reusch­law White Paper: Update Requi­re­ments ari­sing from Pro­duct Lia­bi­li­ty in Civil and Public Law

Intro­duc­tion

New pro­vi­si­ons of the Civil Code have been in effect sin­ce 1 Janu­ary 2022 with respect to con­tracts of sale, inclu­ding a gene­ral obli­ga­ti­on for sel­lers of digi­tal pro­ducts and goods with digi­tal ele­ments within the frame­work of B2C con­trac­tu­al rela­ti­onships to pro­vi­de (soft­ware) updates for a cer­tain peri­od of time. In light of the fact that pro­ducts are beco­ming incre­asing­ly digi­ti­zed, the­se new pro­vi­si­ons rai­se the ques­ti­on as to the ext­ent to which addi­tio­nal update requi­re­ments exist for manu­fac­tu­r­ers, retail­ers, sel­lers, etc. This White Paper will pro­vi­de an over­view of exis­ting and poten­ti­al future update requi­re­ments in this regard.

Con­tract Law

The pro­vi­si­ons begin­ning with § 327e and § 475b of the Civil Code were enac­ted in order to imple­ment Direc­ti­ve (EU 2019/770) on cer­tain aspects con­cer­ning con­tracts for the sup­p­ly of digi­tal con­tent and digi­tal ser­vices (the Digi­tal Con­tent Direc­ti­ve (“DCD”)) (as we repor­ted) and Direc­ti­ve (EU 2019/771) on cer­tain aspects con­cer­ning con­tracts for the sale of goods (the Sale of Goods Direc­ti­ve (the “SGD”)) (as we repor­ted) into Ger­man law, and the­se new pro­vi­si­ons have been in effect sin­ce Janu­ary of this year. The abo­ve sta­tu­tes rela­te to the con­for­mance of digi­tal pro­ducts (§ 327e of the Civil Code and sub­se­quent Sec­tions) and goods with digi­tal ele­ments (§ 475b of the Civil Code and sub­se­quent Sec­tions) to B2C con­tracts. Under the­se new pro­vi­si­ons, the afo­re­men­tio­ned pro­duct groups con­form to the con­tract if they meet cer­tain sub­jec­ti­ve and objec­ti­ve requi­re­ments. The sub­jec­ti­ve requi­re­ments rela­te to com­pli­ance with any con­trac­tual­ly sti­pu­la­ted update requi­re­ments, but the uni­que aspect is the objec­ti­ve requi­re­ments: the entre­pre­neur is requi­red to ensu­re that the con­su­mer is pro­vi­ded with the updates which are neces­sa­ry in order to main­tain con­for­mi­ty with the con­tract. The peri­od in which updates are to be pro­vi­ded gene­ral­ly depends on the expec­ta­ti­ons of a reasonable con­su­mer, except in cases whe­re the con­tract pro­vi­des for con­ti­nuous sup­p­ly of the pro­duct, in which case the agreed-upon peri­od appli­es (alt­hough this peri­od must be at least two years in cases invol­ving goods with digi­tal ele­ments). With the enact­ment of this pro­vi­si­on con­cer­ning objec­ti­ve requi­re­ments, a gene­ral obli­ga­ti­on now exists for sel­lers to pro­vi­de updates for cer­tain pro­duct groups in B2C con­tracts. At the same time, the sel­ler is also requi­red to noti­fy con­su­mers of all neces­sa­ry updates in the­se cases.

Gene­ral Pro­duct Safe­ty Law and Mar­ket Surveillance

Pro­vi­si­ons of gene­ral pro­duct safe­ty law can be found in Direc­ti­ve (2001/95/EC) on gene­ral pro­duct safe­ty (the Pro­duct Safe­ty Direc­ti­ve (“PSD”)) (only in Ger­man) and, at the natio­nal level, in the Pro­duct Safe­ty Act (“PSA”). Accor­ding to the curr­ent­ly pre­vai­ling view, the abo­ve sta­tu­tes app­ly at the very least to soft­ware which is loca­ted in a data sto­rage medi­um or which is inte­gra­ted (“embedded”) into a phy­si­cal pro­duct, but the­se sta­tu­tes do not include any express obli­ga­ti­ons to pro­vi­de updates. The PSD is curr­ent­ly being revi­sed at the level of Euro­pean law (as we repor­ted). While the pro­po­sal published by the Euro­pean Com­mis­si­on (“EU Com­mis­si­on”) for a Regu­la­ti­on on gene­ral pro­duct safe­ty (COM(2021) 346 final) (“draft GPSR”) does not express­ly pro­vi­de for a gene­ral obli­ga­ti­on to pro­vi­de updates, it does sta­te that, in the event of a recall, the respon­si­ble eco­no­mic ope­ra­tor is requi­red to offer effec­ti­ve, cost-free and time­ly reme­dies, which may include repairs, repla­ce­ments and refunds.

In case of self-repair by the con­su­mer, the eco­no­mic ope­ra­tor is requi­red to pro­vi­de soft­ware updates free of char­ge. In other words, the draft GPSR estab­lishes a future obli­ga­ti­on for respon­si­ble eco­no­mic ope­ra­tors to pro­vi­de updates in cases such as the­se. It should also be kept in mind that the scope of the draft GPSR is likely to be exten­ded to include all soft­ware products.

Accor­ding to the published amend­ments to the draft GPSR (PDF) by the Euro­pean Par­lia­men­t’s Com­mit­tee on the Inter­nal Mar­ket and Con­su­mer Pro­tec­tion (“IMCO”), the term “pro­duct” is to be defi­ned as  any item, inter­con­nec­ted or not to other items (of phy­si­cal, digi­tal or mixed natu­re), sup­pli­ed or made available. More recent­ly, a com­pro­mi­se pro­po­sal (PDF) from the Coun­cil of the Euro­pean Uni­on defi­ned a “pro­duct” as any item of phy­si­cal, digi­tal or mixed natu­re, so that the afo­re­men­tio­ned obli­ga­ti­on to pro­vi­de updates would app­ly to manu­fac­tu­r­ers, retail­ers, importers, et. of stand-alone soft­ware as well.

Within the sphe­re of mar­ket sur­veil­lan­ce, an obli­ga­ti­on to pro­vi­de updates may be estab­lished in any indi­vi­du­al case by order of the aut­ho­ri­ties. With the imple­men­ta­ti­on of Regu­la­ti­on (EU 2019/1020) on mar­ket sur­veil­lan­ce and com­pli­ance of pro­ducts (the Mar­ket Sur­veil­lan­ce Regu­la­ti­on (“MSR”)) (as we repor­ted), which has been in effect sin­ce 16 July 2021, through the enact­ment of a natio­nal Mar­ket Sur­veil­lan­ce Act (“MSA”) and asso­cia­ted revi­si­on of the PSA, the pro­vi­si­ons rela­ting to mar­ket sur­veil­lan­ce were trans­fer­red from the Pro­duct Safe­ty Act, as form­er­ly amen­ded, to the Mar­ket Sur­veil­lan­ce Act. The MSA spe­ci­fies a num­ber of powers which are available to the mar­ket sur­veil­lan­ce aut­ho­ri­ties, with refe­rence to the MSR. Among them is the power to requi­re eco­no­mic ope­ra­tors to take appro­pria­te action to res­to­re pro­duct safe­ty. The­r­e­fo­re, if a soft­ware pro­duct were unsafe in any indi­vi­du­al case, the mar­ket sur­veil­lan­ce aut­ho­ri­ties would be able to order the eco­no­mic ope­ra­tor to pro­vi­de updates, as an appro­pria­te action to res­to­re pro­duct safe­ty. An obli­ga­ti­on to pro­vi­de updates may also ari­se as the indi­rect result of a recall order: by orde­ring the recall of an unsafe soft­ware pro­duct, an aut­ho­ri­ty could indi­rect­ly requi­re the eco­no­mic ope­ra­tor to over­haul the pro­duct and to update it if neces­sa­ry. Accor­din­gly, any update requi­re­ments from the sphe­re of mar­ket sur­veil­lan­ce do not exist as gene­ral obli­ga­ti­ons, but rather ari­se depen­ding on the cir­cum­s­tances of each indi­vi­du­al case.

The AI Regulation

In April 2021, the EU Com­mis­si­on published a pro­po­sal for a Regu­la­ti­on lay­ing down har­mo­ni­zed rules on arti­fi­ci­al intel­li­gence (AI) (COM(2021) 206 final) (“draft AIR) (as we repor­ted). The draft Regu­la­ti­on con­ta­ins pro­vi­si­ons which are desi­gned to ensu­re a func­tio­ning inter­nal mar­ket for AI, as well as ones which are desi­gned to address the poten­ti­al risks posed by AI. While the draft Regu­la­ti­on does not express­ly estab­lish a gene­ral obli­ga­ti­on for pro­vi­ders of AI sys­tems to pro­vi­de spe­ci­fic updates, the need for con­ti­nuous updates is evi­dent from the over­all con­text of the Regu­la­ti­on’s pro­vi­si­ons. In par­ti­cu­lar, rou­ti­ne updates would be requi­red within the frame­work of the risk manage­ment sys­tem, which is descri­bed as a “con­ti­nuous ite­ra­ti­ve pro­cess.” Updates are also men­tio­ned as poten­ti­al­ly neces­sa­ry main­ten­an­ce and sup­port mea­su­res, if only within the frame­work of the pro­vi­si­ons gover­ning noti­fi­ca­ti­on requi­re­ments. The same appli­es for the pre­pa­ra­ti­on of tech­ni­cal docu­men­ta­ti­on, which must include not only the soft­ware ver­si­on but also infor­ma­ti­on about any requi­re­ments with regard to soft­ware updates.

A simi­lar approach can also be found in the Regu­la­ti­on (EU 2017/745) on medi­cal devices (the Medi­cal Devices Regu­la­ti­on (“MDR”)), under which risk manage­ment repres­ents a con­ti­nuous ite­ra­ti­ve pro­cess throug­hout the enti­re life cycle of the device and the prin­ci­ples of the soft­ware life cycle are to be obser­ved in the manu­fac­tu­re of safe medi­cal devices.

Machi­nery Pro­ducts Regulation

Direc­ti­ve (2006/42/EC) on machi­nery (the Machi­nery Direc­ti­ve), which is curr­ent­ly in effect, and which deals with the requi­re­ments for safe machi­nery, is curr­ent­ly being revi­sed by the EU Com­mis­si­on. To this end, the EU Com­mis­si­on published a pro­po­sal for a Regu­la­ti­on on Machi­nery Pro­ducts (COM(2021) 202 final) (“draft Machi­nery Pro­ducts Regu­la­ti­on”) (as we repor­ted), which appeared simul­ta­neous­ly with the draft AI Regu­la­ti­on in April 2021. Accor­ding to the EU Com­mis­si­on’s Expl­ana­to­ry Memo­ran­dum, this pro­po­sal is inten­ded to address “the new risks stem­ming from digi­tal emer­ging technologies.”

In par­ti­cu­lar, the pro­po­sal is inten­ded to address new risks asso­cia­ted with the uploa­ding of soft­ware onto a pro­duct, so that updates of soft­ware which is instal­led in a machi­nery pro­duct are taken into account in risk assess­ments. Par­ti­cu­lar­ly with respect to the risks asso­cia­ted with uploa­ding updates, the pro­po­sal includes pro­vi­si­ons rela­ting to “sub­stan­ti­al modi­fi­ca­ti­ons,” which refer to (digi­tal) chan­ges to machi­nery pro­ducts after they are pla­ced on the mar­ket or put in ser­vice which could not be fore­seen by the manu­fac­tu­rer, wher­eby the chan­ges must be so sub­stan­ti­al that the pro­duct can no lon­ger com­ply with the appli­ca­ble health and safe­ty requi­re­ments. In the­se cases, the per­son who car­ri­es out the sub­stan­ti­al modi­fi­ca­ti­on takes on the obli­ga­ti­ons which ori­gi­nal­ly appli­ed to the manu­fac­tu­rer. While this chan­ge does not requi­re eco­no­mic ope­ra­tors to pro­vi­de updates, it does estab­lish sepa­ra­te obli­ga­ti­ons in the event that an update takes place.

Eco-design Direc­ti­ve

Direc­ti­ve (2009/125/EC) estab­li­shing a frame­work for the set­ting of eco-design requi­re­ments for energy-related pro­ducts (the Eco-design Direc­ti­ve)  aut­ho­ri­zes the EU Com­mis­si­on to adopt imple­men­ting mea­su­res defi­ning bin­ding requi­re­ments for cer­tain pro­duct groups. The EU Com­mis­si­on has exer­cis­ed this aut­ho­ri­ty, issuing regu­la­ti­ons defi­ning eco-design requi­re­ments for ten pro­duct groups so far,  inclu­ding ref­ri­ge­ra­ting appli­ances, house­hold washing machi­nes and washer-drivers, house­hold dish­wa­shers and elec­tro­nic dis­plays. The­se imple­men­ting regu­la­ti­ons are desi­gned to ensu­re pro­duct dura­bi­li­ty and con­tain pro­vi­si­ons rela­ting to pro­duct repair and main­ten­an­ce. They include e.g. obli­ga­ti­ons to ensu­re that the pro­ducts are easy to repair, an obli­ga­ti­on to pro­vi­de repair and main­ten­an­ce infor­ma­ti­on and an obli­ga­ti­on to pro­vi­de spa­re parts and make them available for a cer­tain peri­od of time (seven to ten years). Given the obli­ga­ti­on to pro­vi­de spa­re parts, a duty to pro­vi­de updates the­r­e­fo­re exists for the abo­ve pro­duct groups to the ext­ent that they are soft­ware pro­ducts which need to be repai­red and/or updated in any indi­vi­du­al case.

The Eco-design Direc­ti­ve is curr­ent­ly being revi­sed by the EU Com­mis­si­on. As part of the Euro­pean Green Deal, the EU Com­mis­si­on has published a pro­po­sal (COM(2022) 142 final) (PDF) for a Regu­la­ti­on estab­li­shing a frame­work for set­ting eco-design requi­re­ments for sus­tainable pro­ducts (the Eco-Design Regu­la­ti­on). At the moment, the pro­po­sal does not extend the scope of the Eco-Design Direc­ti­ve to such an ext­ent as to estab­lish a gene­ral obli­ga­ti­on for respon­si­ble eco­no­mic ope­ra­tors to pro­vi­de updates. Howe­ver, it includes express requi­re­ments for soft­ware and firm­ware updates, which may only be imple­men­ted if they do not adver­se­ly affect the pro­duc­t’s performance.

Pro­duct Lia­bi­li­ty Law

Within the frame­work of pro­duct lia­bi­li­ty law, it is neces­sa­ry to distin­gu­ish bet­ween pro­duct lia­bi­li­ty law in the nar­row sen­se and pro­duct lia­bi­li­ty law in the broa­der sense.

Pro­duct lia­bi­li­ty law in the nar­row sen­se is defi­ned by the pro­vi­si­ons of Direc­ti­ve (85/374/EEC) on the appro­xi­ma­ti­on of the laws, regu­la­ti­ons and admi­nis­tra­ti­ve pro­vi­si­ons of the Mem­ber Sta­tes con­cer­ning lia­bi­li­ty for defec­ti­ve pro­ducts (the Pro­duct Lia­bi­li­ty Direc­ti­ve) and at the natio­nal level by the Pro­duct Lia­bi­li­ty Act (“PLA”) and obli­ga­tes manu­fac­tu­r­ers to place only defect-free pro­ducts on the mar­ket. As part of this obli­ga­ti­on, manu­fac­tu­r­ers are lia­ble regard­less of fault for dama­ges which ari­se due to defec­ti­ve pro­ducts. Becau­se manu­fac­tu­r­ers are lia­ble regard­less of fault, the­re is no fur­ther obli­ga­ti­on for manu­fac­tu­r­ers to con­duct pro­duct sur­veil­lan­ce for pro­ducts which have been pla­ced on the mar­ket. In the absence of such a duty for manu­fac­tu­r­ers to con­duct pro­duct sur­veil­lan­ce, neither the Pro­duct Lia­bi­li­ty Direc­ti­ve nor the Pro­duct Lia­bi­li­ty Act requi­re manu­fac­tu­r­ers to pro­vi­de updates after their pro­ducts have been pla­ced on the mar­ket, regard­less of the ques­ti­on as to whe­ther the pro­vi­si­ons of pro­duct lia­bi­li­ty law app­ly to (stand-alone) soft­ware (as we repor­ted). The Pro­duct Lia­bi­li­ty Direc­ti­ve is curr­ent­ly being revi­sed by the EU Com­mis­si­on with regard to its vali­di­ty and effec­ti­ve­ness in the pre­sent day. To this end, the EU Com­mis­si­on recent­ly con­duc­ted a con­sul­ta­ti­on in order to adapt the Direc­ti­ve’s lia­bi­li­ty rules to the digi­tal age and to account for deve­lo­p­ments in the field of AI. An actu­al draft of the revi­sed Pro­duct Lia­bi­li­ty Direc­ti­ve is not yet available, but given the prin­ci­ple men­tio­ned abo­ve, the absence of a pro­duct sur­veil­lan­ce obli­ga­ti­on, obli­ga­ti­ons to pro­vi­de updates from the stand­point of pro­duct lia­bi­li­ty law are not to be expected.

In pro­duct lia­bi­li­ty law in the broa­der sen­se, a dif­fe­rent situa­ti­on appli­es: under the hea­ding of “pro­du­cer’s lia­bi­li­ty,” § 823 of the Ger­man Civil Code estab­lishes lia­bi­li­ty for the breach of “duties to safe­guard traf­fic.” Duties to safe­guard traf­fic con­form to the requi­re­ments for defect-free pro­ducts in accordance with the Pro­duct Lia­bi­li­ty Act with one important addi­ti­on: a pro­duct sur­veil­lan­ce obli­ga­ti­on. Unli­ke in cases gover­ned by the Pro­duct Lia­bi­li­ty Act, manu­fac­tu­r­ers sub­ject to pro­du­cer’s lia­bi­li­ty are requi­red to con­ti­nue moni­to­ring their pro­ducts after they are pla­ced on the mar­ket to ensu­re that they are safe and defect-free, and to imple­ment appro­pria­te reme­dies if neces­sa­ry. This addi­ti­on is foun­ded in the fun­da­men­tal natu­re of pro­du­cer’s lia­bi­li­ty which, unli­ke lia­bi­li­ty in accordance with the Pro­duct Lia­bi­li­ty Act, appli­es only if the pro­du­cer is at fault. Accor­din­gly, a duty to pro­vi­de updates (for phy­si­cal, embedded and stand-alone soft­ware ali­ke) may exist within the frame­work of pro­du­cer’s lia­bi­li­ty, and fol­lo­wing from the pro­duct sur­veil­lan­ce obli­ga­ti­on, pro­vi­ded that the updates repre­sent an appro­pria­te reme­dy in any spe­ci­fic case. This is par­ti­cu­lar­ly the case if secu­ri­ty vul­nerabi­li­ties are found, or if the­re is a thre­at of cyber­at­tacks, and cer­tain updates offer a simp­le way of pre­ven­ting or at least mini­mi­zing the­se risks.

Update Obli­ga­ti­ons through the Back Door: Cur­rent Sta­te of the Art

Even though gene­ral update obli­ga­ti­ons are not express­ly pro­vi­ded for in gene­ral pro­duct safe­ty law or in pro­duct safe­ty regu­la­ti­ons for spe­ci­fic pro­duct groups, the­re is still a pos­si­bi­li­ty of intro­du­cing update obli­ga­ti­ons for eco­no­mic ope­ra­tors through the back door. In both gene­ral pro­duct safe­ty law and pro­duct safe­ty regu­la­ti­ons for spe­ci­fic pro­duct groups, the ques­ti­on as to the neces­sa­ry degree of pro­duct safe­ty is deter­mi­ned in each case by the sta­te of the art. Sin­ce the pro­vi­si­ons of pro­duct safe­ty law requi­re eco­no­mic ope­ra­tors not only to place only safe pro­ducts on the mar­ket but also to con­ti­nuous­ly ensu­re that their pro­ducts on the mar­ket are safe and to main­tain the sup­p­ly of safe pro­ducts, at least for the dura­ti­on of the pro­duc­t’s ordi­na­ry life cycle, they are also requi­red to account for pos­si­ble chan­ges in safe­ty requi­re­ments con­sis­tent with the cur­rent sta­te of the art. In this way, chan­ges in the tech­ni­cal regu­la­ti­ons which form the basis for the sta­te of the art may cau­se update obli­ga­ti­ons to be intro­du­ced through the back door. The same appli­es for com­pli­ance with the pro­duct sur­veil­lan­ce obli­ga­ti­on within the frame­work of pro­du­cer’s lia­bi­li­ty in civil law. In this case as well, requi­re­ments for defect-free pro­ducts may chan­ge over a pro­duc­t’s life cycle as a result of new deve­lo­p­ments in the sta­te of the art. Accor­din­gly, deve­lo­p­ments in the sta­te of the art should be careful­ly scru­ti­ni­zed in each case within the bounds of pro­duct sur­veil­lan­ce in order to check for future update obligations.

Out­look: Right of Repair

The intro­duc­tion of a gene­ral right of repair is curr­ent­ly being deba­ted at length at both the EU level and the natio­nal level. Under cur­rent law, a spe­ci­fic right of repair only exists for cer­tain pro­duct groups under the afo­re­men­tio­ned imple­men­ting mea­su­res adopted by the EU Com­mis­si­on based on the Eco-design Direc­ti­ve (see abo­ve). Accor­ding to the EU Com­mis­si­on, the­se regu­la­ti­ons are to be exten­ded in order to crea­te a gene­ral right of repair by app­ly­ing the Eco-design Direc­ti­ve to other pro­duct groups as part of the Euro­pean Green Deal. To this end, a con­sul­ta­ti­on pro­ce­du­re for the EU Com­mis­si­on is curr­ent­ly under­way as part of the Green Deal’s “Sus­tainable Pro­duct Initia­ti­ve” (“SPI”) (as we repor­ted), and will run through the start of April 2022. At the natio­nal level, the fede­ral govern­men­t’s coali­ti­on agree­ment con­ta­ins the goal of imple­men­ting a gene­ral right of repair, and express­ly sta­tes that manu­fac­tu­r­ers would be requi­red to sup­p­ly updates during the typi­cal useful life of the pro­duct. Actu­al draft legis­la­ti­on has yet to be pre­sen­ted at eit­her the Euro­pean or the natio­nal level. Ger­many’s Minis­ter for the Envi­ron­ment, Natu­re Con­ser­va­ti­on, Nuclear Safe­ty and Con­su­mer Pro­tec­tion, Stef­fi Lem­ke, sta­ted in an inter­view that the Ger­man govern­ment intends to imple­ment a natio­nal right of repair as noted in the coali­ti­on agree­ment right away, regard­less of deve­lo­p­ments at the EU level. But this approach was dis­card­ed in sub­se­quent inter­views, so that we will need to await deve­lo­p­ments at the Euro­pean level for the time being.

The pro­po­sal for a gene­ral right of repair has encoun­te­red hea­vy cri­ti­cism from the indus­tri­al sec­tor, as well as from a legal stand­point. From a legal stand­point, a gene­ral right of repair, with the object of regu­la­ting pro­duct dura­bi­li­ty by requi­ring manu­fac­tu­r­ers to sup­p­ly spa­re parts for a peri­od of seven to ten years, would estab­lish no-fault lia­bi­li­ty for manu­fac­tu­r­ers and retail­ers bey­ond the sta­tu­to­ry war­ran­ty peri­ods. This would requi­re not only a sin­gle chan­ge in the law, but a long list of chan­ges and addi­ti­ons to a varie­ty of laws. Asi­de from the legal struc­tu­ring of a gene­ral right of repair, cri­ti­cism has focu­sed on the ques­ti­on as to the per­sons to whom such a requi­re­ment would actual­ly app­ly. If retail­ers are requi­red to ensu­re that a pro­duct can be repai­red, one may ask how retail­ers can be expec­ted to ensu­re such a thing, given that they do not manu­fac­tu­re the pro­duct them­sel­ves, but mere­ly dis­tri­bu­te it. The only con­ceiva­ble solu­ti­on would be to invol­ve the manu­fac­tu­rer in the actu­al con­tract of sale, with the duty to per­form repairs. Likely the hea­viest cri­ti­cism has been level­led against the pro­po­sal to requi­re manu­fac­tu­r­ers to sup­p­ly updates throug­hout the typi­cal useful life of the pro­duct. Requi­ring manu­fac­tu­r­ers to ensu­re that pro­ducts are func­tio­ning pro­per­ly for a cer­tain peri­od of time after pla­ce­ment on the mar­ket, regard­less of actu­al fault, would result in strict pro­duct lia­bi­li­ty for manu­fac­tu­r­ers, asso­cia­ted with a duty to con­duct pro­duct sur­veil­lan­ce for pro­ducts on the mar­ket. This would repre­sent a sub­stan­ti­al depar­tu­re from the exis­ting prin­ci­ples of pro­duct lia­bi­li­ty law in the nar­row sen­se (see abo­ve) and could not be jus­ti­fied by a mere refe­rence to a gene­ral right of repair.

Con­clu­si­on

Update obli­ga­ti­ons with regard to soft­ware pro­ducts are curr­ent­ly being deba­ted with respect to a wide varie­ty of laws at both the EU level and the natio­nal level, and have alre­a­dy been imple­men­ted in some cases. The­re is also a dan­ger that addi­tio­nal update requi­re­ments will be estab­lished as a result of chan­ges in the sta­te of the art. Com­pa­nies should fol­low the ongo­ing updates and dis­cus­sions as part of their com­pli­ance manage­ment acti­vi­ties, and should be pre­pared for future update requi­re­ments. Plea­se let us know if we can help you imple­ment the­se requirements.

Down­load the full white­pa­per with appen­dix here.

back

Stay up-to-date

We use your email address exclusively for sending our newsletter. You have the right to revoke your consent at any time with effect for the future. For further information, please refer to our privacy policy.