Jump to content

Autodesk license compliance audits

From Consumer Rights Wiki
Revision as of 12:13, 6 July 2026 by Louis (talk | contribs) (new article on autodesk software license compliance audits, from the eula audit clause and the vernor v. autodesk ruling to the network scan demands and settlement figures; sourced from the terms of use, the ninth circuit opinion, sec filings, and cad trade and legal coverage)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Autodesk license compliance audits require Autodesk's own paying business customers, within 15 days of an audit notice, to run an Autodesk-approved tool across every device that accesses its software & submit the results, then to buy licenses covering any shortfall the audit finds plus Autodesk's own cost of the audit.[1] The requirement is Section 17.8 of Autodesk's General Terms, which labels a customer's failure to comply a "material breach".[1] Attorneys who defend companies in these audits describe settlement demands "as high as $50,000 or more",[2] trade coverage reports that EULA missteps can cost a studio "six-figure fines",[3] and a compliance consultancy reports that Autodesk escalates to its legal department or outside lawyers when a target objects.[4]

Background

Autodesk distributes its software under license rather than sale. In Vernor v. Autodesk, Inc., 621 F.3d 1102 (9th Cir. 2010),[5] the U.S. Court of Appeals for the Ninth Circuit held that an Autodesk user is "a licensee rather than an owner" of the copy, applying a three-factor test that turns on whether the copyright owner grants a license, restricts transfer, & imposes use restrictions.[6] Because the user is a licensee, the first sale doctrine (17 U.S.C. § 109(a)) & the essential-step defense (17 U.S.C. § 117(a)(1)) do not apply, so reselling or copying the software without authorization infringes Autodesk's copyright.[6] Timothy Vernor, a reseller of used AutoCAD Release 14, had brought the declaratory-judgment action himself after Autodesk sent DMCA takedown notices over his eBay auctions; a federal district court ruled in his favor, & the Ninth Circuit reversed for Autodesk in 2010.[6]

In Vernor v. Autodesk, Inc., the Ninth Circuit held that Autodesk's customers are licensees rather than owners of their copies, so they cannot resell the software or rely on the first-sale doctrine.[6]


Autodesk has moved its customers off perpetual licenses & onto subscriptions. Its fiscal-2025 annual report ties that change to unauthorized use, which it says "negatively impacts our revenue".[7] The filing describes moving customers "from perpetual use software licenses to a subscription-based business model".[7]

Audit clause

Autodesk's end-user license agreement reserves a contractual right to audit a customer's use, & the mechanics have changed across contract generations. The current General Terms, last updated March 30, 2026, set out a self-audit in Section 17.8, "Verification of Compliance":

You must use an Autodesk-approved tool to gather information from all devices accessing Your Offerings and obtain any necessary access and consent from Your Authorized Users. Within 15 calendar days of audit notification, You must submit Your audit results to the notifying party. Audit results must include machine IDs, serial numbers, Autodesk IDs, NT/Windows username, device ID and other information relating to Your Offerings. If, through a Verification, Autodesk determines You are in violation of these Terms, You must immediately purchase new Offerings at least equal to the total of the value of the identified noncompliance and Autodesk's reasonable costs to complete the Verification. Failure to comply with this Section 17.8 is a material breach of these Terms.

[1]

This version puts the scan on the customer, who runs the tool & produces the machine-level data.

An earlier generation of the agreement, Autodesk's fiscal-year 2017 License and Services Agreement, put the audit in Autodesk's hands rather than the customer's and expressly allowed it to be conducted "electronic or otherwise". Section 9.7 gave Autodesk the right, on 15 days' notice, to inspect the customer's records, systems, & facilities:

As part of any such audit, Autodesk or its authorized representative will have the right, on fifteen (15) days' prior notice to Licensee, to inspect Licensee's records, systems and facilities, including machine IDs, serial numbers and related information, to verify Licensee's Installation of and Access to the Autodesk Materials.

[8]

The same clause required the licensee to provide "full cooperation"[8] and, on a finding of noncompliance, to buy licenses to cure & "pay the reasonable costs of the audit".[8]

Section 9.7 of Autodesk's fiscal-year 2017 License and Services Agreement gave Autodesk the right to audit a customer "electronic or otherwise" and, on a finding of noncompliance, to make the customer buy licenses and pay the costs of the audit.[8]


Verification tool

The current General Terms name only "an Autodesk-approved tool" & do not identify a specific product.[1] In practice, Autodesk directs audited customers to a particular scanner that named sources call by different names. The German compliance consultancy ProLicense identifies it as ScanWin & says customers are told, on short deadlines, to install it & transmit the data it collects.[4] The defense firm Scott & Scott says Autodesk has begun to "advocate heavily for the use of its own AIA scanning tool".[9]

Product documentation for a ScanWin scanner published by the software-asset-management vendor License Dashboard describes an agentless system that uses Microsoft Windows Management Instrumentation (WMI) to inventory Windows machines, discovers devices by Active Directory registration & by IP-address range, & requires that Windows firewalls be configured to permit WMI communication.[10] Scott & Scott warns that the tool over-reports: its clients have found that free viewer installations are counted as product installations, so submitting raw scan output could produce "drastically over-inflated audit exposure".[9]

Selection of audit targets

Autodesk selects audit targets using data its own products report back to it. Its analytics page states that desktop products collect the user's Autodesk ID, IP address, & product & license information, & that some of this collection is required & cannot be turned off, expressly including data used to "identify non-valid use of our offerings".[11] Scott & Scott describes the enforcement side of that telemetry: many Autodesk products contain embedded reporting technology that updates the company on installation & usage, & its compliance teams check those deployments against a company's registered licenses.[12] The same firm says Autodesk also tracks "cracked" serial numbers, & that entering one into an Autodesk database or online profile can itself trigger an audit.[12]

In a February 2, 2021 CGArchitect account, Jeff Mottle described a contractor who connected a laptop carrying pirated software to a studio's network; Autodesk's "phone-home" tools flagged the installation, & the studio became the audit target.[3]

Enforcement and settlements

Attorney Steve Vondran, whose firm defends companies in these matters, describes the enforcement arm as an "Autodesk internal" team, "a small team of lawyers inside of Autodesk" who force targets to run scans & then seek settlements "as high as $50,000 or more".[2] Vondran calls the opening demand a "love letter" & reports that Autodesk attorneys have threatened "shutoff of even licensed software" if a company refuses to engage.[2]

ProLicense, which markets itself as an audit-defense consultancy, calls Autodesk "very aggressive in the industry" & says it audits "several million customers worldwide".[4] The firm says audits often conclude that a target needs five to ten times the licenses it holds.[4]

One studio owner told CGArchitect that Autodesk's first contact was "very confrontational and aggressive" & that its compliance team "had no desire to listen to any explanations".[3] Scott & Scott adds that Autodesk's settlement agreements often impose an "invasive audit provision that supersedes the license agreement", which shortens the notice period, shifts the cost of the audit onto the customer, & requires future purchases directly from Autodesk.[13]

Consumer and industry response

ProLicense says targeted customers "often feel helpless and up against the wall" & tend to comply rather than object.[4] In the case CGArchitect reported, retaining counsel changed the dynamic: the studio owner said that once they "hired the lawyer, the tone of communications changed".[3] Scott & Scott, Vondran Legal, & ProLicense each publish guidance for companies facing these audits.[13][2][4]

A studio owner told CGArchitect that Autodesk's first contact was "very confrontational and aggressive", that the studio was made to install auditing software, and that it spent thousands in legal fees before Autodesk agreed there were no infringing copies.[3]


See also

References

  1. 1.0 1.1 1.2 1.3 Autodesk, Inc. (2026-03-30). "General Terms". Autodesk. Retrieved 2026-07-06.
  2. 2.0 2.1 2.2 2.3 Steve Vondran (2023-04-12). "Autodesk Internal Getting Very Aggressive in 2023 Beware of Over-Assigning Licenses". JD Supra. Vondran Legal. Archived from the original on 2026-07-06. Retrieved 2026-07-06.
  3. 3.0 3.1 3.2 3.3 3.4 Jeff Mottle (2021-02-02). "How Work-From-Home and the Software EULA Could Cost You Thousands in Penalties". CGconnect. Archived from the original on 2026-07-06. Retrieved 2026-07-06.
  4. 4.0 4.1 4.2 4.3 4.4 4.5 "Autodesk audit consulting". ProLicense GmbH. Retrieved 2026-07-06.
  5. "Vernor v. Autodesk, Inc., 621 F.3d 1102 (9th Cir. 2010)". CourtListener (Free Law Project). Retrieved 2026-07-06.
  6. 6.0 6.1 6.2 6.3 U.S. Court of Appeals for the Ninth Circuit (2010-09-10). "Vernor v. Autodesk, Inc. (slip opinion)" (PDF). United States Courts. Retrieved 2026-07-06.
  7. 7.0 7.1 Autodesk, Inc. (2025-03-06). "Autodesk, Inc. Form 10-K for fiscal year ended January 31, 2025". U.S. Securities and Exchange Commission (EDGAR). Retrieved 2026-07-06.
  8. 8.0 8.1 8.2 8.3 Autodesk, Inc. "Autodesk License and Services Agreement (FY17)". Autodesk. Archived from the original on 2026-07-06. Retrieved 2026-07-06.
  9. 9.0 9.1 "Autodesk Audits: How to Effectively Scan Your Network and Prepare Accurate Results". Scott & Scott, LLP. Retrieved 2026-07-06.
  10. "License Dashboard ScanWin". License Dashboard. Retrieved 2026-07-06.
  11. Autodesk, Inc. "Autodesk analytics programs". Autodesk. Retrieved 2026-07-06.
  12. 12.0 12.1 "How did Autodesk know to audit you and what do you do now?". Scott & Scott, LLP. Retrieved 2026-07-06.
  13. 13.0 13.1 Keli Johnson Swan. "Autodesk Settlement Agreements: Beware Restrictive Superseding License Terms". Scott & Scott, LLP. Retrieved 2026-07-06.