This case study is an anonymised composite based on publicly reported PI claim patterns. It is not actual Apex client data and does not constitute legal or insurance advice. Names, locations and identifying details have been changed. Apex Insurance Brokers Limited is authorised and regulated by the Financial Conduct Authority, FRN 724952.
A bespoke software development consultancy with twelve developers, fee income around £2.3m. The firm built custom SaaS products for SME clients, predominantly in the professional services and small-business sectors. Engagement model was a mix of fixed-price MVP builds and ongoing managed-service development.
The engagement was the build of a bespoke SaaS application for an SME client — a small but well-funded recruitment technology business that wanted a candidate-management platform with specific workflow features its founder had identified as unmet in the off-the-shelf market. The contract was a fixed-price build to a defined specification with subsequent migration to a managed-service contract for ongoing development.
The build proceeded over approximately ten months. The firm’s developers used a combination of bespoke code, open-source libraries under permissive licences (predominantly MIT and Apache 2.0), and a small number of more specialised open-source components.
The issue arose with a specific data-visualisation library used in the application’s reporting module. The library was a fork of a more established open-source visualisation framework; the fork itself carried a GPL-licensed dependency that had been incorporated into the fork’s codebase by its maintainer. The GPL licence’s “copyleft” provisions require any work that incorporates or derives from GPL-licensed code to be itself made available under compatible terms — effectively requiring the source code of any derivative work to be released openly.
The firm’s developers were not aware of the GPL dependency within the fork. They had assessed the fork’s top-level licence (an Apache 2.0 declaration in the fork’s repository) and concluded that the licence was compatible with the client’s intended use. The deeper transitive dependency on GPL-licensed code had not been identified.
The issue came to light when the client engaged a corporate finance adviser in preparation for a Series A funding round. The financial adviser commissioned a technical due diligence exercise that included an open-source compliance scan. The scan identified the GPL dependency. The technical due diligence report flagged this as a serious compliance issue — the client’s SaaS product was, on a literal application of the GPL terms, potentially obliged to be open-sourced.
The investors, in due diligence, treated this as a deal issue. The funding round was paused while the issue was resolved. The cost of resolution included re-engineering the affected reporting module to remove the GPL-dependent code (substantial work), a period of remediation across the broader codebase to undertake the open-source compliance review that should have been done earlier, and the consequential cost of the funding-round delay.
The client claimed against the firm for the cost of the re-engineering work (approximately £180,000), the open-source compliance review (approximately £45,000), and the consequential loss arising from the funding-round delay — characterised in the pleadings as the difference between the valuation achievable before the issue was identified and the valuation achievable after, approximately £400,000.
The claim was framed as breach of the firm’s engagement letter (which contained warranties as to third-party IP and licence compliance) and in negligence under Hedley Byrne principles. The pleaded total was approximately £625,000.
The defence engaged the practical reasonableness of the firm’s open-source review at the time the library was selected, the apportionment of risk on transitive dependencies under the standard market approach at the time, and the recoverability of the consequential funding-round loss under Hadley v Baxendale remoteness principles.
The matter resolved at mediation at approximately £225,000 inclusive of the client’s contribution to costs.
Section 5 notification was made on receipt of the client’s pre-action correspondence. The wording responded subject to the firm’s £20,000 each-and-every excess. The £3m limit was sufficient.
A coverage question arose on the IP infringement treatment. IT PI wordings vary substantially in their treatment of IP claims; some wordings provide broad cover for third-party IP claims arising from delivered work, others limit cover to defence costs only, and some exclude IP claims altogether. The firm’s wording responded to IP-related claims arising from the firm’s professional services with a sub-limit of £1m and a separate excess. The sub-limit was sufficient on the facts.
A second question arose on the consequential loss characterisation. The client’s funding-round loss was the largest single head of the pleaded loss. The wording responded to direct losses arising from the firm’s professional negligence; the consequential loss treatment was managed through the defence on remoteness rather than through coverage exclusion.
A third question arose on the representations and warranties in the firm’s engagement letter. The engagement letter included warranties to the client about third-party IP and licence compliance. The wording responded to the firm’s liability arising from these warranties as part of its professional services without coverage dispute, although on a different wording with a tighter “contractual liability assumed” exclusion the position could have been different.
The matter resolved at mediation at approximately £225,000 inclusive of the client’s contribution to costs. The £20,000 excess applied.
The settlement was paid. The firm introduced an explicit open-source compliance review at multiple points in every engagement: at library selection, at architectural review, and at pre-release stage. The compliance review uses automated scanning tools and a documented sign-off process. The firm’s PI premium rose by approximately 28% at renewal.
The firm’s open-source compliance protocol is now part of its standard pitch and contractual offer; in a market where many clients are increasingly aware of these issues, the discipline is itself a commercial differentiator.
IP claims on delivered software are growing as funding-round and corporate due diligence becomes more sophisticated. First, open-source compliance is not a one-off check at library selection; transitive dependencies, forks and revised licences create ongoing risk that requires ongoing process. Second, the firm’s PI wording’s treatment of IP claims varies widely; sub-limits, exclusions, defence-costs-only cover and full cover are all present in the market, and the renewal review should engage with the wording specifically. Third, the engagement letter’s representations and warranties on third-party IP carry significant risk; the firm should align these with the wording’s response and the firm’s actual ability to deliver against them. Fourth, consequential losses on IP claims — particularly funding-round and transaction-related losses — are large and not always within cover; the defence on remoteness is real but unreliable as a planning assumption. Fifth, the renewal narrative on the firm’s open-source compliance protocol is the substance of the IT consulting underwriter’s view in this area.
For IT consulting practices the IP cover wording is one of the most variable elements of the market and warrants explicit benchmarking at every renewal. We work with practices on the engagement-letter representations and warranties alignment with the wording, the IP sub-limit calibration to the firm’s commercial profile, and the renewal narrative around the firm’s open-source compliance protocol. On notification, the framing of an IP infringement matter under the right extension within the wording requires care.
Apex Insurance Brokers serves UK professional services firms and commercial businesses. Call 0117 325 0027, email hello@apexinsurancebrokers.co.uk, or request a quotation.
Get a quote