The EU has just adopted a directive on the civil liability of publishers in the event of damaging flaws in their products. Users will thus be able to demand compensation for damage caused by defective software.
Recently, we have seen an increase in computer threats and the proliferation of exploited security vulnerabilities. This is partly because the software industry is largely shielded from liability in the event of a defect or problem, leading to underinvestment in product security.
Also, earlier this month, the Council of the European Union issued a directive updating European legislation on liability for digital products, which will now be held to the same requirements as physical goods. Under this lawconsumers will be able to seek compensation for damage caused by defective products without having to prove that the seller was negligent or irresponsible. This not only takes into account personal injury or property damage, but also damages for loss or destruction of data in the case of software products. The update of the rules also aims to remedy the difficulties encountered by injured parties in gathering evidence of liability. In this way, the authorities hope that software publishers will be encouraged to improve the security of their products.
IT security: a directive to update the legislation
From now on, the directive imposes clear civil liability standards on publishers, forcing them to answer for damage caused by their products. Concretely, this means that users will be able to demand compensation for damage caused by defective software without having to prove negligence on the part of the publisher.
These new liability rules not only benefit consumers, but also encourage the deployment and adoption of new technologies while providing legal certainty. “The product liability rules that the Council adopted today are good news for consumers and manufacturers. It will make it easier for an injured person to obtain redress in court.”explains Bence Tuzson, Hungarian Minister of Justice. “Manufacturers, for their part, will benefit from clear rules regarding business models in the area of digital products and the circular economy.”
IT security: holding software publishers accountable
The changes brought about by this new directive will not be visible immediately. In fact, it will only come into force on the twentieth day following that of its publication in Official Journal of the European Union. Member States then have two years to transpose the directive into their national laws. Enough to give businesses time to adapt.
The update of the legislation may seem harsh towards software publishers, but its scope of application is limited. Indeed, it only applies to natural persons and individuals, and damages for professional use are explicitly excluded. However, there is still room for collective action, such as class action suits. In addition, it offers margins of exemption to publishers in specific cases. For example, a flaw deemed “undetectable” with regard to the technologies and knowledge available at the time the software was marketed exempts its publisher from prosecution. This should have a significant impact on the digital market!