End User License Agreement (EULA)

for the software "TIA Openness Manager"

Version 4.0 — Effective 9 May 2026 — EU AI Act / CRA / Volume / Add-ons / DPA Compliance Pass

TIA Portal V15-V21

Windows 10/11

MCP Tools

OPC UA Client

License Agreement

1. Preamble

This software is an engineering tool for managing Siemens TIA Portal projects via the TIA Openness API. Core functions include import, export, and comparison of PLC blocks, project navigation, OPC UA communication, and hardware configuration.

Additionally, the software offers an optional AI chat feature that can connect engineering data and user inputs with an external Large Language Model (LLM). This AI feature can generate code suggestions and perform write operations on TIA Portal projects.

Use in industrial environments is potentially risky and requires expert handling.

2. License Scope

The Provider grants the Licensee a non-exclusive, non-transferable, time-limited license to use the software on a single hardware instance (HW-ID).

The Licensee does NOT acquire ownership of the software, but only a right of use.

This license does NOT entitle you to:

Copy or distribute the software
Sell or sublicense the software
Decompile, disassemble, or reverse engineer the software
Circumvent or remove copy protection
Transfer the license to other devices (except as per license model)
Use the software in safety-critical applications where malfunctions could endanger life, health, or significant assets

Virtualized environments: Use in virtualized environments (VDI, Citrix, RDP, cloud workstations) is permitted, provided that a unique hardware identification is preserved and the license is bound to exactly one virtual instance. Concurrent use of the same license on multiple virtual or physical instances is not permitted.

3. Use in Engineering Environments

The Licensee expressly acknowledges:

a) The software does NOT perform any technical validation of content generated by the connected LLM.
b) All generated content must be reviewed COMPLETELY, PROFESSIONALLY, and MANUALLY by qualified personnel BEFORE being applied to productive control projects.
c) The user must NOT use the AI features of the software on productive control projects without first fully reviewing and validating the generated content. The software itself can perform write operations on TIA Portal projects (e.g., import, block generation).
d) The user bears SOLE RESPONSIBILITY for the interpretation, application, and integration of all content mediated by the software.

4. Safety-Related Controllers (F-CPU)

The software supports reading, comparing, importing, and generating blocks for Siemens fail-safe controllers (F-CPU, Safety).

a) The Provider bears NO responsibility for the functional safety of any Safety blocks processed. Verification and validation in accordance with IEC 61508, IEC 62061, ISO 13849, and the relevant Siemens safety manuals is the sole responsibility of the user.
b) AI-generated content or content automatically produced by the software must NEVER be applied to Safety blocks without independent secondary review (four-eyes principle).
c) Compliance with PIN-code and Safety-login policies as required by the respective plant risk analyses is solely the user's responsibility.
d) Any violation of this provision voids all liability of the Provider. The Licensee bears all consequences of improper Safety-block handling alone.

5. Liability for External LLM Content and AI-Provider Third-Party Terms

The AI chat feature of the software provides the connection to an external LLM. The Provider has NO INFLUENCE on:

Quality, accuracy, or completeness of LLM outputs
Possible misinterpretations
Hallucinations or faulty code suggestions
Functional unsuitability of generated content

ANY LIABILITY OF THE PROVIDER FOR DAMAGES ARISING FROM THE USE OR EXPECTATION OF USE OF CONTENT GENERATED BY AN LLM IS EXCLUDED.

Pass-Through of Provider Terms: The selection of the AI provider is made exclusively by the user. When connecting to external AI providers (in particular Anthropic, OpenAI, Google, GitHub Copilot, locally operated Ollama instances, or comparable services), the respective terms of use, privacy policies, and acceptable-use policies of the relevant provider apply additionally between the user and the respective provider. The user is solely responsible for:

a) Entering into a valid usage agreement with the respective provider
b) Compliance with provider-specific terms, in particular regarding permissible content, data transfer, and intended use
c) Procurement of required API keys or subscription licenses with the provider
d) Ensuring that the transmitted engineering data may be transferred under the provider's terms

The Provider assumes NO responsibility for the user's violations of external AI-provider terms, for provider-side suspensions, service outages, price changes, or discontinuation of individual models.

6. MCP Server and External MCP Clients

The software acts as both an MCP server and an MCP client under the Model Context Protocol standard.

MCP Server Role: The software provides a local Model Context Protocol (MCP) server that allows external AI clients (e.g., Claude Desktop, Claude Code, LM Studio, Continue.dev) to access TIA Portal project data and invoke tools.

a) On explicit instruction from the connected AI client, the MCP server may perform WRITE OPERATIONS on TIA Portal projects (e.g., import, block manipulation, deletion).
b) Selection, configuration, and trustworthiness of external AI clients is the user's sole responsibility. The Provider assumes NO liability for damages caused by faulty, malicious, or compromised AI clients.
c) The user is required to restrict the tools exposed by the MCP server to the minimum necessary for the intended use (least-privilege principle) and to observe license-tier-based permissions.
d) The Provider is NOT liable for damages to project data, controllers, or attached plants caused by unauthorized or faulty MCP tool calls.

MCP Client Role: The software may itself connect to external MCP servers selected and configured by the user.

e) Selection, trustworthiness assessment, and configuration of external MCP servers is the user's sole responsibility. External MCP servers may be malicious and may expose tool calls with unexpected behavior.
f) The software provides an integrated approval workflow that requires explicit user confirmation before tool calls with write effect are executed. The Provider's responsibility is limited to the correct functioning of this approval workflow.
g) The Provider assumes NO responsibility for damages caused by malicious, compromised, or faulty external MCP servers, including data exfiltration, unauthorized code modifications, or manipulation of engineering data.

7. EU AI Act Compliance

The software is designed as a general-purpose engineering tool and, in the Provider's assessment, does NOT constitute a high-risk AI system within the meaning of Article 6 of Regulation (EU) 2024/1689 (EU AI Act). The software is not distributed or marketed for the high-risk applications listed in Annex III of the EU AI Act.

a) Transparency under Article 50 of the EU AI Act: The user is informed by this EULA, the user manual, and contextual UI cues that the software produces AI-generated content. AI-generated code changes are flagged as such in the UI and require explicit user confirmation before being applied to the TIA Portal project.
b) High-Risk-Application Prohibition: The user must NOT deploy the software in high-risk applications without conducting their own EU AI Act conformity assessment, in particular not in: critical digital infrastructure (energy, water, gas, district heating), critical transport infrastructure, safety components of machinery or lifts under the relevant harmonization legislation, recruiting or personnel-evaluation systems, creditworthiness assessment, law enforcement, or migration/asylum/border-control systems.
c) User Conformity Assessment: Should the user nevertheless deploy the software in a high-risk application regulated under the EU AI Act, the user is solely responsible for completing the full conformity assessment under Articles 16 et seq. EU AI Act, including risk-management system, data governance, technical documentation, record-keeping, human oversight, accuracy, robustness, cybersecurity, and the EU declaration of conformity.
d) Prohibited-Practices Carve-Out: The user must not use the software for the practices prohibited under Article 5 EU AI Act, in particular not for social scoring, manipulative influencing, exploitation of vulnerable persons, or prohibited real-time remote biometric identification in publicly accessible spaces.

The Provider is NOT liable for AI Act violations resulting from off-purpose use of the software by the user.

8. Warranty Disclaimer

THE SOFTWARE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED.

The Provider expressly disclaims, to the maximum extent permitted by law, all warranties including but not limited to:

Merchantability
Fitness for a particular purpose
Error-free or uninterrupted operation
Conformity with user expectations
Non-infringement of third-party rights

The Provider makes no representation that the software will function without errors with all TIA Portal versions, all PLC families, all third-party libraries, or all external LLM/AI services.

9. Limitation of Provider Liability

The Provider's liability is limited in all cases — regardless of the legal basis — as follows:

Maximum up to the amount of the license fee paid by the Licensee
No liability for indirect damages
No liability for production downtime
No liability for data loss
No liability for lost profits
No liability for consequential damages arising from engineering errors
No liability for damages resulting from improper or negligent use

This limitation applies even for foreseeable damages.

10. Indemnification by Licensee

The Licensee shall indemnify and hold harmless the Provider, its employees, agents, and affiliates from any third-party claims arising out of or in connection with:

Use of the software by the Licensee or its personnel
Adoption of AI-generated content into productive control projects
Processing of confidential or personal data of third parties through the software (in particular via AI chat or MCP server)
Violation of applicable laws by the Licensee (in particular data protection, security, or export-control regulations)

including reasonable attorneys' fees and litigation costs.

This indemnification obligation does not apply to claims demonstrably based on willful misconduct by the Provider.

11. User Qualification

Use of the software in connection with TIA Portal projects is only permitted for persons who:

Have sound knowledge of PLC programming
Are trained TIA Portal users
Can professionally assess engineering changes
Can evaluate risks when dealing with automatically generated suggestions

By using the software, the user confirms that they possess the professional qualification required for their intended use.

12. Password Vault

The software provides a password vault feature for local storage of TIA Portal know-how protection passwords. The vault enables centralized management, assignment, and bulk protect/unprotect operations on PLC blocks.

a) All passwords are stored in a local vault file (.vault) and encrypted using AES-256-GCM. Access is protected by a user-chosen master password.
b) The Provider has NO access to your stored passwords, your master password, or your vault file and CANNOT recover them.
c) If the master password or the vault file is lost, stored passwords will be IRRETRIEVABLY LOST.
d) The user is solely responsible for backing up their master password and vault file (e.g., via the CSV export feature).
e) The Provider assumes NO liability for the loss of passwords or for damages arising from the unavailability of stored know-how protection passwords.

13. License Validation

The software validates the license online at least every 14 days
If no internet connection is available, the software can be used offline for up to 14 days
After 14 days, a new online validation is required

14. Subscription Licenses, Volume Licenses and Org Roles

For time-limited subscription licenses (Professional, Enterprise):

The license runs automatically for the selected period (monthly/yearly)
Renewal occurs automatically unless cancelled before expiration
Cancellation is possible at any time via the Stripe Customer Portal
After expiration without renewal, the software is deactivated
A 30-day trial version is available

Basic License (free):

Unlimited duration
Limited functionality
Can be upgraded to Professional/Enterprise at any time

Volume Licenses (Multi-Seat): Volume licenses are subscription licenses with multiple named user seats bound to a central organization binding (org binding).

a) Each seat must be allocated to exactly one named user (email identity). Shared account use across multiple individuals under a single seat is NOT permitted.
b) The Org Owner bears the following obligations: proper allocation and revocation of seats to authorized members; oversight of member compliance with this EULA; management of the billing relationship with the Provider; current maintenance of the org master data.
c) The Org Owner is jointly and severally liable with the relevant member for member violations of this EULA, to the extent that such violations occur within the scope of usage granted under the org license.
d) Upon termination of the org subscription, the usage rights of all members expire automatically as of the expiration date. The software is deactivated on the members' devices.
e) 30-Day Data-Export Period: Within 30 days following termination of the org subscription, the Org Owner may request a complete structured data export (account data, license history, member list) by email to support@tiaopenessmanager.ch. After expiry of this period, the org-related data is deleted.
f) Org Owner Transfer: Transfer of org ownership requires a written ownership-transfer agreement between the outgoing and the new Org Owner, which must be presented to the Provider for acknowledgment prior to execution. The Provider may refuse the transfer if there are reasonable doubts as to the identity of the new owner or its authority to represent the org.

Refunds: Subscription fees already paid are not refunded pro rata after the start of the relevant billing period. This does not apply where mandatory statutory refund obligations exist.

EULA changes during an active subscription: The Provider reserves the right to amend this EULA. Licensees with active subscriptions will be notified electronically (by email or in-app notice) at least 30 days before the changes take effect. A licensee who does not accept the changes may cancel the subscription before the changes take effect; absent cancellation, the amended terms are deemed accepted upon their effective date.

EULA changes for Free-Tier users: Users of the free Basic license will be notified at least 30 days before EULA amendments take effect via in-app banner. Continued use of the software after the effective date constitutes acceptance of the amended terms. A user who does not accept the changes may uninstall the software; no further obligation exists.

15. Add-ons

Add-ons are separately licensed optional functional extensions that may be purchased in addition to an active Professional or Enterprise subscription.

a) Independent Subscription: Each add-on subscription runs as a standalone contract with its own term, billing period, and cancellation period in parallel to the base license. The add-on subscription is effective only while the underlying base license is also active.
b) Termination Independence: Termination of an add-on subscription does not affect the validity of the base license. Termination of the base license automatically ends all active add-on subscriptions of the affected Licensee without pro-rata refund.
c) Add-on Catalog Changes: The Provider reserves the right to add new add-ons to the offering or to remove existing add-ons from the offering with a minimum prior notice of 90 days. Existing add-on subscriptions continue at least until the end of the paid subscription period upon discontinuation of an add-on.
d) Currently available add-ons: No add-ons are currently available.

16. Data Collection, Data Protection and Data Portability

a) Hardware Identification: The software generates a unique hardware ID from system characteristics of your computer. This hardware ID is transmitted to the Provider's license server to bind the license to your device and prevent misuse.
b) AI Data Transmission: When using the optional AI chat feature, local engineering data (e.g., block source code, project data) may be transmitted to an external LLM service. Transmission occurs only at the user's instruction.
c) The user is solely responsible for compliance with internal security and confidentiality policies as well as applicable data protection regulations (in particular the Swiss Federal Act on Data Protection (revFADP) and the EU GDPR).
d) No automatic telemetry: Beyond license validation, the software does not collect usage data and does not transmit automatic error reports. Error and diagnostic reports are created only on the user's explicit instruction via the "Report Issue" feature and may, at the user's option, include local log files.
e) Data Portability (GDPR Article 20): The Licensee may at any time request a structured, commonly used, machine-readable export (JSON format) of the account and license data stored with the Provider. Requests are to be sent by email to support@tiaopenessmanager.ch from the registered email address. Provision occurs within 30 days following identity-verified request.
f) Right to Erasure (GDPR Article 17): The Licensee may initiate deletion of their account at any time via the in-app function "Settings → Account → Delete Account" or by email to support@tiaopenessmanager.ch. Deletion encompasses all account data, but does not encompass accounting and tax data required for compliance with statutory retention obligations (10 years under Swiss and EU bookkeeping regulations).
g) Crash Report Processing: Crash and diagnostic reports submitted explicitly by the user are processed for error analysis. The personal data components (email address, hardware ID) are deleted within 30 days at most. Anonymized technical data (stack traces, log excerpts without identifiers) is retained for issue-tracker storage and regression prevention for at most 90 days.

17. Data Processing Agreement (DPA)

To the extent that the Provider processes personal data on behalf of the Licensee, such processing is conducted as data processing within the meaning of Article 28 GDPR and Article 9 revFADP.

a) DPA Contract: For commercial licensees (B2B), in particular Org Owners of Volume and Enterprise subscriptions, the Provider provides upon request a complete data processing agreement (DPA) containing the minimum content prescribed by Article 28(3) GDPR. Request by email to support@tiaopenessmanager.ch.
b) Processing Purpose: Processing is limited to the scope necessary for license and subscription administration, org and member administration, and license validation.
c) Sub-Processors: The Provider engages the following sub-processors for service delivery:
Netlify Inc. (hosting of website and backend functions, EU region) — DPA available at https://www.netlify.com/gdpr-ccpa
Stripe Payments Europe Ltd. (payment processing, EU/EEA hosting) — DPA available at https://stripe.com/legal/dpa
Sendinblue SAS dba Brevo (transactional email delivery, EU region) — DPA available at https://www.brevo.com/legal/termsofuse
d) Sub-Processor Changes: The Provider reserves the right to change sub-processors. Material changes are communicated to Org Owners and Enterprise licensees by email at least 30 days before the change takes effect. The Licensee may raise reasoned objection; in case of an objection that cannot be addressed, a special right of termination applies.
e) Data Location: All personal data is processed exclusively in Switzerland, the EU, or the EEA. Processing in third countries without an adequacy decision does not occur.

18. Automatic Updates

The software periodically checks whether a newer version is available. If an update is available, the software may download the installation package and perform the update in the background. The user is informed about available updates and can confirm or decline the installation.

19. Vulnerability Disclosure and Update Availability

The Provider maintains a coordinated vulnerability disclosure policy in alignment with Article 11(1) and Annex I of Regulation (EU) 2024/2847 (Cyber Resilience Act, CRA).

a) Reporting Vulnerabilities: Security vulnerabilities in the software are to be reported confidentially to support@tiaopenessmanager.ch with subject prefix [SECURITY]. Please refrain from public disclosure prior to expiry of the coordinated-disclosure period.
b) Coordinated-Disclosure Period: The Provider acknowledges receipt of the report within 5 business days, immediately commences investigation, and — to the extent a vulnerability is confirmed — provides a security update within a coordinated-disclosure period of typically 90 days. In justified cases (complexity, third-party dependency), the period may be extended by mutual agreement.
c) Security Updates: The Provider provides security updates for the current major release line and the immediately preceding major release line for at least 5 years following the last major release of that line. This period applies subject to mandatory CRA obligations and may be extended where longer obligations become applicable.
d) Security Advisories: Confirmed vulnerabilities are published in a security advisory at https://www.tiaopenessmanager.ch/security following expiry of the coordinated-disclosure period. The publication contains a brief description, affected versions, the recommended upgrade target, and — where applicable — a CVE identifier.
e) CVE Assignment: The Provider applies for CVE identifiers with an appropriate CNA on its own initiative for security-relevant vulnerabilities affecting the Licensee. Independent CVE application by the reporter is not required.
f) Whistleblower Protection: Security researchers who report in compliance with this policy enjoy protection from civil and criminal action by the Provider.

20. Audit Right (B2B-Enterprise)

For Volume licenses and individual Enterprise contracts, the following audit right additionally applies:

a) Audit Frequency: The Provider may conduct, or have conducted by an independent auditor, one license-compliance audit at the Licensee per calendar year. More frequent audits are permissible only on reasonable suspicion of license violations.
b) Notice: Audits are announced in writing at least 60 calendar days in advance, stating scope, methodology, and time frame.
c) Conduct: Audits are conducted at the Licensee's option either on-site at the Licensee's premises during normal business hours or remotely via self-disclosure, screen-sharing, or tool-export. The Licensee is required to cooperate to a reasonable extent.
d) Cost Allocation: Audit costs are generally borne by the Provider. Should the audit reveal a non-trivial violation (in particular license over-use of more than 5% of agreed seats, unauthorized distribution of the software, or circumvention of copy protection), the Licensee bears the full audit costs plus an additional licensing fee equal to the list-price differential for 12 months.
e) Confidentiality: All information obtained during the audit is treated by the Provider (or the engaged auditor) in strict confidence. Use of audit findings for marketing, sales, or other purposes is prohibited.
f) Data Minimization: Audits are strictly limited to license-relevant metadata (seat count, activation data, hardware IDs). No inspection of TIA Portal project content or members' personal data takes place.

21. Siemens and TIA Portal

TIA Portal, STEP 7, WinCC and all related trademarks are registered trademarks of Siemens AG. This software is an independent third-party tool and is not manufactured, supported, or authorized by Siemens.

Use of the Siemens TIA Openness API is subject to Siemens terms and conditions.

22. Open-Source Components

The software contains components licensed under open-source licenses (MIT, BSD, Apache 2.0, and others). A complete list of all open-source components used, including the respective license texts and copyright notices, is provided after installation in the file:

C:\Program Files\TIA Openness Manager\THIRD_PARTY_NOTICES.txt

The terms of these open-source licenses apply additionally to the respective components and prevail over the provisions of this EULA for those components to the extent that they are mandatory.

23. Termination

This license is effective until terminated. It will terminate automatically without notice if you fail to comply with any provision of this license. Upon termination, you must destroy all copies of the software.

24. Force Majeure

Neither party is liable for delay or failure to perform its obligations under this EULA to the extent that the delay or failure is caused by an event of force majeure.

a) Force Majeure Events: Force majeure includes in particular: natural disasters, pandemics and epidemics, war and war-like conditions, terrorism, civil unrest, general strikes and lockouts, acts of public authorities and governmental measures, large-scale internet connectivity failures, outages of essential cloud service providers (in particular Netlify, Stripe, Brevo), outages of external LLM providers (in particular Anthropic, OpenAI, Google), and cyber-attacks on third-party infrastructure.
b) Notification: The affected party shall promptly inform the other party of the occurrence, anticipated duration, and impact of the force-majeure event.
c) Suspension of Obligations: During the duration of the force-majeure event, the affected obligations are suspended. Obligations not affected remain in full force. Subscription fees are refundable pro rata for the duration of a force-majeure event that prevents material usability of the software for more than 14 consecutive days.
d) Special Right of Termination: Should the force-majeure event last longer than 60 consecutive days, both parties are entitled to terminate the affected subscription with immediate effect. Prepayments already made are refunded pro rata.

25. Export Control

The Licensee is required to comply with all applicable export and re-export restrictions, in particular:

Swiss Goods Control Ordinance (GKV) and the Embargo Act (EmbG)
EU Regulation 2021/821 on dual-use items
US Export Administration Regulations (EAR) and applicable OFAC sanctions programs
a) Cryptography and AI Functionality: The software contains cryptographic components (in particular AES-256-GCM, ECDSA, bcrypt) and AI-connectivity functionality, which in certain jurisdictions may fall under enhanced export control.
b) Sanctioned Countries and Persons: The Licensee may not, directly or indirectly, export the software to OFAC-sanctioned countries, deploy it there, or make it available to persons on relevant sanctions lists (Specially Designated Nationals, SECO sanctions list, EU consolidated list).
c) Cross-Border Use: The Licensee is solely responsible for compliance with export-control regulations in any cross-border use of the software, any access from abroad, and any data transfer related to the software.
d) Provider Liability Disclaimer: The Provider assumes NO responsibility for the Licensee's violations of export and sanctions law. The Licensee shall indemnify the Provider against all third-party claims and government measures arising therefrom.
e) Embargo Carve-Out: Should new export or sanctions measures take effect that render the provision of the software to the Licensee unlawful, the Provider is entitled to suspend or terminate the license with immediate effect.

26. Jurisdiction & Governing Law

Swiss law applies exclusively. The place of jurisdiction is the registered office of the Provider.

27. Language Versions

This EULA is provided in German and English. In case of interpretive differences, the German version prevails over the English version, as Swiss law applies.

28. Severability Clause

Should individual provisions be invalid, the contract remains valid in all other respects.

29. Acknowledgment

By clicking "I Accept" or by installing this software, you confirm that:

You have fully understood this EULA
You have recognized all risks
You assume full responsibility for its use

Contact & Imprint:

AnyAutomation

Inh. Brzozowski

Rappenstrasse 9

8307 Effretikon

Switzerland

UID: CHE-341.595.058

Email: support@tiaopenessmanager.ch

Website: https://www.tiaopenessmanager.ch

Website: https://www.anyautomation.ch