Does the software update obligation bring new risks for companies?
17.05.2022By Dr. Lutz Keppeler
At the turn of the year, some changes in the Civil Code came into force. Among them are rules on the software update obligation of digital products – this obligation for sellers benefits many consumers. In theory, a very good thing, but above all it remains to be seen for what period of time a consumer (or a consumer protection center) can request updates.
Since this year, companies that sell digital products have been obliged to regularly update these products – the period is still unclear.
(Image: everythingpossible – stock.adobe.com )
In the summer of 2021, when Political Germany was already in the midst of campaign fever, the Grand Coalition, as one of its last official acts, transposed an important EU directive into national law: the law regulating the sale of things with digital elements and other aspects of the purchase contract obliges companies that sell products with software to offer updates for it, as long as “the consumer can expect updates due to the nature and purpose of the thing”. These products include smartphones and other mobile phones, but also smartwatches, fitness trackers, refrigerators with screens and Bluetooth and personal digital assistants such as Google Home, the Apple HomePod or Amazon’s Echo.
So far, the case law has been restrictive: even against the sale of a smartphone from a Chinese manufacturer, which had never received a security update and had several serious security vulnerabilities at the time of sale, nothing could be done in court before the change of law. The German courts saw neither dealers nor manufacturers in the obligation. This is now fundamentally changing!
EU directive cast into German law
The background is the EU Sales of Goods Directive of 2019. Companies that sell digital products are now obliged to regularly update these products – classically, this is about mobile phones or laptops, on which the manufacturer is constantly playing new versions. In addition, both the seller and the supplier of the digital products ensure their functionality and security with regard to IT after the sale. It is not clear exactly how long the buyer can make this claim. According to the law, there is a period within which regular updates can be “expected as appropriate” by the consumer. One can say: With the directive and the transfer to German law, contract law in the Federal Republic is – finally – arriving in the age of digitization.
New rules for consumer contracts – new rights for consumers
There are fundamentally new rules for consumer contracts. They are intended to ensure uniform warranty rights when consumers use digital products such as smartphone apps and streaming services such as Netflix, Amazon Prime and co. The “Rules for Consumer Contracts for digital products” are part of the “Law implementing the Directive on Certain aspects of contract Law for the provision of digital content and Digital Services” according to EU Directive 2019/770 in the Civil Code.
What does this mean in concrete terms? Consumers now have warranty rights that are much more comprehensive than before. Specifically, the new rules allow you to claim damages, terminate your contract prematurely or get a discount if the seller does not comply with the rules: you must always ensure that your products remain usable thanks to the updates after the contract agreement – this also includes updates that affect the safety of the respective product. The length of the updates is not exactly fixed. For subscriptions – such as streaming services or paid app subscriptions – the obligation applies as long as the subscription is running. In the case of classic sales contracts – as mentioned at the beginning – a period takes effect that can be “reasonably expected” by the consumer.
Question: Length of the update obligation
The exact length of the update obligation here definitely depends on the type of product and the type of contract: if, for example, a regular remuneration is required for the use of an app, the update obligation exists for the full term of the contract. When buying a smart device, it probably depends on the expected life cycle of the product. With a relatively inexpensive device with a low risk potential (for example, a cheap fitness bracelet), it can be well argued that the update obligation does not exceed the warranty period. With a more expensive device, which you buy for a longer time (possibly a robotic lawn mower or a smart vacuum cleaner), you can better argue for a longer update obligation. It is sometimes argued that the concept of “depreciation” can be used: according to this, an update obligation must apply until the value of a thing is written off in accounting. However, it remains questionable whether this concept, conceived for companies, can be applied to consumer contracts. One thing is clear: for expensive high-risk devices, such as a pacemaker, long update periods should be assumed, which go well beyond the usual warranty period.
Who is complaining?
Consumers will typically only come up with the idea of suing if they themselves suffer damage due to a missing update (for example, because a hacker, which causes high costs, has gained access to the home network through a non-updated smart device). But consumer protection centers or competitors (who think they can do better) can also warn and sue. In any case, it is clear: without jurisdiction, it is hardly possible for companies to precisely determine the legally required update period. It would have been desirable if the legislator had had more understanding for the many providers of smart devices and consumer software and significantly reduced the legal uncertainty by using their own examples!
About the author: Dr. Lutz Keppeler is a lawyer and salaried partner at the law firm Heuking Kühn Lüer Wojtek. His main areas of expertise are IT and communications law as well as cybersecurity matters.