2% to 10% under Benoît Battistelli—with plans for further increases under António Campinos, effectively violating the EPC by granting invalid patents that help maintain an otherwise-fast-imploding bubble 4.

The Patent Bubble and Quality Crisis

Software patents are increasingly viewed as a bubble asset class. In the case of the EPO, formal petitions were issued by some of the largest applicants regarding the very low quality of examination work 5. As courts continue to invalidate software patents—particularly in the US following Alice Corp v CLS Bank (2014)—the perceived value of these patents diminishes. When the “AI” bubble pops, patents claiming to cover artificial intelligence will likely lose more than 90% of their presumed value, just as “blockchain patents” collapsed when that hype cycle ended 5.

This quality crisis has sovereignty implications. The EPO operates outside direct EU legislative control, yet its grants determine whether EU companies must pay royalties for software developed with public EU funding (Horizon Europe projects). When the EPO grants software patents—often pushed by US and Asian multinationals—it creates a tax on European digital infrastructure 5.

The Anticircumvention-Patent Intersection: The Double-Bind

Software patents matter less if anticircumvention law dominates the regulatory landscape. As Cory Doctorow argues, redistribution—attempting to recoup losses from Big Tech through link taxes or privacy fines—has largely failed because tech giants simply refuse to obey or algorithmically suppress content to avoid payments 6. The predistributive approach focuses on modifying devices so they do not gather or leak data in the first place. However, anticircumvention laws—such as Article 6 of the EU Copyright Directive (EUCD) or Section 1201 of the US DMCA—make it illegal to modify your phone to block digital spying 6789.

What makes this lethal for developers is the intersection between patent rights and anticircumvention regimes. These laws create a regulatory double-bind that reinforces software patent monopolies even when the patents themselves are invalid or exhausted.

The “Paracopyright” Shield for Patented Processes

Anticircumvention laws create what Professor Dan Burk calls “paracopyright”: a legal right entirely separate from copyright that criminalizes bypassing technological protection measures (TPMs) regardless of whether the underlying work is copyrightable 7. Patents protect functional processes (e.g., a specific algorithm for tractor emission control, a protocol for printer cartridge authentication). Copyright does not protect functional processes. However, if a patent holder embeds their patented process in software protected by a TPM (encryption, authentication handshake, or digital signature), anticircumvention law protects access to the process even when patent law would not 7.

Example:
John Deere holds patents on tractor engine components. They also embed software controls that authenticate parts and regulate emissions. Under traditional patent law, once you buy the tractor, patent exhaustion (Lexmark v. Impression Products, 2017) allows you to repair it 101112. However, the software is protected by TPMs. If you circumvent the software to repair the patented hardware, you violate Section 1201(a) of the DMCA—a criminal offense carrying fines up to $500,000 and five years in prison 1314. The anticircumvention provision effectively resurrects the patent holder’s control beyond the point of sale, circumventing patent exhaustion doctrine.

The Access/Rights Asymmetry and Patent Leverage

The DMCA distinguishes between access controls (Section 1201(a)) and rights controls (Section 1201(b)) 1516. Access controls protect the act of accessing the work (e.g., decryption, passwords); rights controls protect specific copyright rights (e.g., copying, distribution). Circumventing an access control is a per se violation regardless of whether the subsequent use infringes copyright; circumventing a rights control only violates the DMCA if the subsequent use actually infringes copyright 1516.

Patent holders exploit this by deploying access controls. If a patented process is implemented in software behind an authentication wall, a competitor who bypasses the wall to study the interface for interoperability commits a DMCA violation—even if their subsequent implementation does not infringe copyright and even if their use would be permitted under patent law (e.g., for research or independent invention).

In Chamberlain Group, Inc. v. Skylink Technologies, Inc. (2004), the Federal Circuit held that DMCA liability requires a “nexus to infringement”—that is, the circumvention must facilitate copyright infringement, not merely access 171819[^76^]. However, the Ninth Circuit in MDY Industries, LLC v. Blizzard Entertainment, Inc. (2010) rejected this nexus requirement, holding that the statutory text of § 1201 contains no such requirement and that imposing one would “disregard the plain language of the statute” 171820. This circuit split means that in some jurisdictions, merely bypassing an access control to reach a patented interface is illegal, even if you use that access to create non-infringing independent implementations.

The Interface/API Trap

Following Oracle v. Google (2021), APIs are not copyrightable in the US 6. However, anticircumvention law re-copyrights them via the back door. A company patents a protocol or interface method. They implement the protocol in software protected by encryption. Under the DMCA, developing a tool to decrypt the interface to study it for interoperability is illegal unless you qualify for the narrow reverse engineering exemption (17 U.S.C. § 1201(f)) 16.

The § 1201(f) exemption only permits circumvention “for the sole purpose of identifying and analyzing those elements of the program that are necessary to achieve interoperability” 16. It does not permit developing alternative implementations that compete with the original, circumvention for repair purposes (except narrowly for software interoperability), or sharing the circumvention tools with others except “solely for the purpose of enabling interoperability” 16.

Result: Patent holders can use TPMs to turn unpatentable APIs and uncopyrightable functional processes into legally protected monopolies. This directly threatens the “Eurostack”—Europe’s attempt to build independent digital infrastructure—because it prevents European developers from creating interoperable alternatives to US-platform protocols without facing criminal liability.

The Right to Repair Collapse

Modern devices (tractors, medical equipment, IoT) contain: (1) patented hardware (engine components, sensors), (2) copyrighted software (control systems), and (3) TPMs (authentication systems preventing unauthorized repairs). Under traditional patent law, Lexmark established that patent exhaustion prevents post-sale restrictions on repair 101112. However, manufacturers use the DMCA to block access to diagnostic software, effectively neutralizing patent exhaustion 1021.

The US Copyright Office has granted temporary exemptions for agricultural equipment repair (most recently renewed in October 2024), but these exemptions require renewal every three years, do not permit manufacturing or trafficking in circumvention tools (only the act of circumvention by the owner), and do not apply to commercial repair shops in many cases 2122.

The Patent-Anticircumvention Chokehold: Patents cover the physical parts. Anticircumvention laws prevent you from accessing the software necessary to install or calibrate those parts. Even if the patent expires, the software TPM persists, effectively extending the monopoly indefinitely.

The “Double Jeopardy” Problem for Open Source

For open source developers, the intersection creates a double-bind:

  • Patent Risk: The developer might infringe method claims by implementing the protocol.
  • Anticircumvention Risk: If the developer studies the manufacturer’s software to understand the protocol—necessary for clean-room implementation—they violate § 1201(a)(1)(A) unless they can prove the “sole purpose” was interoperability under § 1201(f) 16.

The § 1201(f) exemption only applies to computer programs 16. If the TPM protects firmware embedded in hardware (e.g., a tractor engine control unit), courts may hold that the firmware is not a “computer program” for purposes of the exemption, or that the circumvention was not “solely” for interoperability but also for repair—voiding the exemption 21.

Policy Implications for Digital Sovereignty

The EU’s Cyber Resilience Act (2024) and AI Act (2024) mandate security patching and transparency, but the EUCD Article 6 makes it illegal to circumvent TPMs to perform those patches unless specific exemptions apply 2389. This creates a legal contradiction: EU law mandates repair and security, but EU copyright law criminalizes the technical measures necessary to perform those repairs.

For European digital sovereignty, the combination means that even if Europe develops open source alternatives to US platforms (patent-free), US companies can deploy TPMs that make it illegal for European users to access those alternatives. The Unitary Patent Court (UPC) can then enforce both the underlying patents and the anticircumvention prohibitions across 17+ EU states simultaneously.

SEPs and the Resurrected Reform

Standard Essential Patents (SEPs) represent the primary patent threat to ordinary users and developers in 2026. SEPs protect technology essential to implementing technical standards such as 5G, Wi-Fi, and audio/video compression. Under ETSI policy, SEP owners must license on Fair, Reasonable, and Non-Discriminatory (FRAND) terms, but disputes over what constitutes FRAND are common and costly 24.

In February 2025, the European Commission withdrew its proposed SEP regulation due to lack of consensus in the Council. However, by April 2025, Executive Vice-President Stéphane Séjourné announced that the Commission would look at “every possible route” to resurrect the reforms, including a new proposal or alternative approaches 24. The proposed regulation would have introduced mandatory registration and essentiality checking of SEPs, aggregate royalty-setting mechanisms, and a FRAND determination procedure at the EUIPO before litigation could commence in the Unified Patent Court (UPC) 24.

The withdrawal was welcomed by patent holders but criticized by implementers, particularly in the automotive sector. The UPC has indicated its willingness to set global FRAND rates in appropriate circumstances, creating a parallel forum for SEP disputes that bypasses the EUIPO competence centre 24.

AI and the 2026 IP Landscape

The interplay between intellectual property and artificial intelligence dominated the agenda in 2025 and continues into 2026. The UK Supreme Court is expected to rule in early 2026 on the application of the computer program patenting exclusion to artificial neural networks, while the English Court of Appeal will hear the Getty Images v Stability AI copyright appeal 23.

In the EU, a consultation on text and data mining (TDM) rights reservation is anticipated, along with a referral to the Court of Justice of the EU (CJEU) on the application of copyright rules to generative AI 23. For developers, this means that AI-generated code introduces new uncertainties: training data may include Microsoft-patented techniques, and demonstrating independent creation becomes crucial 23.

Using Microsoft-owned AI tools (such as GitHub Copilot) to implement Microsoft protocols creates potential conflict-of-interest or discovery risks in litigation. Document human authorship carefully, and consider AI-generated code as potentially “contaminated” until proven otherwise 23.

The Microsoft Protocol Examination Process (Updated for 2026)

If you are a developer implementing existing Microsoft protocols, the examination process from 2020 remains relevant but requires significant updates for the current landscape—including checks for anticircumvention traps.

Step 0: OSP Scope Ambiguity Analysis (Non-Deterministic)

Before engaging counsel, determine whether your target protocol falls under the Open Specification Promise (OSP). Following the European Commission’s 2004 antitrust decision and €899 million fine, Microsoft released Exchange Server protocol documentation (MS-OX* specifications, MAPI) under the OSP in 2007/2008 in connection with the Interoperability Principles announced February 2008 25.

Critical Warning: OSP coverage is non-deterministic. The OSP only covers “necessary claims” to implement the specific version of the specification listed. If your implementation uses draft versions, undocumented behaviors (reverse-engineered compatibility quirks), or extensions beyond the published specification, you may fall outside the covenant 25.

The OSP is a risk reduction mechanism, not a legal shield. When in doubt, proceed to full patent examination.

Step 1: Anticircumvention Trap Detection

Before writing code, determine whether the protocol implementation requires:

  • Bypassing authentication handshakes or encryption (DMCA § 1201(a) violation) 1516
  • Circumventing copy protection to study the interface (DMCA § 1201(b) violation) 1516
  • Reverse engineering firmware protected by TPMs (exemption § 1201(f) is narrow and does not apply to repair or commercial tools) 16

If the protocol requires circumvention to achieve interoperability, consult counsel on the Chamberlain vs. MDY Industries circuit split and the applicability of the reverse engineering exemption to your specific jurisdiction 171820.

Step 2: Defensive Publication (Zero-Cost Shield)

Before writing implementation code, publish your technical approach on a defensive publication database (Linux Defenders, IP.com) or a timestamped GitHub repository with clear technical descriptions. This creates prior art that prevents others from patenting the technique later and serves as evidence during any subsequent examination 5.

Step 3: Check the UPC Risk

Since June 2023, the Unified Patent Court (UPC) can issue EU-wide injunctions based on a single Unitary Patent. If Microsoft holds a Unitary Patent covering your protocol, withdrawal from one country means withdrawal from 17+ states simultaneously. Search the UPC Case Management System for pending Microsoft enforcement actions before proceeding 24.

  • ❌ A developer is not a software patent lawyer.
  • ❌ A commercial lawyer is not a software patent lawyer.
  • ❌ A patent lawyer is not a software patent lawyer.
  • ❌ A US patent lawyer is not a Unitary Patent Court representative.

Your team must include:

  • A US Software Patent Attorney: For Alice Corp eligibility analysis (abstract idea rejection risk) and DMCA § 1201 exemption analysis 516
  • A European Patent Attorney (UPC-qualified): For Unitary Patent validity challenges or defense in the UPC Central Division 24
  • An Open Source License Compliance Expert: To ensure your implementation license (Apache 2.0 recommended) contains explicit patent grants and retaliation clauses 2627

Step 5: The Four-Way Comparison

Your task is to compare four things:

  • Technical descriptions in the patent
  • The technical description in your code
  • The technical description in the Microsoft protocol specification
  • The SEP status (if the protocol is standardized, Microsoft may have FRAND obligations, but open source projects struggle with “non-discriminatory” terms that traditionally imply royalties) 24

Any of these might express the same concept in very different ways, or may just seem to.

Hierarchy of Defenses for Developers

  1. Defensive Publication: Create prior art before coding 5
  2. OSP Verification: Check coverage but treat as ambiguous; legacy Exchange protocols (2007/2008) are covered but implementations deviating from strict specifications are not 25
  3. Anticircumvention Audit: Ensure your implementation does not require circumvention of TPMs that would violate Article 6 of the EU Copyright Directive or DMCA § 1201 61689
  4. OIN Membership: For the Linux System Definition (distinct from protocol coverage), join the Open Invention Network as secondary protection 5
  5. License Selection: Use Apache License 2.0 (explicit patent grant and retaliation clause), not MIT, for new projects 26272829

Conclusion: The War Is Not Over

The 2007/2008 release of Exchange protocols under the OSP, and Microsoft’s 2018 joining of OIN, changed the threat model from “existential” to “manageable.” But the launch of the Unified Patent Court in 2023, the resurrection of SEP reforms, the rise of AI-generated code complications, and the lethal intersection of patent and anticircumvention laws mean developers cannot abandon vigilance 24236.

For the EU, digital sovereignty now requires active defense: using open source to escape foreign patent control while reforming the EPO and UPC to prevent those same foreign patents from dominating European infrastructure. The choice is between predistribution—building systems that cannot be monopolized in the first place—and redistribution—attempting to claw back royalties after the fact. Only the former offers reliable protection, but it requires breaking the anticircumvention locks that protect the patent thicket 6.

Good luck.

References

  1. https://pclosmag.com/html/Issues/202110/page04.html ↩︎

  2. https://endsoftwarepatents.org/2021/08/the-threat-of-software-patents-persists/ ↩︎

  3. https://www.bardehle.com/en/ip-news-knowledge/firm-news/news-detail/the-patentability-of-software-under-the-epc ↩︎ ↩︎ ↩︎ ↩︎ ↩︎

  4. http://techrights.org/o/2022/07/22/georg-weber-swpats-imposter/ ↩︎

  5. https://techrights.org/n/2025/10/05/Software_Patents_as_a_Bubble.shtml ↩︎ ↩︎ ↩︎ ↩︎ ↩︎ ↩︎ ↩︎

  6. https://doctorow.medium.com/https-pluralistic-net-2025-11-01-redistribution-vs-predistribution-elbows-up-eurostack-349a753976ce ↩︎ ↩︎ ↩︎ ↩︎ ↩︎ ↩︎

  7. https://cyberlaw.stanford.edu/publications/anticircumvention-misuse ↩︎ ↩︎ ↩︎

  8. https://www.statewatch.org/news/2003/february/european-digital-rights-edri-launch-newsletter/ ↩︎ ↩︎ ↩︎

  9. https://en.wikipedia.org/wiki/Anti-circumvention ↩︎ ↩︎ ↩︎

  10. https://jolt.law.harvard.edu/digest/the-patent-anticircumvention-gap-lexmark-and-the-dmca ↩︎ ↩︎ ↩︎

  11. https://kaganbinder.com/library/if-you-werent-exhausted-before-you-will-be-now ↩︎ ↩︎

  12. https://impressionproductsinc.com/blogs/news/the-supreme-court-case-that-shaped-the-remanufacturing-industry ↩︎ ↩︎

  13. https://walkfreelaw.com/practice-areas/criminal-defense/federal-defense/digital-piracy/ ↩︎

  14. https://www.legalmatch.com/law-library/article/digital-millennium-copyright-act-lawyers.html ↩︎

  15. https://www.copyright.gov/dmca/summary/ ↩︎ ↩︎ ↩︎ ↩︎

  16. https://www.law.cornell.edu/uscode/text/17/1201 ↩︎ ↩︎ ↩︎ ↩︎ ↩︎ ↩︎ ↩︎ ↩︎ ↩︎ ↩︎ ↩︎ ↩︎

  17. https://www.fenwick.com/insights/publications/corporate-securities-litigation/the-dmca-and-the-ninth-circuit-decision-in-mdy-industries-v-blizzard ↩︎ ↩︎ ↩︎

  18. https://studentbriefs.law.gwu.edu/espla/2022/10/19/a-circuit-split-on-dmca-section-1201/ ↩︎ ↩︎ ↩︎

  19. https://www.law.berkeley.edu/center-article/chamberlain-v-skylink-in-federal-circuit/ ↩︎

  20. https://btblegal.com/blog-articles/f/mdy-industries-llc-v-blizzard-entertainment-inc ↩︎ ↩︎

  21. https://thewire.in/tech/the-right-to-repair-movement-is-a-symptom-of-digital-colonisation ↩︎ ↩︎ ↩︎

  22. http://www.ipupdate.com/2024/10/final-rule-on-dmca-grants-circumvention-exemptions/ ↩︎

  23. https://www.osborneclarke.com/insights/what-does-2026-augur-ai-and-ip-europe ↩︎ ↩︎ ↩︎ ↩︎ ↩︎ ↩︎

  24. https://www.pinsentmasons.com/out-law/news/eu-standard-essential-patent-reforms-resurrected ↩︎ ↩︎ ↩︎ ↩︎ ↩︎ ↩︎ ↩︎ ↩︎

  25. https://learn.microsoft.com/en-us/openspecs/dev_center/ms-devcentlp/d84cac00-b312-44ee-9156-23bde6477c3d ↩︎ ↩︎ ↩︎

  26. https://milvus.io/ai-quick-reference/how-does-the-apache-license-20-handle-patents ↩︎ ↩︎

  27. https://wiki.endsoftwarepatents.org/wiki/Patent_clauses_in_software_licenses ↩︎ ↩︎

  28. https://coderanger.net/react-patents/ ↩︎

  29. https://opensource.stackexchange.com/questions/6810/why-doesnt-the-mit-license-have-patent-use-permission ↩︎