Third Parties and Software Piracy: Companies Remain Legally Responsible

During software compliance audits, it is not uncommon for companies to claim that pirated programs were installed by external contractors or IT consultants—rather than by their own employees. However, this line of defense is rarely accepted in legal proceedings.

In Brazil and in many other countries, employers are legally liable for the acts of both employees and third-party service providers when those acts are carried out within the company’s infrastructure or under its direction. Brazilian Civil Code, Article 932, item III, explicitly states that employers are responsible for damages caused by employees, agents, or representatives in the course of their work. Brazilian case law has further confirmed that this liability may extend to outsourced workers acting within the company’s environment.

In practice, this means that if a third-party technician installs pirated software—knowingly or not—on the company’s network, the company itself can still be held liable, especially if it benefits from the use of the software or fails to implement adequate control mechanisms.

That’s why businesses must adopt strong internal policies to prevent unauthorized software use. Implementing access restrictions, limiting installation privileges, and maintaining clear internal compliance protocols are all crucial steps not only for risk mitigation but also for demonstrating good-faith efforts during audits.

Our firm has handled numerous cases where this issue was central to the dispute, and we emphasize: arguing that software piracy was committed by an external provider will not exempt a company from legal liability.