IBM Passport Advantage Agreement Changes: How to Tackle New Compliance Requirements

In February 2023, IBM announced changes to its Passport Advantage Agreement terms that will take effect on May 1 for existing customers. These changes increase customers’ software license compliance burden and risk. It’s imperative that customers conduct internal license position assessments as soon as possible.

Over the last decade, enterprise software vendors have gradually and creatively shifted more software compliance reporting burden and risk onto their customers. Examples include SAP’s annual self-declaration requirement and Microsoft’s Cloud Economics Assessment. Most recently, IBM joined the list with recent updates to its Passport Advantage Agreement terms.

A common theme among IBM’s changes is that Passport Advantage customers now bear more responsibility for software compliance reporting at a more frequent cadence – whether it’s additional annual reporting requirements or validation of license position leading up to deployment changes. As NPI has seen in the past, more opportunities for IBM to assess compliance means a higher likelihood of noncompliance discovery. (Many customers don’t realize that vendors such as Microsoft, Oracle and IBM count on revenue from software license audit penalties and have dedicated teams with revenue targets to meet.)

IBM Passport Advantage customers need to fully understand the implications of these changes and their impact on SAM best practices across the IBM estate. In this bulletin, we focus on the updates that will have the most material impact on compliance risk and reporting.

NEW MANDATORY COMPLIANCE REPORTING REQUIREMENTS

One of the most noteworthy changes to IBM’s Passport Advantage agreement terms is the addition of new mandatory compliance reporting requirements. Section 4.1.a of the new agreement terms stipulates:

Client will, for all Programs at all Sites and for all environments, create, retain, and each year provide to IBM upon request with 30 days’ advance notice: i) a report of deployed Programs, in a format requested by IBM, using records, system tools output, and other system information; and ii) supporting documentation (collectively, Deployment Data).

The challenge? Few enterprises are currently able to provide this information in a single month’s time. License reconciliation across an enterprise-scale IBM deployment is a huge undertaking and most IT and procurement teams don’t have the processes and resources in place to make it happen. Previously, customers only had to submit a report generated by IBM’s License Metric Tool (ILMT) on a quarterly basis and only if they were being audited.

To ensure readiness, NPI recommends customers perform a full license reconciliation (or license position assessment) of their IBM estate now. This will serve as a baseline report that can be feasibly updated upon IBM’s request.

Most enterprise IBM customers are not prepared to adhere to the changes to IBM Passport Advantage agreement terms. For SAM and procurement leaders, these changes mean redirecting valuable resources, money, and time.

STRICTER LANGUAGE REGARDING CHANGING REPORTING OUTPUTS

IBM now mandates Passport Advantage customers not alter, modify, delete or misrepresent any IBM approved software reporting tools and reports – either directly or indirectly. This includes any IBM approved software reporting tools (including its code), any report generated by those tools, or any manually generated reports that misrepresent EP use.

While this stricter language isn’t very onerous at first glance, it points to a larger issue. Very few enterprises configure ILMT to report accurately. As a result, inaccurate reporting outputs that are typically in IBM’s favor – not the customer’s – are a common occurence. IBM’s new language makes it harder for customers to rectify these errors on an ad-hoc basis. Customers should carefully evaluate their ILMT configurations to ensure accuracy, as well as continue to analyze reported data for accuracy.

NEW LIMITATIONS FOR DROPPING SOFTWARE SUBSCRIPTION & SUPPORT (S&S)

IBM is making it more difficult for customers to drop or reduce S&S. If a customer wants to renew expiring S&S at a lower quantity, they must provide documentation that verifies current use and installations at least 30 days prior to renewal date. If the client fails to deliver the required documentation, they will be required to renew all existing quantities.

This is a strategic tactic for IBM to protect S&S revenues. Much to customers’ frustration, it also provides another opportunity for IBM to assess compliance across the entire IBM estate. Given the runway required to generate a license position assessment – and potentially remediate any compliance risk exposure before IBM becomes involved – customers that wish to reduce S&S will now need to approach renewals more strategically and earlier.

MANDATE CERTAIN CUSTOMERS RUN NEW LICENSE MEASUREMENT TOOLS

Customers that want to deploy software on containers are now required to run IBM License Services (another license measurement tool). Similar to a more robust ILMT, IBM License Services measures licenses on the container side, has more intel built into it, and includes more frequent and more detailed reporting.

Given the relative early adoption of containers, this change will have a more limited impact across IBM’s customer base – at least for now. Over the last few years, the use of containers in computing has become increasingly popular among companies and developers.