Licence & Continuity
Lexiane is proprietary software with controlled source access: clients can audit every line of code under NDA, competitors cannot copy the engine, and an independent escrow guarantees continuity if the vendor ceases to operate. Each major version becomes Apache 2.0 after ten years.
The Lexiane source code is not public. This protects the vendor's R&D investment against copying by competitors. It is not an obstacle to transparency: your security teams can audit every line of code under strictly controlled conditions, and an independent escrow mechanism ensures the code remains accessible to your organisation if Lexiane were to cease operations.
1. Proprietary licence with controlled source access
Every Lexiane on-premise deployment is governed by a negotiated licence agreement with the client organisation. This agreement specifies:
- Internal use right: use is strictly limited to the client organisation for its own purposes. Any redistribution or extraction of the code is prohibited.
- Security audit right — two levels depending on the maturity of the
relationship:
- Pre-contractual evaluation: the audit is conducted on Lexiane's premises or via an isolated environment provided by the vendor, under a reinforced NDA. The code does not leave the vendor's premises. Access is organised within 30 business days of a formal request.
- Active client under contract: the client receives direct access to the full source repository, under a reinforced NDA. The audit is conducted using the client's own tools at their own pace, with full contractual liability for the confidentiality of the transmitted code.
- Prohibition on redistribution: any copying, transmission or exploitation of the code outside the client organisation is strictly prohibited, including for the benefit of a competitor.
- Decompilation framework: EU law (Directive 2009/24/EC, Art. 6 and 8) grants licensees certain decompilation rights for interoperability or error correction purposes that cannot be contractually waived. The agreement organises the conditions for exercising these rights: prior notification to the vendor, use strictly limited to the permitted purpose, and prohibition on communicating results to third parties.
2. Continuity guarantee
Source code escrow
The complete Lexiane source code is deposited with an independent escrow agent (notary or Escode — NCC Group). The deposit is updated with each major release. Upon the occurrence of a Trigger Event — verified by the agent on the basis of supporting documents (liquidation judgment, cessation certificate, etc.) — the depositary releases the code to licensed clients, independently of the existence of Lexiane SAS.
The release conditions are contractually limited to:
- Judicial liquidation of Lexiane SAS (opening of proceedings by court order)
- Permanent cessation of the vendor's commercial operations
- Absence of response to any urgent corrective maintenance request for more than six (6) consecutive months
Apache 2.0 conversion after ten years
Each major version of Lexiane automatically converts to Apache 2.0 licence ten years after its publication date (e.g. 10 March 2036 for v1.0). From that date, the version concerned may be freely used, modified and redistributed by anyone. No version of Lexiane remains proprietary indefinitely.
Note for CISOs: The escrow release is verified and executed by the independent agent upon presentation of supporting documents. It does not depend on the vendor's will and requires no action on your part.
3. What this licence guarantees — and what it prohibits
| What you can do | What is prohibited |
|---|---|
| Use Lexiane internally | Redistribute the code to third parties |
| Audit the code under NDA | Copy the engine for a competing use |
| Modify the code for internal needs | Offer Lexiane as a SaaS service |
| Access the code via escrow upon liquidation | Sub-license without Lexiane's agreement |
4. Regulatory compatibility
- ANSSI — CSPN / Common Criteria: the proprietary model is compatible with ANSSI product certifications. Evaluation is conducted by an accredited laboratory (CESTI) under a confidentiality agreement. Public disclosure of the code is not required.
- DORA (EU): the business continuity clause and escrow arrangement address the resilience requirements for critical third-party providers (Art. 28–30).
- NIS 2: version traceability and contractual audit rights satisfy third-party risk management obligations.
5. Open source dependencies
Lexiane is developed in Rust. Its dependencies are exclusively under MIT and Apache 2.0 licences, compatible with
proprietary commercial use. No AGPL, GPL, or LGPL dependency is included in the
distributed binary. A NOTICE.md file listing all dependencies and their
licences is provided with each delivery.
Frequently asked questions
Can I modify the code to adapt it to my servers?
Yes, for internal use. Modifications remain subject to the same conditions as the
original code and may not be redistributed.
What happens if Lexiane is acquired?
The licence agreement follows the software. Audit rights and escrow conditions are
maintained by the acquirer without modification.
What happens after ten years?
The version concerned automatically converts to Apache 2.0. It may then be freely
used, forked and redistributed by your organisation or by anyone.
How do I access the code for a security audit?
Submit a formal request to contact@lexiane.com. Access is organised
within 30 business days.
Last updated: 10 March 2026. Copyright © 2026 Lexiane SAS. All rights reserved.