reu­sch­law White Paper: Update Requi­re­ments ari­sing from Pro­duct Lia­bi­li­ty in Civil and Public Law

Intro­duc­tion

New pro­vi­si­ons of the Civil Code have been in effect sin­ce 1 Janu­a­ry 2022 with respect to con­tracts of sale, inclu­ding a gene­ral obli­ga­ti­on for sel­lers of digi­tal pro­ducts and goods with digi­tal ele­ments wit­hin the frame­work of B2C con­trac­tu­al rela­ti­ons­hips to pro­vi­de (soft­ware) updates for a cer­tain peri­od of time. In light of the fact that pro­ducts are beco­m­ing incre­a­singly digi­ti­zed, the­se new pro­vi­si­ons rai­se the ques­ti­on as to the extent to which addi­tio­nal update requi­re­ments exist for manu­fac­tu­rers, retailers, sel­lers, etc. This White Paper will pro­vi­de an over­view of exis­ting and poten­ti­al future update requi­re­ments in this regard.

Con­tract Law

The pro­vi­si­ons begin­ning with § 327e and § 475b of the Civil Code were enac­ted in order to imple­ment Direc­ti­ve (EU 2019/770) on cer­tain aspects con­cer­ning con­tracts for the sup­ply of digi­tal con­tent and digi­tal ser­vices (the Digi­tal Con­tent Direc­ti­ve (“DCD”)) (as we repor­ted) and Direc­ti­ve (EU 2019/771) on cer­tain aspects con­cer­ning con­tracts for the sale of goods (the Sale of Goods Direc­ti­ve (the “SGD”)) (as we repor­ted) into Ger­man law, and the­se new pro­vi­si­ons have been in effect sin­ce Janu­a­ry of this year. The abo­ve sta­tu­tes rela­te to the con­for­mance of digi­tal pro­ducts (§ 327e of the Civil Code and sub­se­quent Sec­tions) and goods with digi­tal ele­ments (§ 475b of the Civil Code and sub­se­quent Sec­tions) to B2C con­tracts. Under the­se new pro­vi­si­ons, the afo­re­men­tio­ned pro­duct groups con­form to the con­tract if they meet cer­tain sub­jec­ti­ve and objec­ti­ve requi­re­ments. The sub­jec­ti­ve requi­re­ments rela­te to com­pli­an­ce with any con­trac­tual­ly sti­pu­la­ted update requi­re­ments, but the uni­que aspect is the objec­ti­ve requi­re­ments: the entre­pre­neur is requi­red to ensu­re that the con­su­mer is pro­vi­ded with the updates which are necessa­ry in order to main­tain con­for­mi­ty with the con­tract. The peri­od in which updates are to be pro­vi­ded gene­ral­ly depends on the expec­ta­ti­ons of a rea­son­ab­le con­su­mer, except in cases whe­re the con­tract pro­vi­des for con­ti­nuous sup­ply of the pro­duct, in which case the agreed-upon peri­od app­lies (alt­hough this peri­od must be at least two years in cases invol­ving goods with digi­tal ele­ments). With the enact­ment of this pro­vi­si­on con­cer­ning objec­ti­ve requi­re­ments, a gene­ral obli­ga­ti­on now exists for sel­lers to pro­vi­de updates for cer­tain pro­duct groups in B2C con­tracts. At the same time, the sel­ler is also requi­red to noti­fy con­su­mers of all necessa­ry updates in the­se cases.

Gene­ral Pro­duct Safe­ty Law and Mar­ket Surveillance

Pro­vi­si­ons of gene­ral pro­duct safe­ty law can be found in Direc­ti­ve (2001/95/EC) on gene­ral pro­duct safe­ty (the Pro­duct Safe­ty Direc­ti­ve (“PSD”)) (only in Ger­man) and, at the natio­nal level, in the Pro­duct Safe­ty Act (“PSA”). Accord­ing to the cur­r­ent­ly pre­vai­ling view, the abo­ve sta­tu­tes app­ly at the very least to soft­ware which is loca­ted in a data sto­rage medi­um or which is inte­gra­ted (“embed­ded”) into a phy­si­cal pro­duct, but the­se sta­tu­tes do not inclu­de any express obli­ga­ti­ons to pro­vi­de updates. The PSD is cur­r­ent­ly being revi­sed at the level of Euro­pean law (as we repor­ted). While the pro­po­sal publis­hed by the Euro­pean Com­mis­si­on (“EU Com­mis­si­on”) for a Regu­la­ti­on on gene­ral pro­duct safe­ty (COM(2021) 346 final) (“draft GPSR”) does not express­ly pro­vi­de for a gene­ral obli­ga­ti­on to pro­vi­de updates, it does sta­te that, in the event of a recall, the respon­si­ble eco­no­mic ope­ra­tor is requi­red to offer effec­ti­ve, cost-free and time­ly reme­di­es, which may inclu­de repairs, repla­ce­ments and refunds.

In case of self-repair by the con­su­mer, the eco­no­mic ope­ra­tor is requi­red to pro­vi­de soft­ware updates free of char­ge. In other words, the draft GPSR estab­lis­hes a future obli­ga­ti­on for respon­si­ble eco­no­mic ope­ra­tors to pro­vi­de updates in cases such as the­se. It should also be kept in mind that the scope of the draft GPSR is likely to be exten­ded to inclu­de all soft­ware products.

Accord­ing to the publis­hed amend­ments to the draft GPSR (PDF) by the Euro­pean Parliament’s Com­mit­tee on the Inter­nal Mar­ket and Con­su­mer Pro­tec­tion (“IMCO”), the term “pro­duct” is to be defi­ned as  any item, inter­con­nec­ted or not to other items (of phy­si­cal, digi­tal or mixed natu­re), sup­plied or made avail­ab­le. More recent­ly, a com­pro­mi­se pro­po­sal (PDF) from the Coun­cil of the Euro­pean Uni­on defi­ned a “pro­duct” as any item of phy­si­cal, digi­tal or mixed natu­re, so that the afo­re­men­tio­ned obli­ga­ti­on to pro­vi­de updates would app­ly to manu­fac­tu­rers, retailers, importers, et. of stand-alone soft­ware as well.

Wit­hin the sphe­re of mar­ket sur­veil­lan­ce, an obli­ga­ti­on to pro­vi­de updates may be estab­lis­hed in any indi­vi­du­al case by order of the aut­ho­ri­ties. With the imple­men­ta­ti­on of Regu­la­ti­on (EU 2019/1020) on mar­ket sur­veil­lan­ce and com­pli­an­ce of pro­ducts (the Mar­ket Sur­veil­lan­ce Regu­la­ti­on (“MSR”)) (as we repor­ted), which has been in effect sin­ce 16 July 2021, through the enact­ment of a natio­nal Mar­ket Sur­veil­lan­ce Act (“MSA”) and asso­cia­ted revi­si­on of the PSA, the pro­vi­si­ons rela­ting to mar­ket sur­veil­lan­ce were trans­fer­red from the Pro­duct Safe­ty Act, as form­er­ly amen­ded, to the Mar­ket Sur­veil­lan­ce Act. The MSA spe­ci­fies a num­ber of powers which are avail­ab­le to the mar­ket sur­veil­lan­ce aut­ho­ri­ties, with refe­rence to the MSR. Among them is the power to requi­re eco­no­mic ope­ra­tors to take appro­pria­te action to res­to­re pro­duct safe­ty. The­re­fo­re, if a soft­ware pro­duct were unsafe in any indi­vi­du­al case, the mar­ket sur­veil­lan­ce aut­ho­ri­ties would be able to order the eco­no­mic ope­ra­tor to pro­vi­de updates, as an appro­pria­te action to res­to­re pro­duct safe­ty. An obli­ga­ti­on to pro­vi­de updates may also ari­se as the indi­rect result of a recall order: by orde­ring the recall of an unsafe soft­ware pro­duct, an aut­ho­ri­ty could indi­rect­ly requi­re the eco­no­mic ope­ra­tor to over­haul the pro­duct and to update it if necessa­ry. Accord­in­gly, any update requi­re­ments from the sphe­re of mar­ket sur­veil­lan­ce do not exist as gene­ral obli­ga­ti­ons, but rather ari­se depen­ding on the cir­cum­s­tan­ces of each indi­vi­du­al case.

The AI Regulation

In April 2021, the EU Com­mis­si­on publis­hed a pro­po­sal for a Regu­la­ti­on lay­ing down har­mo­ni­zed rules on arti­fi­cial intel­li­gence (AI) (COM(2021) 206 final) (“draft AIR) (as we repor­ted). The draft Regu­la­ti­on con­tains pro­vi­si­ons which are desi­gned to ensu­re a func­tio­n­ing inter­nal mar­ket for AI, as well as ones which are desi­gned to address the poten­ti­al risks posed by AI. While the draft Regu­la­ti­on does not express­ly estab­lish a gene­ral obli­ga­ti­on for pro­vi­ders of AI sys­tems to pro­vi­de spe­ci­fic updates, the need for con­ti­nuous updates is evi­dent from the over­all con­text of the Regulation’s pro­vi­si­ons. In par­ti­cu­lar, rou­ti­ne updates would be requi­red wit­hin the frame­work of the risk manage­ment sys­tem, which is descri­bed as a “con­ti­nuous ite­ra­ti­ve pro­cess.” Updates are also men­tio­ned as poten­ti­al­ly necessa­ry main­ten­an­ce and sup­port mea­su­res, if only wit­hin the frame­work of the pro­vi­si­ons gover­ning noti­fi­ca­ti­on requi­re­ments. The same app­lies for the pre­pa­ra­ti­on of tech­ni­cal docu­men­ta­ti­on, which must inclu­de not only the soft­ware ver­si­on but also infor­ma­ti­on about any requi­re­ments with regard to soft­ware updates.

A simi­lar approach can also be found in the Regu­la­ti­on (EU 2017/745) on medi­cal devices (the Medi­cal Devices Regu­la­ti­on (“MDR”)), under which risk manage­ment repres­ents a con­ti­nuous ite­ra­ti­ve pro­cess throughout the ent­i­re life cycle of the device and the princi­ples of the soft­ware life cycle are to be obser­ved in the manu­fac­tu­re of safe medi­cal devices.

Machine­ry Pro­ducts Regulation

Direc­ti­ve (2006/42/EC) on machine­ry (the Machine­ry Direc­ti­ve), which is cur­r­ent­ly in effect, and which deals with the requi­re­ments for safe machine­ry, is cur­r­ent­ly being revi­sed by the EU Com­mis­si­on. To this end, the EU Com­mis­si­on publis­hed a pro­po­sal for a Regu­la­ti­on on Machine­ry Pro­ducts (COM(2021) 202 final) (“draft Machine­ry Pro­ducts Regu­la­ti­on”) (as we repor­ted), which appeared simul­ta­ne­ous­ly with the draft AI Regu­la­ti­on in April 2021. Accord­ing to the EU Commission’s Explana­to­ry Memo­ran­dum, this pro­po­sal is inten­ded to address “the new risks stem­ming from digi­tal emer­ging technologies.”

In par­ti­cu­lar, the pro­po­sal is inten­ded to address new risks asso­cia­ted with the uploading of soft­ware onto a pro­duct, so that updates of soft­ware which is instal­led in a machine­ry pro­duct are taken into account in risk assess­ments. Par­ti­cu­lar­ly with respect to the risks asso­cia­ted with uploading updates, the pro­po­sal inclu­des pro­vi­si­ons rela­ting to “sub­stan­ti­al modi­fi­ca­ti­ons,” which refer to (digi­tal) chan­ges to machine­ry pro­ducts after they are pla­ced on the mar­ket or put in ser­vice which could not be fore­se­en by the manu­fac­tu­rer, wher­eby the chan­ges must be so sub­stan­ti­al that the pro­duct can no lon­ger com­ply with the app­li­ca­ble health and safe­ty requi­re­ments. In the­se cases, the per­son who car­ri­es out the sub­stan­ti­al modi­fi­ca­ti­on takes on the obli­ga­ti­ons which ori­gi­nal­ly app­lied to the manu­fac­tu­rer. While this chan­ge does not requi­re eco­no­mic ope­ra­tors to pro­vi­de updates, it does estab­lish sepa­ra­te obli­ga­ti­ons in the event that an update takes place.

Eco-design Direc­ti­ve

Direc­ti­ve (2009/125/EC) estab­li­shing a frame­work for the set­ting of eco-design requi­re­ments for energy-related pro­ducts (the Eco-design Direc­ti­ve)  aut­ho­ri­zes the EU Com­mis­si­on to adopt imple­men­ting mea­su­res defi­ning bin­ding requi­re­ments for cer­tain pro­duct groups. The EU Com­mis­si­on has exer­cis­ed this aut­ho­ri­ty, issuing regu­la­ti­ons defi­ning eco-design requi­re­ments for ten pro­duct groups so far,  inclu­ding ref­ri­gera­ting app­li­an­ces, house­hold washing machi­nes and washer-drivers, house­hold dish­wa­s­hers and elec­tro­nic dis­plays. The­se imple­men­ting regu­la­ti­ons are desi­gned to ensu­re pro­duct dura­bi­li­ty and con­tain pro­vi­si­ons rela­ting to pro­duct repair and main­ten­an­ce. They inclu­de e.g. obli­ga­ti­ons to ensu­re that the pro­ducts are easy to repair, an obli­ga­ti­on to pro­vi­de repair and main­ten­an­ce infor­ma­ti­on and an obli­ga­ti­on to pro­vi­de spa­re parts and make them avail­ab­le for a cer­tain peri­od of time (seven to ten years). Given the obli­ga­ti­on to pro­vi­de spa­re parts, a duty to pro­vi­de updates the­re­fo­re exists for the abo­ve pro­duct groups to the extent that they are soft­ware pro­ducts which need to be repai­red and/or updated in any indi­vi­du­al case.

The Eco-design Direc­ti­ve is cur­r­ent­ly being revi­sed by the EU Com­mis­si­on. As part of the Euro­pean Green Deal, the EU Com­mis­si­on has publis­hed a pro­po­sal (COM(2022) 142 final) (PDF) for a Regu­la­ti­on estab­li­shing a frame­work for set­ting eco-design requi­re­ments for sus­tainab­le pro­ducts (the Eco-Design Regu­la­ti­on). At the moment, the pro­po­sal does not extend the scope of the Eco-Design Direc­ti­ve to such an extent as to estab­lish a gene­ral obli­ga­ti­on for respon­si­ble eco­no­mic ope­ra­tors to pro­vi­de updates. Howe­ver, it inclu­des express requi­re­ments for soft­ware and firm­ware updates, which may only be imple­men­ted if they do not adver­se­ly affect the product’s performance.

Pro­duct Lia­bi­li­ty Law

Wit­hin the frame­work of pro­duct lia­bi­li­ty law, it is necessa­ry to dis­tin­guish bet­ween pro­duct lia­bi­li­ty law in the nar­row sen­se and pro­duct lia­bi­li­ty law in the broa­der sense.

Pro­duct lia­bi­li­ty law in the nar­row sen­se is defi­ned by the pro­vi­si­ons of Direc­ti­ve (85/374/EEC) on the appro­xi­ma­ti­on of the laws, regu­la­ti­ons and admi­nis­tra­ti­ve pro­vi­si­ons of the Mem­ber Sta­tes con­cer­ning lia­bi­li­ty for defec­ti­ve pro­ducts (the Pro­duct Lia­bi­li­ty Direc­ti­ve) and at the natio­nal level by the Pro­duct Lia­bi­li­ty Act (“PLA”) and obli­ga­tes manu­fac­tu­rers to place only defect-free pro­ducts on the mar­ket. As part of this obli­ga­ti­on, manu­fac­tu­rers are liable regard­less of fault for dama­ges which ari­se due to defec­ti­ve pro­ducts. Becau­se manu­fac­tu­rers are liable regard­less of fault, the­re is no fur­ther obli­ga­ti­on for manu­fac­tu­rers to con­duct pro­duct sur­veil­lan­ce for pro­ducts which have been pla­ced on the mar­ket. In the absence of such a duty for manu­fac­tu­rers to con­duct pro­duct sur­veil­lan­ce, neit­her the Pro­duct Lia­bi­li­ty Direc­ti­ve nor the Pro­duct Lia­bi­li­ty Act requi­re manu­fac­tu­rers to pro­vi­de updates after their pro­ducts have been pla­ced on the mar­ket, regard­less of the ques­ti­on as to whe­ther the pro­vi­si­ons of pro­duct lia­bi­li­ty law app­ly to (stand-alone) soft­ware (as we repor­ted). The Pro­duct Lia­bi­li­ty Direc­ti­ve is cur­r­ent­ly being revi­sed by the EU Com­mis­si­on with regard to its vali­di­ty and effec­ti­ve­ness in the pre­sent day. To this end, the EU Com­mis­si­on recent­ly con­duc­ted a con­sul­ta­ti­on in order to adapt the Directive’s lia­bi­li­ty rules to the digi­tal age and to account for deve­lo­p­ments in the field of AI. An actu­al draft of the revi­sed Pro­duct Lia­bi­li­ty Direc­ti­ve is not yet avail­ab­le, but given the princip­le men­tio­ned abo­ve, the absence of a pro­duct sur­veil­lan­ce obli­ga­ti­on, obli­ga­ti­ons to pro­vi­de updates from the stand­point of pro­duct lia­bi­li­ty law are not to be expected.

In pro­duct lia­bi­li­ty law in the broa­der sen­se, a dif­fe­rent situa­ti­on app­lies: under the hea­ding of “producer’s lia­bi­li­ty,” § 823 of the Ger­man Civil Code estab­lis­hes lia­bi­li­ty for the bre­ach of “duties to safe­guard traf­fic.” Duties to safe­guard traf­fic con­form to the requi­re­ments for defect-free pro­ducts in accordance with the Pro­duct Lia­bi­li­ty Act with one important addi­ti­on: a pro­duct sur­veil­lan­ce obli­ga­ti­on. Unli­ke in cases gover­ned by the Pro­duct Lia­bi­li­ty Act, manu­fac­tu­rers sub­ject to producer’s lia­bi­li­ty are requi­red to con­ti­nue moni­to­ring their pro­ducts after they are pla­ced on the mar­ket to ensu­re that they are safe and defect-free, and to imple­ment appro­pria­te reme­di­es if necessa­ry. This addi­ti­on is foun­ded in the fun­da­men­tal natu­re of producer’s lia­bi­li­ty which, unli­ke lia­bi­li­ty in accordance with the Pro­duct Lia­bi­li­ty Act, app­lies only if the pro­du­cer is at fault. Accord­in­gly, a duty to pro­vi­de updates (for phy­si­cal, embed­ded and stand-alone soft­ware ali­ke) may exist wit­hin the frame­work of producer’s lia­bi­li­ty, and fol­lowing from the pro­duct sur­veil­lan­ce obli­ga­ti­on, pro­vi­ded that the updates repre­sent an appro­pria­te reme­dy in any spe­ci­fic case. This is par­ti­cu­lar­ly the case if secu­ri­ty vul­nera­bi­li­ties are found, or if the­re is a thre­at of cyber­at­tacks, and cer­tain updates offer a simp­le way of pre­ven­ting or at least mini­mi­zing the­se risks.

Update Obli­ga­ti­ons through the Back Door: Cur­rent Sta­te of the Art

Even though gene­ral update obli­ga­ti­ons are not express­ly pro­vi­ded for in gene­ral pro­duct safe­ty law or in pro­duct safe­ty regu­la­ti­ons for spe­ci­fic pro­duct groups, the­re is still a pos­si­bi­li­ty of intro­du­cing update obli­ga­ti­ons for eco­no­mic ope­ra­tors through the back door. In both gene­ral pro­duct safe­ty law and pro­duct safe­ty regu­la­ti­ons for spe­ci­fic pro­duct groups, the ques­ti­on as to the necessa­ry degree of pro­duct safe­ty is deter­mi­ned in each case by the sta­te of the art. Sin­ce the pro­vi­si­ons of pro­duct safe­ty law requi­re eco­no­mic ope­ra­tors not only to place only safe pro­ducts on the mar­ket but also to con­ti­nuous­ly ensu­re that their pro­ducts on the mar­ket are safe and to main­tain the sup­ply of safe pro­ducts, at least for the dura­ti­on of the product’s ordi­na­ry life cycle, they are also requi­red to account for pos­si­ble chan­ges in safe­ty requi­re­ments con­sis­tent with the cur­rent sta­te of the art. In this way, chan­ges in the tech­ni­cal regu­la­ti­ons which form the basis for the sta­te of the art may cau­se update obli­ga­ti­ons to be intro­du­ced through the back door. The same app­lies for com­pli­an­ce with the pro­duct sur­veil­lan­ce obli­ga­ti­on wit­hin the frame­work of producer’s lia­bi­li­ty in civil law. In this case as well, requi­re­ments for defect-free pro­ducts may chan­ge over a product’s life cycle as a result of new deve­lo­p­ments in the sta­te of the art. Accord­in­gly, deve­lo­p­ments in the sta­te of the art should be care­ful­ly scru­ti­ni­zed in each case wit­hin the bounds of pro­duct sur­veil­lan­ce in order to check for future update obligations.

Out­look: Right of Repair

The intro­duc­tion of a gene­ral right of repair is cur­r­ent­ly being deba­ted at length at both the EU level and the natio­nal level. Under cur­rent law, a spe­ci­fic right of repair only exists for cer­tain pro­duct groups under the afo­re­men­tio­ned imple­men­ting mea­su­res adop­ted by the EU Com­mis­si­on based on the Eco-design Direc­ti­ve (see abo­ve). Accord­ing to the EU Com­mis­si­on, the­se regu­la­ti­ons are to be exten­ded in order to crea­te a gene­ral right of repair by app­ly­ing the Eco-design Direc­ti­ve to other pro­duct groups as part of the Euro­pean Green Deal. To this end, a con­sul­ta­ti­on pro­ce­du­re for the EU Com­mis­si­on is cur­r­ent­ly under­way as part of the Green Deal’s “Sus­tainab­le Pro­duct Initia­ti­ve” (“SPI”) (as we repor­ted), and will run through the start of April 2022. At the natio­nal level, the federal government’s coali­ti­on agree­ment con­tains the goal of imple­men­ting a gene­ral right of repair, and express­ly sta­tes that manu­fac­tu­rers would be requi­red to sup­ply updates during the typi­cal use­ful life of the pro­duct. Actu­al draft legis­la­ti­on has yet to be pre­sen­ted at eit­her the Euro­pean or the natio­nal level. Germany’s Minis­ter for the Envi­ron­ment, Natu­re Con­ser­va­ti­on, Nuclear Safe­ty and Con­su­mer Pro­tec­tion, Stef­fi Lem­ke, sta­ted in an inter­view that the Ger­man government intends to imple­ment a natio­nal right of repair as noted in the coali­ti­on agree­ment right away, regard­less of deve­lo­p­ments at the EU level. But this approach was dis­car­ded in sub­se­quent inter­views, so that we will need to await deve­lo­p­ments at the Euro­pean level for the time being.

The pro­po­sal for a gene­ral right of repair has encoun­te­red hea­vy cri­ti­cism from the indus­tri­al sec­tor, as well as from a legal stand­point. From a legal stand­point, a gene­ral right of repair, with the object of regu­la­ting pro­duct dura­bi­li­ty by requi­ring manu­fac­tu­rers to sup­ply spa­re parts for a peri­od of seven to ten years, would estab­lish no-fault lia­bi­li­ty for manu­fac­tu­rers and retailers bey­ond the sta­tu­to­ry war­ran­ty peri­ods. This would requi­re not only a sin­gle chan­ge in the law, but a long list of chan­ges and addi­ti­ons to a varie­ty of laws. Asi­de from the legal struc­tu­ring of a gene­ral right of repair, cri­ti­cism has focu­sed on the ques­ti­on as to the per­sons to whom such a requi­re­ment would actual­ly app­ly. If retailers are requi­red to ensu­re that a pro­duct can be repai­red, one may ask how retailers can be expec­ted to ensu­re such a thing, given that they do not manu­fac­tu­re the pro­duct them­sel­ves, but merely dis­tri­bu­te it. The only con­ceiva­ble solu­ti­on would be to invol­ve the manu­fac­tu­rer in the actu­al con­tract of sale, with the duty to per­form repairs. Likely the hea­viest cri­ti­cism has been level­led against the pro­po­sal to requi­re manu­fac­tu­rers to sup­ply updates throughout the typi­cal use­ful life of the pro­duct. Requi­ring manu­fac­tu­rers to ensu­re that pro­ducts are func­tio­n­ing pro­per­ly for a cer­tain peri­od of time after pla­ce­ment on the mar­ket, regard­less of actu­al fault, would result in strict pro­duct lia­bi­li­ty for manu­fac­tu­rers, asso­cia­ted with a duty to con­duct pro­duct sur­veil­lan­ce for pro­ducts on the mar­ket. This would repre­sent a sub­stan­ti­al depar­tu­re from the exis­ting princi­ples of pro­duct lia­bi­li­ty law in the nar­row sen­se (see abo­ve) and could not be jus­ti­fied by a mere refe­rence to a gene­ral right of repair.

Con­clu­si­on

Update obli­ga­ti­ons with regard to soft­ware pro­ducts are cur­r­ent­ly being deba­ted with respect to a wide varie­ty of laws at both the EU level and the natio­nal level, and have alrea­dy been imple­men­ted in some cases. The­re is also a dan­ger that addi­tio­nal update requi­re­ments will be estab­lis­hed as a result of chan­ges in the sta­te of the art. Com­pa­nies should fol­low the ongo­ing updates and dis­cus­sions as part of their com­pli­an­ce manage­ment acti­vi­ties, and should be pre­pa­red for future update requi­re­ments. Plea­se let us know if we can help you imple­ment the­se requirements.

Down­load the full white­pa­per with appen­dix here.

back

Stay up-to-date

We use your e-mail address exclusively for sending our newsletter. You have the right to revoke your consent at any time with effect for the future. For further information, please refer to our privacy policy.