Widevine | Google for Developers

Widevine License Agreement (for purposes of the Mobile License Agreement only)

This page contains the terms of the Widevine License Agreement that is incorporated by reference into Company’s license agreement for Google applications on mobile devices (“Mobile License Agreement”).

Important Note on Use: The Widevine License Agreement is only for the purposes of the Mobile License Agreement and not for any other purpose.

If you would like to enter into a Widevine agreement for a different purpose, please contact widevine@google.com.

This Widevine License Agreement (“Widevine Agreement”) is entered into by and between Google LLC, whose principal place of business is at 1600 Amphitheatre Parkway, Mountain View, California 94043, USA (“Google”) and Company.

1. DEFINITIONS

1.1. "Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with a party.
1.2. "Client Software" means software provided by Google to Company for digital rights management ("DRM") for use in compatible Platforms that become active upon the occurrence of either the Client Software registering with Server Software or upon issuance of a key to the Client Software from the Server Software.
1.3. "Documentation" means documentation provided by Google to describe formally the use, function, or technical details of Licensed Products.
1.4. "Licensed Product(s)" means the Client Software and Server Software.
1.5. "Platform" means any combination of hardware and/or software capable of executing the Client Software.
1.6. "Robustness Requirements" means the robustness requirements described in Exhibit A.
1.7. "Server Software" means server software provided by Google to Company for (a) media rights delivery; and (b) media processing.
1.8. "Term" has the meaning described in Section 4.1 (Term).
1.9. "Unauthorized Use" means any use, reproduction, distribution, disclosure, sale, offer to sell, lease or rental, possession, examination, or other activity involving any part of the Licensed Products or Documentation that is not expressly authorized under this Widevine Agreement or any violation of the Robustness Requirements as applicable.
1.10. "Wind Down Period" has the meaning described in Section 4.4 (Effects of Termination).

2. GRANT OF RIGHTS.

2.1. License. Subject to the terms of this Widevine Agreement, Google grants Company a worldwide, non-exclusive, non-transferable (except as provided in Section 8.1 (Assignment)), non-sublicensable right and license during the Term:

2.1.1. (a) use the Client Software for internal evaluation; (b) integrate, reproduce and install, without modification, copies of the Client Software solely for the purpose of installing it on Platforms; (c) distribute the Client Software to users through one or more tiers as applicable; and (d) sublicense the Client Software to third party distributors solely those rights in subsection (c) above subject to terms that are no less protective of Google's rights and proprietary interests than in this Widevine Agreement;
2.1.2. use the Server Software solely for the purpose of: (a) processing content for use with the Client Software; (b) defining and implementing policies, licenses, content usage restrictions, Platform usage restrictions and any other DRM related functions in accordance with this Widevine Agreement; (c) internal evaluation; and (d) facilitating the distribution of content rights to users. For clarity, the applicable Server Software may not physically reside on Company's premises and may require training under a separate written agreement;
2.1.3. to reproduce, without modification, and internally use copies of the Documentation solely in connection with Company's use of the Licensed Products in accordance with this Widevine Agreement.

2.2. Reservation of Rights. Google is licensing, not selling the Licensed Product to Company, and nothing in this Widevine Agreement will be interpreted or construed as Company's sale or purchase of the Licensed Product. Company will not have or acquire any rights in or to the Licensed Products except those rights expressly granted in this Widevine Agreement. Google reserves all rights in and to the Licensed Products. Company acknowledges that the Licensed Products, all copies of the Licensed Products, and any know-how and trade secrets related to the Licensed Products are the sole and exclusive property of Google and contain Google's confidential and proprietary information and materials. Company will not make derivative works of the Licensed Products or Documentation, but should Company inadvertently or otherwise create any derivative work of the Licensed Products or Documentation, Company hereby irrevocably assigns to Google all right, title, and interest in and to all such derivative works.

2.3. Subcontractor Rights and Company Affiliates..

2.3.1. Subcontractor Rights. Company may exercise its rights under Sections 2.1 (License) via subcontractor, but only if Company has a written agreement with each subcontractor that (a) contains confidentiality obligations at least as strict, with respect to Confidential Information, as those in this Widevine Agreement; (b) contains restriction on the use of the Licensed Product and Documentation at least as great as those in this Widevine Agreement; and (c) does not grant any warranties or indemnification on behalf of Google and disclaims, to the maximum extent permitted by applicable law, Google's liability for any damages, whether direct, indirect, incidental, or consequential, arising in connection with the Licensed Product. Company is liable for all subcontracted obligations and all acts or omissions of its subcontractors.
2.3.2. Company Affiliates. Company will be responsible for its Affiliates' compliance with this Widevine Agreement, and any action or omission by Company's Affiliates that would be a breach of this Widevine Agreement if made by Company will be deemed a breach of this Widevine Agreement by Company.

2.4. Additional Licenses. Portions of the Licensed Product may be provided with notices and open source licenses from communities and third parties that govern the use of those portions, and any licenses granted under this Widevine Agreement do not alter any rights and obligations Company may have under such open source licenses. The disclaimer of warranty and limitation of liability provisions in this Widevine Agreement will apply to all portions of the Licensed Product.

3. RESTRICTIONS AND OBLIGATIONS

3.1. General Restrictions.

3.1.1. Except as described in Section 2.3 (Subcontractor Rights and Company Affiliates) or as permitted by applicable law, Company will not, and will not permit or authorize third parties to: (a) reproduce, modify, translate, enhance, decompile, disassemble, reverse engineer, or create derivative works of the Licensed Products or Documentation; (b) use any Platform-unique identifiers obtained from the use of the Licensed Product for any purposes other than as allowed under this Widevine Agreement or Documentation; (c) provide, disclose, make available, or permit the use of the Licensed Products or Documentation by or for any third party; (d) alter, encode, copy, distribute, or transmit any data using the Licensed Products without obtaining all necessary copyright and other permissions; (e) circumvent or disable any technological features or measures in the Licensed Products; or (f) attempt to access, remove, or alter the Licensed Products.
3.1.2. Company will comply with the Robustness Requirements described in Exhibit A (Robustness Requirements).

3.2. Proprietary Rights Notices. Company will not alter or remove any copyright notice or other proprietary rights notices that may appear on any part of the Licensed Products or Documentation.

3.3. Export. Company will comply with all applicable export and re-export control laws and regulations, which the parties agree will include (a) the Export Administration Regulations ("EAR") maintained by the U.S. Department of Commerce; (b) trade and economic sanctions maintained by the U.S. Treasury Department's Office of Foreign Assets Control; and (c) the International Traffic in Arms Regulations ("ITAR") maintained by the U.S. Department of State.

3.4. No Warranties. Company will not make or publish any representations, warranties, or guarantees concerning the Licensed Products on behalf of Google.

3.5. Protection Against Unauthorized Use. Company acknowledges that the Licensed Products, Documentation, and other Google-provided materials comprise, include, and/or relate to Google's valuable proprietary rights or are otherwise essential elements of this Widevine Agreement. Company will take all appropriate steps and precautions to protect the Licensed Products and Documentation. Without limiting the generality of the foregoing, Company will use its best efforts to prevent any Unauthorized Use and will immediately notify Google in writing of any possible Unauthorized Use that comes to Company's attention. If Company or any of its employees, agents, representatives, contractors, users, or anyone through Company directly or indirectly engages in any Unauthorized Use of the Licensed Products, Company will take all reasonable steps necessary to terminate such Unauthorized Use and, if practicable, retrieve or destroy any copy of the applicable Licensed Products and Documentation in the possession or control of the person or entity engaging in such Unauthorized Use. In the case of any possible Unauthorized Use, Company will provide to Google such cooperation and assistance as Google may reasonably request.

3.6. Company Indemnification. At Company's expense, Company will defend Google (including its officers, directors, employees and agents) from and against any third party claims that arise out of (a) Company's use or distribution of the Licensed Product not contemplated in this Widevine Agreement; (b) Company's combination of the Licensed Product with any other product, system or method not contemplated in this Widevine Agreement; or (c) Company's modification of the Licensed Product not intended or authorized in writing by Google.

3.7. Google Indemnification. At Google's expense, Google will defend Company (including its officers, directors, employees and agents) from and against any third party claims that arise out of (a) Google's use of Company's intellectual property not contemplated in this Widevine Agreement; (b) Google's combination of Company's intellectual property with any other product, system or method not contemplated in this Widevine Agreement; or (c) Google's modification of Company's intellectual property not intended or authorized in writing by Company.

3.8. Conditions of Indemnity. The party seeking indemnification must promptly notify the other party of the claim and cooperate with the other party in defending the claim. The indemnifying party has full control and authority over the defense, except that any settlement requiring the indemnified party to admit liability or to pay any money will require the indemnified party's prior written consent, such consent not to be unreasonably withheld or delayed. Subject to the foregoing, the indemnified party may join in the defense with its own counsel at its own expense.

3.9. Exceptions to Indemnity. The indemnifying party will not have any obligation under this Widevine Agreement to the extent any claim is caused by (a) the indemnifying party's compliance with the indemnified party's unique written specifications; or (b) the indemnified party's breach of this Widevine Agreement.

3.10. Fees. There are no license fees due or payable from Company to Google under this Widevine Agreement. If any sales, VAT, excise, withholding or other taxes, duties or governmental charges are due in connection with this Widevine Agreement (other than income taxes imposed on Google) (collectively, "Taxes"), Company will pay such Taxes.

3.11. Publicity. Neither party may make any public statement regarding this Widevine Agreement without the other's prior written approval.

4. TERM AND TERMINATION

4.1. Term. The initial term of this Widevine Agreement ("Term") will commence upon the Effective Date and will be coterminous with the license agreement for Google applications for mobile devices between the parties that expressly incorporates this Widevine Agreement by reference into its terms. During the Term, either party may exercise the termination rights set forth in the rest of this Section 4.

4.2. Notice of Material Breach. If either party commits a material breach or default in the performance of any of its obligations under this Widevine Agreement, the non-breaching party may give the breaching party written notice of the material breach or default. If the breaching party fails to cure a material breach or default specified in any notice within thirty (30) days after receipt of such notice, then the non-breaching party may immediately terminate this Widevine Agreement.

4.3. Post-Termination Obligations. If this Widevine Agreement is terminated for any reason, (a) Company will immediately cease all new reproduction, distribution, and use of the Licensed Products and the Documentation; and (b) notwithstanding the right to continue to use the Licensed Product during the Wind Down Period as defined in Section 4.4 (Effects of Termination), Company will promptly return to Google all copies and other embodiments of Confidential Information or irretrievably destroy all electronic copies and embodiments of such Confidential Information.

4.4. Effects of Termination. Except for Company's uncured material breach or default of this Widevine Agreement, upon the expiration or termination of this Widevine Agreement by either party, Company will: (a) Immediately cease to produce, license, market, or pursue future licenses of the Licensed Product and will not renew, extend or enter into any new agreement for the distribution of the Licensed Product; and (b) If Company is contractually obligated to provide the Licensed Product beyond the effective date of the termination or expiration of this Widevine Agreement, Company may continue to fulfill such obligations subject to the following (the "Wind Down Period"): (i) Company may only fulfill only those contractual obligations that Company has entered into prior the effective date of the termination or expiration of this Widevine Agreement and once Company's obligations are satisfied, Company's rights under this Widevine Agreement will terminate; (ii) this Widevine Agreement will remain in effect, and Company will comply with terms hereof during the Wind Down Period, provided that Company will not directly or indirectly solicit any new users or assume any new obligations regarding the Licensed Product; (iii) if, during the Wind Down Period, Company is in material and uncured breach of this Widevine Agreement, then any and all rights granted during the Wind Down Period will immediately terminate; and (iv) the Wind Down Period will not extend beyond six (6) months from the effective date of the termination or expiration of this Widevine Agreement without Google's prior written consent. After the Wind Down Period, Company will promptly return to Google all copies and other embodiments of Confidential Information or irretrievably destroy all electronic copies and embodiments of such Confidential Information.

5. WARRANTIES AND DISCLAIMER

5.1. Mutual Warranties. Each party represents and warrants to the other that it has the right, power, and authority to enter into this Widevine Agreement.

5.2. Disclaimer. EXCEPT FOR THE EXPRESS REPRESENTATIONS AND WARRANTIES STATED IN SECTION 5.1, GOOGLE MAKES NO ADDITIONAL REPRESENTATION OR WARRANTY OF ANY KIND WHETHER EXPRESS, IMPLIED (EITHER IN FACT OR BY OPERATION OF LAW), OR STATUTORY, AS TO ANY MATTER WHATSOEVER. GOOGLE EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR LICENSEE'S PURPOSE, QUALITY, ACCURACY, TITLE, AND NON-INFRINGEMENT. GOOGLE DOES NOT WARRANT THAT THE LICENSED PRODUCTS ARE ERROR-FREE OR THAT OPERATION OF THE LICENSED PRODUCTS AND THE DISTRIBUTION OF DATA WILL BE SECURE OR UNINTERRUPTED. GOOGLE EXERCISES NO CONTROL OVER AND EXPRESSLY DISCLAIMS ANY LIABILITY ARISING OUT OF OR BASED UPON DATA THAT IS DISTRIBUTED USING THE LICENSED PRODUCTS. LICENSEE AND ITS USERS DO NOT HAVE THE RIGHT TO MAKE OR PASS ON ANY REPRESENTATION OR WARRANTY ON BEHALF OF GOOGLE TO ANY END-USER, OR OTHER THIRD PARTY.

6. LIMITATIONS OF LIABILITY

6.1. Disclaimer of Consequential Damages. NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED IN THIS AGREEMENT, SUBJECT TO SECTION 6.3 (EXCEPTIONS TO LIMITATIONS) AND EXCEPT FOR LIABILITY ARISING FROM LICENSEE'S BREACH OF SECTION 2, NEITHER PARTY WILL UNDER ANY CIRCUMSTANCES, BE LIABLE TO THE OTHER PARTY, ITS CUSTOMERS OR USERS FOR CONSEQUENTIAL, INCIDENTAL, SPECIAL, OR EXEMPLARY DAMAGES ARISING OUT OF OR RELATED TO THE TRANSACTION CONTEMPLATED UNDER THIS AGREEMENT, INCLUDING BUT NOT LIMITED TO LOST PROFITS OR LOSS OF BUSINESS, EVEN IF SUCH PARTY IS APPRISED OF THE LIKELIHOOD OF SUCH DAMAGES.

6.2. Cap on Liability. SUBJECT TO SECTION 6.3 (EXCEPTIONS TO LIMITATIONS) AND EXCEPT FOR LIABILITY ARISING FROM LICENSEE'S BREACH OF SECTION 2, UNDER NO CIRCUMSTANCES WILL EITHER PARTY'S TOTAL LIABILITY OF ALL KINDS ARISING OUT OF OR RELATED TO THIS AGREEMENT (INCLUDING BUT NOT LIMITED TO WARRANTY CLAIMS), REGARDLESS OF THE FORUM AND REGARDLESS OF WHETHER ANY ACTION OR CLAIM IS BASED ON CONTRACT, TORT, OR OTHERWISE, EXCEED $100,000.

6.3. Exceptions to Limitations. NOTHING IN THIS AGREEMENT EXCLUDES OR LIMITS EITHER PARTY'S LIABILITY FOR:

(a) DEATH OR PERSONAL INJURY RESULTING FROM ITS NEGLIGENCE OR THE NEGLIGENCE OF ITS EMPLOYEES OR AGENTS;

(b) FRAUD OR FRAUDULENT MISREPRESENTATION;

(d) INFRINGEMENT OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS; OR

(e) MATTERS FOR WHICH LIABILITY CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.

7. CONFIDENTIALITY

7.1. Definition. "Confidential Information" means information that one party (or an Affiliate) discloses to the other party under this Widevine Agreement, and that is marked as confidential or would normally be considered confidential information under the circumstances. It does not include information that the recipient already knew, that becomes public through no fault of the recipient, that was independently developed by the recipient, or that was lawfully given to the recipient by a third party.

7.2. Confidentiality. The recipient will not disclose the other party's Confidential Information, except to employees, affiliates, agents, professional advisors, or third-party contractors ("Delegates") who need to know it and who have a legal obligation to keep it confidential. The recipient will use the other party's Confidential Information only to exercise rights and fulfill obligations under this Widevine Agreement while using reasonable care to protect the Confidential Information. The recipient will ensure that its Delegates are also subject to the same non-disclosure and use obligations. The recipient may disclose Confidential Information when required by law after giving reasonable notice to the other party, if permitted by law.

7.3. Publicity. Neither party may make any public statement regarding this Widevine Agreement without the other's prior written approval.

8. GENERAL

8.1. Assignment. Neither party may assign any part of this Widevine Agreement without the written consent of the other, except to an Affiliate, where: (a) the assignee has agreed in writing to be bound by the terms of this Widevine Agreement; (b) the assigning party remains liable for obligations under the Widevine Agreement if the assignee defaults on them; and (c) the assigning party has notified the other party of the assignment. Any other attempt to assign is void.

8.2. Change of Control. During the Term, if a party experiences a change of control (for example, through a stock purchase or sale, merger, or other form of corporate transaction) or sells all or substantially all of its assets: (a) that party will give written notice to the other party within 30 days after the change of control; and (b) the other party may immediately terminate this Widevine Agreement any time between the change of control and 30 days after it receives that written notice.

8.3. Notices. All notices must be in English and in writing. Notices of breach or termination must be addressed to the other party's Legal Department. The address for notices to Google's Legal Department is legal-notices@google.com. All other notices must be addressed to the other party's primary contact. Emails are written notices. Notice will be treated as given on receipt, as confirmed by written or electronic records.

8.4. Force Majeure. Neither party will be liable for failure or delay in performance to the extent caused by circumstances beyond its reasonable control.

8.5. No Waiver. A party's delay or omission in exercising any right under this Widevine Agreement will not be treated as a waiver of that right.

8.6. Independent Contractors; No Agency. The parties are independent contractors. This Widevine Agreement does not create any agency, partnership, or joint venture between the parties.

8.7. No Third-Party Beneficiaries. This Widevine Agreement does not confer any benefits on any third party unless it expressly states that it does.

8.8. Counterparts. The parties may execute this Widevine Agreement in counterparts, including facsimile, PDF, and other electronic copies, which taken together will constitute one instrument.

8.9. Amendments. Any amendment must be in writing, signed by both parties, and expressly state that it is amending this Widevine Agreement.

8.10. Survival and Severability. If any term (or part of a term) of this Widevine Agreement is invalid, illegal or unenforceable, the rest of the Widevine Agreement will continue in force unaffected. The provisions of Sections 2.4, 3.1, 4.3, 4.4, 6, 7, 8.10, and 8.12 (including region-specific governing law provisions per Section 9, if any) will survive the termination or expiration of this Widevine Agreement for any reason.

8.11. Conflicting Languages. If this Widevine Agreement is translated into any other language, and there is a discrepancy between the English text and the text of the other language, the English text will govern.

8.12. Governing Law. ALL CLAIMS ARISING OUT OF OR RELATING TO THIS AGREEMENT WILL BE GOVERNED BY CALIFORNIA LAW, EXCLUDING CALIFORNIA'S CONFLICT OF LAWS RULES, AND WILL BE LITIGATED EXCLUSIVELY IN THE FEDERAL OR STATE COURTS OF SANTA CLARA COUNTY, CALIFORNIA, USA; THE PARTIES CONSENT TO PERSONAL JURISDICTION IN THOSE COURTS.

8.13. Entire Widevine Agreement. Subject to Section 8.14, this Widevine Agreement sets out all terms agreed between the parties and supersedes all other agreements between the parties relating to its subject matter. In entering into this Widevine Agreement neither party has relied on, and neither party will have any right or remedy based on, any statement, representation or warranty (whether made negligently or innocently), except those expressly described in this Widevine Agreement.

8.14. Existing Agreements. If Company already has a Widevine Master License Agreement ("MLA") in effect with Google, then the terms of such MLA will be considered to be replicated into this Widevine Agreement. The replicated terms of such MLA will take precedence over all conflicting terms in this Widevine Agreement, except for the following: (1) this Widevine Agreement's Google contracting entity (i.e. Google LLC) will remain unchanged, and (2) the limitation(s) of liability sections in this Widevine Agreement will supersede the corresponding limitation(s) of liability sections in the MLA.

9. REGION-SPECIFIC TERMS.

Company agrees to the following modifications to the Widevine Agreement if Company's office address identified in the information table of the Mobile License Agreement is located in the applicable region as described below:

Asia Pacific - All regions

The last sentence of Section 2.1.2 is omitted.
Section 4.2 is replaced as follows:

4.2 Notice of Material Breach. If either party commits a material breach or default in the performance of any of its obligations under this Widevine Agreement, the non-breaching party will give the breaching party written notice of the material breach or default and the non-breaching party’s intention to terminate the Widevine Agreement pursuant to Section 4.2 if the material breach or default is not cured within thirty (30) days after the breaching party’s receipt of such notice. If the breaching party fails to cure a material breach or default specified in any notice under Section 4.2 within thirty (30) days after receipt of such notice, then the non-breaching party may terminate this Widevine Agreement upon written notice to the breaching party.

Section 8.12 is replaced as follows:

8.12 The Widevine Agreement will be governed by the laws of the state of California, except for its conflicts of laws principles. The parties will try in good faith to settle any dispute relating to this Widevine Agreement ("Dispute") within thirty days after such Dispute arises. If the Dispute is not resolved within thirty days, it must be resolved by arbitration by the International Centre for Dispute Resolution of the American Arbitration Association and conducted in accordance with its Expedited Commercial Rules in force as of the date of this Widevine Agreement. There will be one arbitrator selected by mutual agreement of the parties. The arbitration will be conducted in English in Santa Clara County, California, USA. Either party may apply to any court having jurisdiction for injunctive relief necessary to protect its rights pending resolution of the arbitration. Any decision rendered by the arbitrator will be final and binding on the parties, and judgment thereon may be entered by any court of competent jurisdiction. The arbitrator may order equitable or injunctive relief consistent with the remedies and limitations in this Widevine Agreement. All information disclosed in connection with the arbitration, including the existence of the arbitration, will be Confidential Information governed by Section 7. The parties may, however, disclose such information to an appropriate court under confidentiality restrictions, as necessary to seek enforcement of any arbitration award or judgment or to seek any relief permitted under the terms hereof.

Europe, the Middle East, or Africa (EMEA) - All regions

The last sentence of Section 2.1.2 is omitted.
Section 4.2 is replaced as follows:

Section 5.2 is replaced as follows:

5.2 Disclaimer. No conditions, warranties or other terms apply to the Client Software and/or Server Software or to any other goods or services supplied by Google under this Widevine Agreement unless expressly set out in this Widevine Agreement. Subject to clause 6.1(b), all implied conditions, warranties or other terms (including any implied terms as to satisfactory quality, fitness for purpose or conformance with description) are excluded.

In Section 6.2, reference to “$100,000” is replaced with “£100,000”
Section 6.3(d) is replaced as follows:

6.3 (d) payment of sums properly due and owing to the other in the course of normal performance of this Widevine Agreement;

The first sentence of Section 8.13 is replaced as follows:

8.13 Subject to clause 6.3(b) and Section 8.14, this Widevine Agreement sets out all terms agreed between the parties and cancels and replaces all other agreements between the parties relating to its subject matter.

EXHIBIT A: Robustness Requirements

Definitions:
* Boot Loader: Software that ensures the download of the receiving Platform firmware.
* Receiving Platform: The Platform that hosts and executes the Client Software.
* User Accessible Buses: Refer to buses such as PCI buses and serial links. User accessible buses exclude memory buses, CPU buses and portions of the receiving Platform's internal architecture.

Excluding service providers, content providers, system integrators, and entities that do not manufacture devices, Company shall ensure that the receiving Platform is designed and manufactured in such a way that it will comply with the following security robustness requirements. At any time during the Term, Google may require Company to self-certify in writing (including email) within seven (7) days of the date of Google's written request that Company is compliant with the Robustness Requirements. The level of protection is expected to perform in a manner so that: 1. Protections cannot be defeated or circumvented using general purpose tools or equipment such as screwdrivers, clips, soldering irons or using specialized electronic tools such as debuggers or decompilers. 2. Protections can only with difficulty be defeated or circumvented using professional tools or equipment such as logic analyzers, chip disassembly system or in circuit-emulators. 3. An update mechanism shall be present to enable recovery from a global hack.

Requirements:
1. The Receiving Platform will not expose any mechanism through probing points, service menus or functions that will enable somebody to defeat or expose any of the implemented security measures.
2. The Receiving Platform will have a secure Boot-Loader that cannot be read or written to from outside of the receiving Platform.
3. All code loaded by the Boot-Loader will first be authenticated by the Boot-Loader.
4. Internal keys and decrypted content will not be present on any User Accessible Bus.
5. The Receiving Platform will implement tamper resistant key protection.
6. The Receiving Platform will be designed and manufactured with one or more unique parameters stored in read-only memory.
7. The Receiving Platform shall protect against the external revealing or discovery of the Google's DRM unique parameters that are used to uniquely identify the Receiving Platform.
8. The receiving Platform will protect against any attempt to discover and reveal the methods and algorithms of generating keys.
9. Non-encrypted content will not be present on any User Accessible Buses.
10. The flow of non-encrypted content and keys between both software and hardware distributed components in the Receiving Platform will be protected from interception and copying.
11. The Receiving Platform shall perform self checking functions to detect unauthorized modification.
12. The Receiving Platform will protect against the disabling of output protections.
13. Any unauthorized modification of any of the software functions involved in the security implementation will result in the failure of the decryption process.
14. The Receiving Platform hardware components should be designed in such a way that prevents attempts to reprogram, remove or replace any of the hardware components involved in the security solution on the Receiving Platform.
15. Reprogramming, removal or replacement of any of the hardware components involved in the security solution of the Receiving Platform will result in the failure of the decryption process.
16. Google provisioned data (e.g. as applicable keyboxes, OEM device certificates, and private keys associated with OEM device certificates) will be securely provisioned by Company, enabling a secure root of trust
17. Non-encrypted content shall only be delivered to outputs that are protected by a trusted protection system. Trusted protection systems include Macrovision, CGMS-A, HDCP and DTCP-IP. Triggering APIs shall be exposed to the Google DRM.
18. Keys which are provisioned by the DRM system on behalf of a third party service must be protected to the same level of robustness as DRM keys.
19. The receiving Device shall enforce and prevent circumvention of usage restrictions associated with keys, including but not limited to key extractability, key lifetime, use for content decryption, and use for generic cryptographic operations.

For the avoidance of doubt, if the operating system that provides the application execution environment is compromised or “rooted,” the above protection mechanisms must not be compromised. The industry standard mechanism to meet this requirement is the implementation of a trusted execution environment that runs security critical code and is inaccessible by the application execution environment.