Windows Hardware Compatibility Program Agreement
This Windows Hardware Compatibility Program Agreement (“Agreement”) between Microsoft Corporation (“Microsoft”) and the company accepting this Agreement (“Company”) governs the terms for submitting Company Product to Microsoft for compatibility review with the Windows operating systems.
1. DEFINITIONS
(a) “Ancillary Materials” means, collectively, BIOS, Drivers, Images, and Metadata.
(b) “Attested Product” means a Product accepted by Microsoft for attestation that meets all applicable requirements.
(c) “BIOS” means technology (including any UEFI Code) consisting of a basic input/output system, or any part of it, intended to be installed in a computer or server, but not in a peripheral device.
(d) “Certified Product” means a Product that has passed all applicable tests and been certified Windows compatible by Microsoft.
(e) “Code Signing Agreement” or “CSA” means Microsoft’s contract for code-signing (see developer.microsoft.com/windows/hardware/).
(f) “Data Protection Law” means any Law relating to data security, data protection, or privacy.
(g) “Driver” means software or firmware that operates or controls a particular device attached to, or particular component of, a computer or more complex device or hardware system. Drivers include any related software as well as any electronic or on-line documentation, bug fixes, enhancements, additions, or modifications.
(h) “Image” means each Company-selected picture of a Product, which may include Marks.
(i) “Intellectual Property Rights” or “IPR” means all intellectual and proprietary rights existing under statute or at common law or equity, in force or recognized now or in the future in any jurisdiction.
(j) “Law” means any laws, rules, regulations, decrees, statutes, or other enactments, orders, mandates, or resolution that are applicable to Company or Microsoft, and any implementing, derivative, or related legislation, rules, regulations, and regulatory guidance, as amended, extended, repealed and replaced, or re-enacted.
(k) “Malware” means any malicious or unwanted software, including any virus or worm.
(l) “Marks” means Company’s trade names, trademarks, service marks, brands, and logos.
(m) “Metadata” means certain Company-selected information concerning hardware, software, or technology.
(n) “Microsoft Lists” means then-current lists of products Microsoft licenses to use a Windows logo or to be described as “Windows compatible” under the Program.
(o) “Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”) and any other data or information that constitutes personal data or personal information under any applicable Data Protection Law. An identifiable natural person is one who can be identified, directly or indirectly, in particular by referencing an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
(p) “Policies” means the then-current Program rules and guidelines posted at the Portal.
(q) “Portal” means the Microsoft website at developer.microsoft.com/ or any successor site.
(r) “Processing” means any operation(s) performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, otherwise making available, alignment or combination, restriction, erasure, or destruction. “Process” and “Processed” will have corresponding meanings.
(s) “Product” means each item of hardware, software, firmware, or other technology that Company wants to test or submit for attestation under this Agreement, including any applicable Ancillary Materials.
(t) “Program” means Microsoft’s Windows Hardware Compatibility Program or its successor.
(u) “Test Procedures” means use of the then-current and applicable Test Kit, testing procedures, and requirements as specified on the Portal.
(v) “Test Kit” means the then-current and applicable kit for testing the respective Product type with the respective Windows operating systems, as posted on the Portal.
(w) “UEFI Code” means Unified Extensible Firmware Interface drivers, firmware, applications, or any combination of these.
(x) “Vulnerability” means a flaw, weakness, or bug in software that can be exploited.
2. PROGRAM
In relation to its Program participation and performance of this Agreement, Company will: (a) cooperate with Microsoft to provide all information necessary for Microsoft to assess compliance with local Law, including Software Bill of Materials (SBOM) and Executive Order 14028; (b) comply with all then-current Policies and Test Procedures (each of which Microsoft may periodically update); and (c) if it provides any symbol files to Microsoft related to Drivers, provide such symbol files separately from other files. Microsoft will obtain Company’s written consent before distributing such symbol files to any third party (other than third party contractors assisting Microsoft with its performance under this Agreement). For BIOS, Microsoft may specify the Test Procedures for each BIOS type separately and make them available to Company on request.
3. TESTING
(a) Company’s Role. Company will test each Product in accordance with the Policies, Test Procedures, and Section 14. Each test will use the precise hardware, firmware, Driver, and system configuration(s) (including all the specific versions of the foregoing) for which Company wants to certify compatibility.
(b) Contractors. Company may contract with third parties (“Contractors”) to perform any such testing, but only if: (i) Company requires Contractors to comply with confidentiality terms at least as restrictive as Section 13; and (ii) Company is liable for Contractors’ related acts and omissions as if they were Company’s own.
(c) Submission. Company will submit completed test results to Microsoft in accordance with Test Procedures and Section 14. Microsoft will evaluate all such received results and determine, in its sole discretion, whether the applicable Product is qualified for certification under the Program.
(d) Reporting. Microsoft will make commercially reasonable efforts to provide to Company written findings, which may be by email, disclosing Microsoft’s determination whether a Product has passed all applicable tests (“Report”). Company may republish any Report (unmodified and in its entirety) that finds a Product has passed all tests. If any Report concludes that a Product did not pass all tests, Microsoft will make commercially reasonable efforts to explain the basis for the failure, and what would be required to pass, on resubmission.
(e) Certified Products. For each Certified Product: (i) Microsoft may, in its sole discretion, grant Company a Windows logo license under a separate contract, reference it on Microsoft Lists (which Microsoft may periodically update and post online), publish and distribute the Report, or any combination of these; and (ii) Company will submit the associated Driver for evaluation to receive a digital signature under the CSA and deliver all Ancillary Materials to Microsoft. All Ancillary Materials are deemed part of the Certified Product.
(f) Updates. If Company makes a material modification (e.g., any material enhancement, bug fix, or update) to a Certified Product, Company will notify Microsoft within 10 days of such change and Microsoft may remove that Certified Product from Microsoft Lists. Company will resubmit any such modified Certified Product for testing under this Agreement. Certain minor changes (e.g., a product name change or minor feature change), however, may not require full retesting. If Company in good faith believes that a change to a Certified Product is minor and does not require retesting, then no notice to Microsoft is required.
4. ATTESTATION
(a) Company’s Role. As an alternative to testing under Section 3, Company may: (i) attest that a Product is compatible and will not cause interoperability issues with the Windows version(s) for which Microsoft permits attestation; and (ii) submit the associated Driver(s) for evaluation to receive a digital signature under the CSA.
(b) No Third Party Attestation. Company will not attest to Product or Drivers on behalf of third parties.
(c) Ancillary Materials. Company will deliver Ancillary Materials to Microsoft. All Ancillary Materials are deemed part of the Attested Product.
5. REMOVAL AND REVOCATION
(a) Microsoft may (and without the need to conduct an audit under Section 8) remove some or all Products from Microsoft Lists, revoke some or all Microsoft digital signatures under the CSA, revoke any separately-granted logo licenses, remove Company from the Hardware Dev Center, and remove Company from the Microsoft Partner Network (collectively, “Microsoft Actions”) if Company engages in untrustworthy behavior such as (i) breaching this Agreement; (ii) failing an audit under Section 8; (iii) attesting to or submits a Product that includes Malware or a Vulnerability; or (iv) attesting to or submits Product on behalf of third parties (collectively, “Company Actions”) and Microsoft determines such actions or Products undermine security or integrity of the Program or Windows or harm end users. (b) Microsoft may in its sole discretion elect to make Microsoft Actions permanent if (i) Company attests to or submits Product on behalf of third parties or (ii) Company repeatedly engages in the actions described in Section 5(a)(i)-(iii). (c) Depending on the seriousness of Company Actions, Microsoft may in its sole discretion elect to take Microsoft Actions immediately or give Company a 15-day cure period before implementing Microsoft Actions. (d) Microsoft will notify Company within 30 days after such Microsoft Actions. If Microsoft notifies Company of any Microsoft Actions, Company will immediately stop referring to the Product as having been certified or otherwise approved by Microsoft and stop using any logos provided by Microsoft in relation to that Product.
6. INTELLECTUAL PROPERTY RIGHTS
(a) License Grants. Company grants Microsoft, under all its IPR, the following worldwide, nonexclusive, perpetual, irrevocable, royalty-free, fully paid rights to: (i) reproduce, distribute, use, and import, any and all Ancillary Materials that are, or are part of, Certified Products or Attested Products, related to testing, support, demonstration, and distribution of such Ancillary Materials under this Agreement; (ii) use, reproduce, display, distribute, and create derivative works of Ancillary Materials in relation to Microsoft’s exercise of its rights under the foregoing clause (i); (iii) use, reproduce, and create derivative works of Company’s test results in relation to Product evaluation and provision of Reports; (iv) reproduce and use, directly or indirectly, symbol files Company provides with Drivers for debugging purposes; and (v) sublicense to third parties the rights granted under the foregoing clauses (i) – (iv), including the right to sublicense to further third parties. Microsoft covenants not to distribute any BIOS without Company’s written consent (which may be by email) and further covenants not to create derivative works of Marks or separate Marks from Images.
(b) No Obligation or Charge. This Agreement does not require Microsoft to distribute any Ancillary Materials. If Microsoft elects to do so, any such distribution will be free of charge to Microsoft and its sublicensees.
(c) Ownership. Except as expressly licensed to Microsoft under Section 6(a), nothing in this Agreement will have any effect on Company’s ownership of any Ancillary Materials.
7. SUPPORT FOR CERTIFIED AND ATTESTED PRODUCTS
(a) Generally. Company will provide support to Microsoft and end users of each Certified Product or Attested Product, while it is listed on any Microsoft List or it (or Ancillary Materials) contains Microsoft’s digital signature, regardless of whether delivered by Company, Microsoft, or a third party (e.g., an OEM). In addition, Company will provide and maintain either (i) a customer support telephone number to which Microsoft can transfer end user support calls (available 9am-5pm in the local market being served), or (ii) a Company email address to which Microsoft can send end user support inquiries. Company will respond to the identified end user promptly after receiving a support inquiry. Company may, however, terminate support for any Certified Product or Attested Product on 90 days’ notice to Microsoft, in which case Microsoft may remove it from any Microsoft Lists.
(b) Drivers. If Microsoft elects to provide support to third parties who have received a Driver that is, or is part of, a Certified Product or Attested Product, Company will provide prompt and reasonable assistance to Microsoft to facilitate such support, including by: (i) providing one or more Company contacts to assist in supporting that Driver; and (ii) if an end user reports a Driver problem, within 10 business days, making commercially reasonable efforts to: (A) submit a problem fix to Microsoft; (B) provide a temporary work around and plan for final resolution acceptable to Microsoft; or (C) verify that (A) and (B) are technologically impracticable.
(c) Metadata. At Microsoft’s request, Company will provide localized versions of Metadata in languages requested by Microsoft from time to time.
8. AUDIT
Microsoft may, on 30 days’ notice to Company (including by email) audit any Certified Product or Attested Product to verify that it meets all applicable requirements. Within 15 days after such notice, Company will send to Microsoft the Product, related technical information, and any other documentation reasonably necessary to complete the audit. If Microsoft determines the Product does not meet such requirements, Microsoft will notify Company, and Company will correct and retest the Product within 30 days.
9. REPRESENTATIONS AND WARRANTIES
Company continuously represents and warrants that: (a) it has the power and authority to enter into, and fully perform under, this Agreement; (b) Certified Products and Attested Products shipped to end users will fully comply with this Agreement and Law and will be free from Malware and Vulnerabilities; (c) Products to be certified or attested to under this Agreement and all Ancillary Materials (collectively, “Company Materials”) have been fully tested, all known material errors have been corrected, are ready for release (or have been released) to general public distribution, and are subject to ongoing support, error detection, and correction; (d) it has not granted and will not grant to any third party any rights in Company Materials inconsistent with rights granted to Microsoft in this Agreement; (e) Company Materials do not (and their use by Microsoft under this Agreement will not) infringe any third-party IPR; (f) Drivers and BIOS are not, and when delivered to Microsoft will not be, in whole or in part, governed by any license that requires, as a condition of use, modification, or distribution of software subject to that license, that such software (or other software combined or distributed with it) be disclosed or distributed in source code form, licensed for the purpose of making derivative works, or redistributable at no charge (although this clause does not apply to Product described in the following clause (g)); and (g) solely for any Product that is a UEFI operating system bootloader, such Product is not, and when delivered to Microsoft will not be, in whole or in part, governed by any license that requires, as a condition of the exercise of any rights granted in software subject to that license, that authorization keys or other methods, procedures, or information required to install or execute modified versions of such software be disclosed or otherwise made available.
10. INDEMNIFICATION
If a Claim is brought against Microsoft or its affiliates, agents, licensees, or successors, or any agents, directors, officers, or employees of any of them (collectively, “Indemnitees”), Company will defend, indemnify, and hold the Indemnitees harmless from the Claim (including by paying litigation costs and reasonable attorneys’ fees). Company has no liability under this Section 10, however, to the comparative extent a Claim results from the gross negligence or willful misconduct of any Indemnitee. Microsoft: (a) will promptly notify Company of any Claim for which it seeks a defense, and permit Company, using mutually-agreed counsel, to answer and defend; (b) at Company’s reasonable request and expense, will assist in, and provide non-confidential information necessary to, the defense; and (c) at its sole expense, may participate in the defense with separate counsel. Company is not liable for settlements it does not consent to and will not settle Claims under this Section 10 without Microsoft’s consent (with both parties’ consent not unreasonably withheld). No party will stipulate, admit, or acknowledge fault or liability on the other’s part without the other’s written consent. Company will not publicize any settlement without Microsoft’s written consent. “Claim” means an unaffiliated third party’s demand, suit, or other action to the extent, if true as alleged, reflects or relates to use of any Product under this Agreement, use or distribution of Ancillary Materials under this Agreement, or otherwise reflects a breach by or on behalf of Company of this Agreement.
11. WARRANTY DISCLAIMER
Anything provided by Microsoft under or related to this Agreement is provided “as is,” with all faults, and without warranty of title or non-infringement, and, except as provided in Section 9, both parties disclaim all warranties (express, implied, or statutory), including implied warranties of merchantability and fitness for a particular purpose.
12. LIMITED LIABILITIES
Neither party will be liable for any indirect, consequential, incidental, punitive, or special damages (including for lost profits, lost opportunities, or delays or errors in testing) relating in any way to this Agreement, even if such party has been advised such damages are possible. Each party’s entire liability related in any way to this Agreement is limited to direct damages incurred in reasonable reliance, not to exceed $5.00. The foregoing limitations, exclusions, and disclaimers will apply to the maximum extent permitted by Law, regardless of the cause of action, even if any remedy fails its essential purpose. This Section 12 will not apply to breach or performance of Section 10, or any breach of Sections 9 or 13.
13. CONFIDENTIALITY
During and for five years after the Term, each party: (a) will not disclose the other’s Confidential Information to any third party; (b) will not use the other’s Confidential Information except as this Agreement expressly permits or as the other party otherwise consents in writing; (c) will protect the other’s Confidential Information from unauthorized use and disclosure with the same degree of care that such party uses to protect its own like information (but no less than reasonable care). Each party may, however, disclose the other’s Confidential Information if required to comply with a court order or other government demand that has the force of law. Before doing so, disclosing party will use commercially reasonable efforts to seek the highest level of protection available and, when possible, give the other enough prior notice to provide a reasonable chance to seek a protective order. Except as expressly provided in this Agreement, no ownership or license right is granted in any Confidential Information. Neither party is required to restrict work assignments of representatives who have had access to the other’s Confidential Information. If any of a party’s Confidential Information is retained in the unaided memories of the other’s representatives, and that retained Confidential Information is used in development or deployment of the other party’s products or services, such use does not create liability under this Agreement or trade secret law, and each party will limit what it discloses to the other accordingly. “Confidential Information” means non-public information, know-how, and trade secrets in any form that are designated as “confidential,” or that a reasonable person knows or reasonably should understand to be confidential and which, in each case, are disclosed by a party in relation to this Agreement. Confidential Information will not include any information, however designated, that: (u) is or becomes publicly available without a breach of this Agreement; (v) was lawfully known to the receiver of the information without an obligation to keep it confidential; (w) is received from another source who can disclose it lawfully and without an obligation to keep it confidential; (x) is independently developed; (y) is a comment or suggestion one party volunteers about the other’s business, products, or services; or (z) are reports or other information regarding Certified Products or Attested Products.
14. DATA PRIVACY
As part of the Program, Microsoft and Company may exchange or provide access to analytic or telemetry data, crash reports, error reporting, and other data (“Data”). Such Data may incidentally contain Personal Data. Each party will comply with its obligations under Data Protection Law. Microsoft may, annually or on customer complaint, conduct a compliance review of Company’s adherence to Data Protection Laws in relation to privacy obligations under this Agreement. Absent customer complaint, however, Company may submit an attestation of compliance in lieu of participating in a compliance review. The nature, purpose, and subject matter of the Processing, including the types of Personal Data and categories of Data Subjects involved, are described in the Agreement. Company will not Process Personal Data for any other purpose. Company warrants that it will handle Data, if any, received from Microsoft in a secure manner. Company’s network, operating system, and the software of its servers, databases, and computer systems will use reasonable security measures to protect Data or Personal Data it may receive. Company’s Code and any related service must use reasonable security measures to protect Personal Data of its users. With respect to Personal Data transferred under this Agreement, both Company and Microsoft are independent data controllers, and not joint controllers (defined in the European Union’s General Data Protection Regulation (2016/679) (“GDPR”)) of the Personal Data that each may receive. Company will delete all Personal Data within 30 days of receipt.
15. TERM AND TERMINATION
This Agreement begins on the Effective Date and continues until terminated under this Section 15 (“Term”). Either party may terminate this Agreement, for any reason or no reason, on 30 days’ notice to the other (which may be by email). Sections 1, 5, 9, 10, 11, 12, 13, 14, 15, and 16 (as well as all end user, OEM, and distributor or reseller licenses granted during the Term) will survive such termination.
16. GENERAL
(a) Notices. All notices under this Agreement will be: (i) in writing; (ii) deemed given when received; (iii) sent by delivery service, messenger, or registered or certified mail (postage prepaid, return receipt requested); and (iv) addressed and sent, with any required copies, as provided in this Section 16(a). Notices to Microsoft will be sent by physical mail to Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, U.S.A. with a copy via facsimile to Microsoft Corporate, External, and Legal Affairs, Attn: CELA Azure Edge + Platform, (425) 936-7329. Communications to Company, as well as communication in the ordinary course of business to Microsoft (which do not include any notices related to alleged breach, disputes, or defense or handling of any third party claims), may be sent by email and need not be copied to counsel.
(b) Law. This Agreement is governed by Washington State law (disregarding conflicts of law principles), and the parties consent to exclusive jurisdiction and venue in the state and federal courts in King County, Washington, USA. Neither party will claim lack of personal jurisdiction or forum non conveniens in these courts.
(c) Assignment. Company may not assign this Agreement, or any rights or obligations under it, whether by operation of contract, law or otherwise, except with Microsoft’s express written consent. A change in control of Company (including by merger or acquisition) is deemed to be an assignment for purposes of this §16(a).
(d) Export Restrictions. Both parties acknowledge that Code are subject to U.S. export jurisdiction. The parties agree to comply with all applicable international and national laws that apply to the Code, including the U.S. Export Administration Regulations, as well as end-user, end-use and destination restrictions issued by U.S. and other governments. For additional information, see www.microsoft.com/exporting/.
(e) Severability. If for any reason a court of competent jurisdiction finds any provision of this Agreement, or portion thereof, to be unenforceable, that provision of the Agreement will be enforced to the maximum extent permissible, and the remainder of this Agreement will continue in full force and effect. This Agreement has been negotiated by the parties and their respective counsel and will be interpreted fairly in accordance with its terms and without any strict construction in favor of or against either party.
(f) Miscellaneous. Each party is an independent contractor to the other and has no authority to act on behalf of or bind the other, and this Agreement does not create any other relationship (e.g., employment, partnership, agency, or any exclusive relationship). All rights and remedies under this Agreement are cumulative. Each party will pay its own costs to perform (except if expressly stated otherwise). When performing this Agreement, each party will comply with applicable laws. Only express written waivers are effective. This Agreement does not create an exclusive relationship between the parties. There are no third-party beneficiaries under this Agreement. Except if context requires otherwise, “including” and “e.g.” are non-exhaustive (i.e., are deemed to include “without limitation”) and the word “or” is deemed to be non-exclusive. The parties will conduct all activities under this Agreement in English. During and for five years after the Term, Company will maintain commercially reasonable liability insurance customary in the industry, in amounts sufficient to meet its liabilities under this Agreement and applicable law. Neither party is liable for failing to perform its obligations under this Agreement due to acts of God, natural disasters, war, civil disturbance, pandemic, or government action where the cause is beyond the party’s reasonable control. This Agreement constitutes the entire agreement between the parties with respect to its subject matter and supersedes all prior and contemporaneous agreements or communications with respect to that subject. It will not be modified except by a written agreement dated after the date of this Agreement and signed on behalf of Company and Microsoft by their respective duly authorized representatives.
Revised August 2022.