Protect source code, mockups, and prototypes

The situation

You're a freelance developer. You deliver to a client the prototype of a business platform — backend, frontend, database schema, architecture documentation. The follow-up contract isn't signed. A few months later, you recognize your architecture in the solution the company launches, developed in-house or by a cheaper contractor. Your work served as the foundation without consent.

Or: you're a UX/UI designer. You propose to a startup a complete design system — components, tokens, interaction principles, Figma prototype. The startup doesn't proceed. Six months later, their product reuses your interface structure, your characteristic micro-interactions, your navigation logic.

Or — a situation that has become central in 2026 — you're a developer, you've been publishing open source code on GitHub for years under MIT, Apache 2.0, or GPL licenses. An AI assistant reproduces excerpts of your code in completions offered to other developers, sometimes without preserving the license notices or attribution. The class action Doe v. GitHub (Northern District of California, ongoing since November 2022) targets precisely this type of grievance.

The legal prerequisite common to these three situations: being able to demonstrate, on a specific date, that your work existed in this form, and that you created it.

The legal framework: a particular regime

French law treats source code differently from other works: it's one of the rare creations for which the legislator has provided a specific regime within the Code de la propriété intellectuelle.

For source code

Article L.112-2, 13° of the CPI explicitly includes "software, including the preparatory design material" among protected works. The foundational decision is the Pachot ruling (Cour de cassation, Plenary Assembly, March 7, 1986, no. 83-10.477), which recognized software protection under French copyright law.

Article L.122-6 CPI defines the exclusive economic rights of the software author: reproduction, modification (including translation, adaptation), and market distribution. Any unauthorized reproduction constitutes infringement.

For graphical user interfaces (UI)

Important and often-overlooked legal point: graphical user interfaces are not covered by the special copyright regime for software. The Court of Justice of the European Union ruled this in the BSA case (CJEU, December 22, 2010, C-393/09): the graphical interface is not a form of expression of the program, but an element that allows users to exploit the program's functionalities.

Practical consequence: for a digital product, two distinct legal objects coexist — the code (special software regime) and the interface (general copyright regime). Both are protectable, but not under the same rules, and not with the same evidence.

For both

The AI and code situation

For developers publishing on GitHub or any public repository, a new risk now overlays the classic disputes.

The class action Doe v. GitHub (US District Court for the Northern District of California, Judge Jon S. Tigar, filed November 3, 2022) pits a group of anonymous developers against GitHub, Microsoft, and OpenAI regarding the training of Copilot on open-source-licensed code. The grievances center notably on the removal of Copyright Management Information (CMI) — author notices, license terms, copyright — when code is reproduced in output.

The current status of the case (mid-2026):

• In June 2024, Judge Tigar dismissed the majority of DMCA § 1202(b) claims, considering that the code produced by Copilot was not sufficiently identical to the original code
• In September 2024, the court certified an interlocutory appeal on the question of whether DMCA § 1202(b) requires perfect identity or covers derivative works
• In December 2024, the Ninth Circuit Court of Appeals accepted the appeal (reference 24-6136); the first-instance proceedings are stayed pending the decision
• The claims that survived in first instance concern violation of open source licenses and breach of contract — a key point: the judge recognizes that open source licenses are enforceable contractual agreements

On the European side, the EU AI Act (Regulation 2024/1689), in force since August 1, 2024, has imposed since August 2, 2025 two obligations on providers of general-purpose AI models (GPAI) that directly concern developers publishing code:

No outcome is guaranteed yet in these proceedings — but the mere fact that courts are willing to seriously examine these claims already shifts developers' negotiating position. The prerequisite for any action remains the same: proving the date your code existed in this form.

What you can anchor

For developers

• Source code at a given point in time (frozen export)
• Entire Git repos — use git archive HEAD --format=zip -o snapshot.zip to produce a dated snapshot of the current branch
• gitingest digests — for public repos, a single file aggregating directory tree and file content, deterministic, ideal for hashing
• Architecture documentation (frozen PDF from Mermaid, draw.io, Excalidraw)
• Database schemas (DDL, diagrams)
• Technical specifications and API contracts (OpenAPI, GraphQL schemas)
• Test suites (which often demonstrate as much creative effort as the code itself)
• Architecture notes and ADRs (Architecture Decision Records)
• Technical roadmaps, migration plans
• Client correspondence (emails exported as PDF)

Note for private repos: the simplest workaround is to temporarily make the repo public, run gitingest, anchor the digest, then revert to private. GitHub repo visibility does not affect file content or git history. For sensitive repos, the local git archive option remains preferable.

For UX/UI designers

• Figma, Sketch, Adobe XD mockups (frozen PDF exports — the export serves as evidence, you keep the source file)
• Complete design systems (tokens, components, principles)
• Interactive prototypes (video or PDF exports of key screens)
• Wireframes and user flows
• User research (interview notes, personas, journey maps)
• Moodboards and visual exploration
• Interaction specifications (micro-interactions, animations, states)
• Accessibility charter and WCAG rules
• Design documentation (rationale, explored alternatives, justified choices)
• Written briefs and scoping notes

Why the bundle changes everything

For development: a software project is not a file — it's a system. The code alone doesn't tell the story of technical decisions: why this architecture rather than another, why this database, why this framework. A bundle containing code, architecture documentation, ADRs, schemas, and tests demonstrates design choices, not just a finished product. This is exactly the material a judge needs to characterize the "personalized effort" and "individualized structure" required by the Pachot jurisprudence and its successors.

For design: a design system isn't a Figma file — it's a logic. Components alone don't suffice to demonstrate the originality of the layout and look and feel. A bundle that brings together initial wireframes, user research, rejected iterations, final design system, and interaction specifications gives the judge the material to characterize the "author's own intellectual creation" required by the BSA ruling for interface protection.

For €2 — the price of a single anchoring — you can fit up to 50 MB of files in one bundle. A complete software project as frozen exports, or an entire design system, easily fits within that envelope.

Alternatives to know: APP and INPI registrations

The French landscape already offers solutions for developers, which are worth mentioning honestly:

APP (Agence pour la Protection des Programmes) has been offering software deposits since 1982, with assignment of an IDDN number and preservation of a sealed logibox. APP is a recognized reference, its sworn agents' reports carry established probative force before French courts, and it has been a long-standing partner of the legal profession. It's a robust mechanism, particularly suited to software publishers dealing with escrow issues with clients. APP membership and deposits have a cost, to be evaluated based on your volume.

INPI allows trademark registration (€190 + €40 per additional class in 2026) and design registration. Relevant for your software's name and logo, less so for the code or mockups themselves.