Unfortunately, some awarding authorities are still trying to make the award procedure easier for themselves by deliberately, or at least negligently, misclassifying the subject matter of services in violation of procurement law. In blatant cases, this is done by obviously incorrectly specifying CPV codes, but more often it is the classification of supplies and services as construction services with the aim of circumventing a Europe-wide award procedure and, in particular, the effective legal protection of Part 4 of the ARC due to the blatantly higher threshold value for construction services.
The Higher Regional Court of Schleswig (OLG Schleswig, decision of 05.12.2023, 54 Verg 8 / 23) has found clear words on this in a decision a few weeks old (OLG Schleswig, decision of 05.12.2023, 54 Verg 8 / 23) and in particular once again presented the guidelines for a correct distinction between construction services on the one hand and supply or services on the other:
Subject matter of the review procedure
The subject matter of the award procedure in question was the construction of a prototype sensor infrastructure for data collection and forwarding to a central data storage system. The system was to be installed at a total of 15 locations in order to test the overall application for a possible subsequent implementation phase.
The client classified this service as a construction service. The estimated contract value (€260,000) was therefore above the threshold value for supplies and services (€215,000), but below the threshold value for the Europe-wide invitation to tender for construction services (€5,382,000). The contracting authority therefore only published the contract notice nationally in accordance with VOB/A. In response to the application for review and the corresponding complaint, the public procurement senate correctly assumed a supply of goods and services and obliged the defendant to issue a Europe-wide invitation to tender in accordance with VgV if the procurement intention continues.
Reasoning
A construction contract is defined in Section 103 (3) GWB. Accordingly, a construction contract is a contract for the execution or simultaneous planning and execution of construction work in connection with the activities listed in Annex II of Directive 2014/24 EU or of a structure that is the result of civil engineering or building construction work and is intended to fulfill an economic or technical function, or, according to Section 1 (1) VOB/A, a contract for the execution or simultaneous planning and execution of a construction project or a structure that is the result of civil engineering or building construction work and is intended to fulfill an economic or technical function. The terms construction work and building should be synonymous.
Mixed-type contracts, i.e. contracts that contain different categories of services, are to be classified according to the main subject matter of the contract pursuant to Section 110 (1) sentence 1 GWB. In the specific case, the Higher Regional Court of Schleswig stated that
“The main service tendered by the respondent is not a construction service. At most, the installation of sensors can be regarded as construction work. Even here, however, construction work is likely to be involved at best if the contractor is to erect its own masts in order to attach sensors to them. […]
In any case, the installation of the sensors is not the main service of the tendered procurement project. All four lots must be considered, as this is a single project. The aim is not just to install sensors, but to create a system of sensors that collect data and transmit it to the data platform for further processing. The mere installation of sensors would be of no value to the defendant.
The contractors of lots 1 to 3 also have to provide extensive services that go beyond the mere installation of sensors. Among the services to be offered, installation accounts for only one point. […] The bidders must plan the system and ensure that the data is recorded and forwarded without errors. It is not a construction contract that is to be concluded with them, but an EVB-IT purchase contract. This shows that IT services were regarded as essential by the respondent. Accordingly, the applicant (offer depicted on p. 7 of the statement of grounds for appeal, p. 7 of the annex) not only offered the sensors themselves, but also software of considerable value. The fact that the bidders had to submit an installation concept does not change the focus of the tendered services. This was primarily concerned with the planned fixings so that these could be agreed with the owners of the masts, for example. The fact that the operation of the system was not to start until later does not change the fact that the system of sensors was already to be implemented and the implementation of the show cases was to be achieved.”
The OLG has thus correctly worked out that, in particular, orders that essentially comprise IT services are to be qualified as supplies or services, even if they include installation services. In case of doubt, the delivery of hardware and software and the associated technical installation and set-up services are in the foreground here.
In this respect, the decision should also be applicable to other contract items that are part of the furnishing of real estate but essentially comprise the supply of IT systems. These include, for example, access control or time recording systems. Here too, the installation service will generally take a back seat to the data collection, storage and evaluation functionality of the system. The same also applies to IT components, such as monitors, displays, whiteboards or similar, which are only to be additionally mounted at the installation site, e.g. on the wall or ceiling or other supporting devices, even if the installation of simple supporting devices is also part of the scope of services. In this respect, the OLG did not even classify the erection of entire open-air masts as a relevant construction service (“at most”).

The European Commission published the draft Data Act on February 23, 2022. The Data Act draft regulates the provision of data by the data owner to the user, to third parties and to public bodies and includes legal frameworks for data access and data use. The background to the regulation is that there is currently no legal regulation on data sovereignty and all parties involved rely on voluntary exchange.
With the Data Act draft, the European Commission now wants to clarify who may commercially exploit data and under what conditions this takes place. In addition, special provisions are made for micro, small and medium-sized enterprises as well as so-called “gatekeepers”.
Basic content of the draft Data Act
The draft regulates the exchange of user-generated data between companies and between consumers and companies. Large parts of the data collected by companies and by consumers in connection with networked devices and digital services must in future be made technically and legally accessible to users, who can then pass the data on to third parties.
The regulations in the draft include, for example, product requirements for easy and secure data access (“access by design and by default”), pre-contractual information obligations and the need for a usage agreement between data owner and user, data access claims and provision obligations, as well as regulations on data transfer by the data owner to third parties at the instigation of the user. However, it also regulates requirements for corresponding consideration (e.g., fairness, appropriateness) and criteria for abusive contractual clauses in order to protect smaller companies.
In addition, there are to be regulations for the transfer of data to public bodies and EU institutions, bodies and other bodies in emergency situations.
The draft also stipulates that the European Commission should provide non-binding model contractual conditions for data access and use. The member states are then to issue corresponding regulations on sanctions in the event of violations.
Addressees of the draft Data Act
The Data Act draft applies to
- All manufacturers of products and providers of related services placed on the market in the EU and users of such products or services;
- data controllers who provide data to recipients in the EU;
- Data recipients in the EU to whom data is provided;
- public bodies and EU institutions, bodies and agencies;
Similar to the GDPR, the regulations are also intended to apply to companies based outside the EU if they provide relevant services to customers in the EU.
Outlook
The European Parliament and the Council have adopted their positions on the draft and, like the member states, are calling for various amendments. Further negotiations will focus in particular on the scope of application of the Data Act, ensuring the protection of trade secrets, remuneration issues and regulations on provider switching and protection against unfair contract terms. On March 29, 2023, the first trilogue took place. However, as the positions of the Council and Parliament are not too far apart, an agreement is generally expected before the summer break or shortly thereafter.

Companies face an increasing push to use of open source software, both in their own software development and in the procurement of software from third parties.
The use of open source software or “free and open source software” has become standard in software development. Open source software is freely available on the internet, saves time and allows typical standard functions to be integrated without any development effort.
The term Free and Open Source Software suggests when the software is “free” in every respect. However, the use of the software requires acceptance of and compliance with the underlying licence conditions. Frequently, however, these are observed little or not at all, which can lead to considerable economic risks (including injunctive relief, claims for damages).
Therefore, it is essential, especially for software development companies, to fully comply with the obligations associated with the use of open source software. In order not to be surprised by the negative consequences of non-compliance, it is advisable to introduce internal processes for monitoring compliance within the framework of an open source compliance management.
What is Open Source Software?
Open source software is freely available, but can only be used under restrictions that are intended to enable further free use. For example, the Open Source Initiative (https://opensource.org/) published requirements to classification as open source software. Among other things, the source code must be available or be made available. Changes to the software must be permitted. The licence conditions used must not restrict distribution, no licence fee may be charged for the open source software and it must be permitted to market changes under the same conditions.
The various open source developers have gone different ways. Some use licences that allow use in conjunction with commercial products. Some oblige the user to combine the open source software only in conjunction with compatible licences or stipulate that their own licence conditions must apply to further developments or derivative works. This is also called “copyleft” or viral effect.
What impact does this have on commercial use?
For companies that only use open source software internally for their own purposes, there are hardly any restrictions preventing use. Occasionally, however, certain types of use are exempted.
However, if the open source software is made available to third parties or if it is incorporated into commercial software, it must be checked whether use and distribution in the intended way is covered by the underlying licence.
On the one hand, there are many licences that make this possible and even allow the use of commercial licence terms for the larger work. In contrast to commercial third-party products, the possibilities for use are usually more flexible here.
On the other hand, depending on the licence, the use of open source software can lead to restrictions. For example, if an open source software licenced under GNU General Public License (GNU GPL), is integrated the larger work cannot be distributed commercially or without disclosing the source code.
However, the type of use also plays a role here. Some licences (e.g. Affero General Public License) restrict commercial use to such an extent that use in connection with commercial SaaS services is restricted.
Other commitments
In addition to the fundamental question of the permissibility of use, some licences also provide for further obligations, e.g. passing on the licence conditions, disclosure of use, making available the source code of the open source software, naming the author.
Often, the developers know the concept of open source software, but not the associated restrictions and obligations. The consequences are usually a violation of the licence conditions and a resulting ban on using the open source software.
How do I reduce my risks?
First of all, an inventory should be made. Open source audits are a good way to do this, in which the source code of the own software and all open source components used are scanned. This allows you to find both obviously used open source software and so-called snipits that have been copied into the own code. The open source software should also be scanned completely in order to find third-party components it may contain.
There are various tools on the market that support the scan. Some of these can also be integrated into the development process. In this way, problematic developments can be discovered and eliminated at an early stage. In addition, the tools facilitate the creation of a Bill of Materials (BoM), a list of all matches with pieces of code, the version of the open source software, the respective download source and the applicable licence conditions.
It makes sense to whitelist unproblematic licences and blacklist problematic ones. All licences not listed would then have to be checked as necessary.
Awareness should be raised to the responsible employees and appropriate contractual regulations should be concluded with external developers.
In addition, the documentation measures should be summarised in a compliance programme.
Conclusion
The use of open source software brings both advantages and challenges. However, when the right components are selected and used in accordance with the conditions, it is often more interesting than commercial third-party products or in-house developments.

TCI is represented as a group of boutique law firms which and were founded in July 2011 with offices in Berlin, Mainz and Munich.
TCI’s industry focus is on “Technology”, “Communication”, “Information”, on which the short name and brand “TCI” is based. The legal focus is on technology-related contract law and litigation including arbitration, IT law, telecommunications law, public procurement and antitrust law, franchise and distribution law, employment law, copyright law and intellectual property law.
With several years of professional experience, each of the founding partners of TCI had previously gained in other specialized commercial law firms and renowned large law firms, they wanted to realize their vision of a boutique law firm in which renowned legal personalities known in the market work together on the basis of a democratic internal structure with a flat hierarchy. This recipe for success has fully proven itself.
Truiken Heydn , TCI founding partner commented: ” We would like to thank our clients and the many colleagues who recommend us again and again for the trust they have placed in us. We are pleased that the approach of a boutique law firm has proven its worth over the 10 years and we will continue to pursue it consistently. This allows us to focus on core areas and provide the best possible service to our clients. Areas of law that we do not handle ourselves are covered by cooperations with other law firms. This allows us to support clients beyond our focus and opens up many other advantages of working with other law firms. One example of this is our collaborations in the M&A environment.”
Meanwhile, the expert team of the law firm alliance has grown to 14 partners and 3 associates. TCI and its lawyers have won numerous national and international awards (e.g. Best Lawyers, FOCUS, Who’s Who Legal) throughout the firm’s history. In addition, they have made a name for themselves as specialist authors, lecturers and speakers.

The transaction: CompuGroup Medical (CGM) acquires the entire shares in Meta IT GmbH, based in St. Ingbert.
Meta IT is a highly specialized healthcare software vendor with two core products: MetaKIS offers hospitals a powerful application for the billing of Diagnosis Related Groups (DRG), revenue assurance, performance management and benchmarking. MetaIPSS actively and comprehensively supports all relevant processes in a hospital’s hygiene management. The browser-based solutions can be integrated into all relevant hospital information systems (HIS) and interact seamlessly with the CGM solution suites for acute care hospitals.
The two companies have been working well and successfully together for some time. Now, the joint commitment is to be further intensified and extended to new areas, e.g. in the increasingly important topic of quality management. Other CGM customer groups, such as rehabilitation facilities, will also benefit from this. MetaIPSS in particular also offers a lot of potential for an expansion or internationalization of the target market.
The TCI team led by Stephan Schmidt supported the transaction and was responsible for the legal due diligence and negotiation of the SPA in the areas of IT/IP, data protection and labor law.
The MUTTER & KRUCHEN team led by Dr. Carsten Kruchen supported the transaction and was responsible for the legal due diligence and negotiation of the SPA in the area of corporate law.
Advisory teams:
TCI Rechtsanwälte (IT, IP, data protection, employment law): Stephan Schmidt, Sabine Brumme, Stephan Breckheimer, Joscha Falkenhagen
MUTTER & KRUCHEN (corporate law): Dr. Carsten Kruchen, Jessica Werner
CompuGroup Medical is one of the world’s leading e-health companies, generating annual revenues of EUR 837 million in 2020. The company’s software products to support all medical and organizational activities in medical practices, pharmacies, laboratories and hospitals, its information services for all stakeholders in the healthcare system and its web-based personal health records serve a safer and more efficient healthcare system. The foundation of CompuGroup Medical’s services is its unique customer base of more than 1.6 million users, including physicians, dentists, pharmacies and other healthcare professionals in outpatient and inpatient settings. With its own locations in 18 countries and products in 56 countries worldwide, CompuGroup Medical is the e-health company with one of the largest reach among healthcare providers. Around 8,000 highly qualified employees stand for sustainable solutions in the face of constantly growing demands in the healthcare sector.
TCI Rechtsanwälte advises national and international clients primarily in the areas of IT/IP law and data protection law. In addition to contract law advice, TCI Rechtsanwälte also supports clients in corporate acquisitions and sales and IP compliance.
MUTTER & KRUCHEN assists clients in corporate acquisitions and sales as well as in more comprehensive reorganizations of corporate and group structures. In addition, MUTTER & KRUCHEN provides independent and partner-led advice on corporate and capital markets law to listed and medium-sized companies, family-owned companies and their shareholders, experienced founders and investors as well as foundations.

TCI Rechtanwaelte is once again proud Gold Plus Sponsor of the International Technology Law Association’s (ITechLaw) World Technology Law Conference. The conference will take place from 8 to 10 June 2021 as an online event. Registrations are still possible at the following link: https://www.itechlaw.org/conferences/2021-world-technology-law-conference.