“Legal and Strategic Protection of Algorithms:
A Hybrid Approach”
By Marie-Dominique Luccioni Faiola & Christian Bellais
In the digital age, algorithms and databases have become the most valuable intangible assets that businesses own. Yet their legal protection remains a formidable challenge. From startups seeking to safeguard early-stage innovations to large corporations defending core strategic assets, companies of every size must navigate a sophisticated legal architecture — one that draws on patents, copyright, trade secrets, and specialized European regulations in combination.
This study examines the full range of protection mechanisms available in 2025, evaluates their respective strengths and limitations, and surveys the disputes that are reshaping the legal landscape. Its purpose is to provide a practical roadmap for companies operating in an environment where technological innovation consistently outpaces the law.
I. Algorithms: A Multifaceted Protection Challenge
A. Copyright: Immediate but Partial Protection
Copyright is often the first line of defense for developers, though its scope has significant limits. Source code is automatically protected as a literary work; the algorithm itself — that is, the underlying logical and mathematical sequence — is not.
This limitation flows from a foundational principle of intellectual property law: ideas cannot be protected, only their expression. As a result, rewriting an algorithm in another programming language, or implementing it differently, may be sufficient to avoid infringement. Even so, automatic protection retains real value: it deters direct copying and provides a basis for action against clear-cut reproduction.
Many companies reinforce this protection by registering their code with organizations such as the Agency for the Protection of Programs (APP), thereby creating reliable, timestamped evidence of authorship. That said, even when embedded in software, algorithmic protection remains relatively fragile — and vulnerable to circumvention through reverse engineering
B. Patents: Technical Excellence as the Gateway
The patent route, though far more demanding, offers considerably stronger protection. Under European law, algorithms “as such” are excluded from patentability. The practical key lies in embedding the algorithm within a technical invention that addresses a concrete problem.
An algorithm may thus benefit from indirect patent protection if it contributes to the technical character of a patentable invention — a position the European Patent Office has recognized since 1986. It is not enough for the algorithm to run on a computer; it must produce an additional, innovative technical effect.
A video compression algorithm that merely processes data mathematically is not patentable. If, however, it is integrated into a real-time broadcasting system that dynamically optimizes bandwidth based on network conditions, it may satisfy the requisite technical threshold.
While patent protection confers a twenty-year monopoly, it requires full public disclosure of the invention — a significant concession in fast-moving innovation environments. Moreover, a patent does not cover subsequent developments beyond its defined scope, and its duration is fixed. In many cases, the transparency it demands may be ill-suited to industries where speed and secrecy are competitive imperatives.
C. Trade Secrets: The Hidden Weapon of the Digital Economy
Trade secrets have emerged as an indispensable instrument for protecting strategic algorithms. Codified in EU law and transposed into French law in 2018, they formalize a practice that commerce has long relied on: keeping competitive advantages out of the public domain.
This protection — potentially unlimited in duration and requiring no registration — rests on three cumulative conditions: the information must be secret, must have economic value by virtue of its secrecy, and must be subject to reasonable confidentiality measures.
Google, for example, does not patent its latest PageRank algorithms. It protects them through rigorous internal confidentiality protocols.
The vulnerability of this approach is plain: protection evaporates the moment the information is disclosed or successfully reverse-engineered. Nor does trade secret law prevent all forms of legitimate competitive conduct. Robust technical and organizational security measures are therefore essential to sustain this protection over time.
Despite these limitations, trade secrets frequently offer the most effective protection available for algorithms, given the patchwork character of traditional intellectual property rights in this field.
II. Databases: Between Information Assets and Collaborative Openness
A. Dual European Protection: A Unique Hybrid System
Europe has developed an original model that combines copyright and a sui generis database right in a single coherent framework.
Copyright protects the structure of a database where its selection or arrangement reflects the author’s intellectual creativity. This protection, however, extends only to the structure, not to the underlying data itself.
The principal innovation of the European system is the sui generis right, which protects substantial investment in obtaining, verifying, or presenting data — regardless of whether the database displays any originality. This reflects a clear economic rationale: the value of a database often resides in the investment required to build it, not in any creative act. Protection under this right lasts fifteen years and may be renewed upon substantial updates.
B. The Delicate Balance of Open Data
Alongside these protective frameworks, open data initiatives have grown substantially. Licences such as the Open Database Licence (ODbL) permit reuse while preserving specified rights for the producer.
The European Data Act (2025) reinforces this movement by promoting data sharing, imposing obligations of transparency and interoperability, and drawing a meaningful distinction between open and strategically sensitive data.
Companies must therefore make a deliberate choice: which data to share in order to participate in wider ecosystems, and which to keep tightly protected as competitive assets.
Spotify, for instance, shares certain metadata through public APIs while keeping its recommendation algorithms strictly confidential.
III. Litigation Landscape: Key Cases and Emerging Strategies
A. Artificial Intelligence Challenges Patent Law
The DABUS case marked a pivotal moment. In 2021, the European Patent Office declined to recognize an artificial intelligence system as an inventor, reaffirming that inventor status can only be held by a human being.
This decision raises pressing practical questions: how should AI-generated inventions be treated, documented, and owned? Companies are adapting by attributing inventions to the supervising engineers who directed the AI, or by defaulting to trade secret protection rather than seeking patents.
At the same time, disputes between startups and major technology companies are multiplying, often centred on allegations of trade secret misappropriation. Establishing such claims in litigation remains notoriously difficult, given the burden of proving both the existence of the secret and the fact of its unlawful acquisition or use.
B. Databases: Between Protection and Overreach
The British Horseracing Board case clarified that the sui generis right extends only to substantial investments in the creation of a database — not to investment in the activities from which the data is drawn. This ruling struck a careful balance between protecting producers and preserving public access to factual information.
More recently, litigation has shifted towards cybersecurity failures and GDPR compliance. The Replit case, which involved data exposure resulting from negligence, underscored that legal protection and technical safeguards must go hand in hand: no legal instrument can substitute for inadequate security infrastructure.
C. Adaptive Strategies: From Startups to Tech Giants
Startups typically favour cost-effective hybrid strategies, combining trade secrets and copyright protection while making selective use of open-source components to reduce development costs and build community.
Larger corporations implement layered portfolio strategies, combining patents and trade secrets to maximize both protection and market advantage. The interplay between these instruments allows them to control access to core technologies while projecting strength in commercial negotiations.
DeepMind, for example, protects its foundational algorithms through trade secrets while patenting specific downstream applications — particularly in healthcare, where patent exclusivity underpins commercial value.
IV. Practical Guide: Securing Algorithmic and Data Assets
A. Algorithms: Tailored Protection
A rigorous patentability assessment should be the starting point for any algorithmic protection strategy. Where patent protection is not achievable — whether for technical, commercial, or strategic reasons — confidentiality measures must be substantially strengthened.
Registering source code or maintaining structured documentation of the development process creates an evidentiary record without requiring excessive disclosure. This paper trail can prove decisive in any subsequent dispute over priority or originality.
B. Databases: Documenting Investment
Protection under the sui generis right depends heavily on demonstrating qualifying investment. Companies must maintain detailed, contemporaneous records of the costs, resources, and human effort devoted to obtaining, verifying, and presenting the data. Without such documentation, establishing the required threshold of investment becomes difficult in practice.
Auditing third-party data inputs and ensuring full compliance with applicable licences are equally critical: a gap in compliance can undermine the value of even a well-documented database asset.
C. Litigation: Acting Quickly and Strategically
When a dispute arises, speed in gathering and preserving evidence is essential. Technical records — Git logs, version histories, access controls — together with contractual documentation, form the evidentiary backbone of any claim.
Interim proceedings may be necessary to prevent ongoing or escalating harm before a full hearing on the merits. At the same time, negotiated settlements — conducted in confidence and tailored to commercial realities — often provide more practical and durable solutions than protracted litigation.
Conclusion
The protection of algorithms and databases has become a strategic discipline in its own right, one that demands a hybrid and dynamic approach calibrated to the specific nature of each asset and the competitive environment in which it operates.
For algorithms, the combination of trade secrets, conditional patents, and copyright has emerged as the standard toolkit. For databases, the European sui generis system provides a robust but demanding framework that rewards careful investment documentation and proactive compliance.
Future developments will be shaped by emerging legislation — notably the AI Act and the Data Act — as well as by an evolving body of case law that continues to refine the boundaries of protection in response to new technological realities.
In a world increasingly driven by data and algorithmic intelligence, legal protection is no longer a secondary concern. It is a decisive competitive advantage.
SPECIALIZED RESOURCES
– APP (Agency for the Protection of Programs) — Software Protection Guide
– Directive 96/9/EC on the legal protection of databases
– EU Data Act (Regulation (EU) 2023/2854)
– CJEU case law on databases