Newsletter
Copyright Infringement Disputes Arising from the Use of "Cracked" Software
I. Computer Programs Involving "Legitimate Network Relay Transmission" or "Temporary Reproduction" Constitute Copyright Infringement
Paragraphs 1 and 3, Article 22 of the Copyright Act respectively provide: "Unless otherwise stipulated by this Act, the author shall have the exclusive right to reproduce his/her work," and "The provisions of the preceding two paragraphs shall not apply to temporary reproduction that is solely for the purpose of legitimate network relay transmission or lawful use of the work, which is a necessary transitional or incidental technical operation without independent economic significance. However, computer program works are excluded from this exemption." Furthermore, Article 22, Paragraph 2 states: "The temporary reproduction involved in legitimate network relay transmission includes phenomena technically unavoidable by computers or machines themselves for network browsing, quick access, or other transmission functions." From this, it is clear that "legitimate network relay transmission" or "temporary reproduction" are excluded from constituting infringement of the reproduction rights, except that computer programs are an exception and remain subject to reproduction rights. Therefore, the acts of "legitimate network relay transmission" or "temporary reproduction" occurring during the use of pirated software still constitute infringement of the reproduction right.
In the Intellectual Property and Commercial Court's Civil Judgment 113-Ming-Zhe-Shang-Zi-13 dated September 30, 2025, it was pointed out that when employees of the defendant company used "cracked" software, the computer would load the cracked program instructions or data into random access memory for execution, constituting temporary reproduction. This was recognized as unlawful infringement of the plaintiff company's reproduction right, and the court upheld the original ruling, dismissing the appeals of both parties.
II. Case Background
The plaintiff company is the copyright owner of the two disputed software, which includes a monitoring program capable of detecting whether users have obtained legitimate authorization from the plaintiff company. It also has an authorization management system and authorization files as anti-piracy measures to restrict unauthorized use.
The plaintiff company, based on detection reports, learned that employee A of the defendant company had downloaded and used cracked software. The plaintiff thus claimed infringement of the reproduction right of the disputed software pursuant to Paragraph 1, Article 88 of the Copyright Act and requested damages.
III. The Grounds for Judgement
1. Employee A of the defendant company unlawfully infringed the plaintiff company's reproduction right to the disputed software and did not constitute fair use
The built-in detection program of the disputed software automatically generates submitted by the plaintiff company showed that employee A used cracked infringing software on his laptop both at home and at the defendant company's office. The usage involved temporary reproduction of the disputed software, infringing its reproduction right.
The court accepted the authenticity of the notarized detection report primarily because employee A failed to produce the laptop used to download the cracked software. Considering employee A's work and educational background, the court found that he could easily have known that the official company website provided copyrighted editions of the disputed software, thus concluding that the infringement was intentional.
Regarding employee A's defense of fair use, although the plaintiff company did not prove that employee A used the cracked software for academic research, the court weighed factors such as the high degree of use of the disputed software, lack of transformative use, and the inevitable impact on the plaintiff company's potential market and current value, concluding that the use did not constitute fair use under copyright law.
2. The defendant company and employee A are jointly liable for infringement
The court emphasized that enterprises have an "organizational duty" for risk prevention, including "operational organizational duty" and "organizational establishment duty," requiring proactive structural preventive measures and establishment of a sound organizational system.
Although the defendant company had established information security control policies, witness testimony revealed a lack of effective supervision and technical controls to verify whether employees brought personal laptops to the company and connected to the internet for unauthorized use. Given the defendant company's higher duty of care regarding information security, the court found the defendant company negligent and held it jointly liable with employee A for the infringement.
3. The plaintiff company may claim joint and several damages of NT$1,000,000 from the defendant company and employee A
The court found that the plaintiff company's submitted quotations and invoices were not comparable to the case facts. Therefore, pursuant to Paragraph 3, Article 88 of the Copyright Act, considering the intentional infringement period, location, method, the defendant company's business scale, and its duty of care for information security, the court deemed NT$1,000,000 in damages appropriate—calculated as NT$500,000 for each of the two disputed software programs.
4. The plaintiff company's claim for damages against the defendants is not time-barred
The plaintiff company submitted notarized documents indicating that the first detection of illegal software "use" occurred on April 29, 2020. The court thus determined that the plaintiff company "knew" of the infringement on that date, and the claim for damages was not barred by the two-year statute of limitations.
IV. Conclusion
In summary, the courts have adopted a more stringent standard of review regarding enterprises' information security and internal control management, imposing an obligation on enterprises to establish comprehensive supervision and management mechanisms. This article recommends that, in addition to formulating information security management regulations, enterprises should also implement license management and technical monitoring procedures to mitigate the risk of incurring joint tortious liability arising from employees' unauthorized use of cracked software within company premises or when connected to the company's internet.