Safety- and Liability-Related Aspects of Software

Guiding Principles for safety and liability with regard to software

The following Guiding Principles summarise the main findings of Sections 1 to 5 of this Study that form the basis of the options for action at EU level discussed in Section 6 and the key recommendations in Section 7. They may serve as recommendations for legislators at EU as well as at national level and, where possible under the framework of the applicable legal regime, as guidance for courts.

Chapter I: The Role of Software in Safety and Liability Law

Principle 1: ‘Software’ within the meaning of these Principles

In a safety and liability context, ‘software’ should be understood as comprising digital content and digital services as defined by Directive (EU) 2019/770. This is to reflect the increasing commutability of software in the more traditional sense of a set of instructions and of ‘mere data’ (e.g. an electronic map). This is also to reflect the functional equivalence of software stored on the user’s device and access to digital infrastructures beyond the immediate physical control of the user (e.g. Software-as-a-Service, SaaS).

Principle 2: Commitment to both safety and liberty in software development

(1)

Also with regard to software, Europe should maintain its policy that products placed on the market need to be safe, and that safety precautions may be justified even where their overall cost exceeds the monetary dimension of harm prevented by them and any hypothetical compensation. Whether an ALARP or an AFAP approach to risk control is to be preferred depends on the type and gravity of the relevant risks.

(2)

Any law on safety and liability with regard to software must take into account the characteristics of software development and distribution, such as that software is developed in a dynamic way, often through the collaboration of many different parties from across the globe, that these parties may be players of very different size and motivation, and that distribution can occur worldwide without significant cost or logistical barriers.

(3)

Nothing in these Principles must be construed as suggesting measures that would mean a disproportionate obstacle for software development and distribution, including open software development and access to software supplied from outside the Union. All measures suggested must be read as having appropriate exceptions, e.g., for open and distributed software development, or as being restricted to appropriate cases, e.g. to where the software exceeds a particular level of risk or where the producer exceeds a particular size.

Principle 3: Products with software elements

(1)

Where the law currently provides for safety and liability rules for tangible items, those rules need to be adapted so as to fully take into account the characteristics of tangible items ‘with software elements’. In doing so, they should seek to achieve, as far as appropriate, consistency with the treatment of ‘digital elements’ within the meaning of Directive (EU) 2019/771.

(2)

Tangible items ‘with software elements’ include tangible items that incorporate, or are inter-connected with, software in such a way that the absence of that software would prevent the items from performing the functions ascribed to them by their producer or a person within the producer’s sphere, or which the user could reasonably expect, taking into account the nature of the items and the description given to them by the producer or a person within the producer’s sphere.

(3)

The producer that has to ensure safety and may become liable for tangible items needs to ensure safety and assume liability for such digital elements within the meaning of paragraphs (1) and (2) as are described as being suitable for the tangible items by the producer or a person within the producer’s sphere, irrespective of whether such software elements are supplied by the producer or by a third party. In the event of doubt, the software elements shall be presumed to be described as being suitable.

Principle 4: Add-on software altering the features of other products

Where software is intended to be loaded upon hardware in cases other than those covered by Principle 3, or combined with other software, in a way altering the functionality of that hardware or other software, the producer of the first software becomes responsible for the safety of the combined product insofar as the relevant functionality is concerned. Where conformity assessment procedures are foreseen for the hardware or other software, that producer must conduct these procedures as if that producer had placed the combined product on the market. This is without prejudice to the responsibility of the producer of the hardware or other software under Principle 5.

Principle 5: Software and hardware as components of digital ecosystems

(1)

Software components must be safe in all digital environments they will foreseeably be run in. Producers of hardware and software must, therefore, be subject to more far-reaching obligations under Principles 3 and 4, ensure safety-preserving compatibility with other software and hardware or, where the combination of components would pose a safety risk, provide for appropriate warnings and other appropriate action including, where necessary in the light of the gravity of the risk and the relevant target group, for technical features that prevent the components from being run together.

(2)

Where the producers of different components of digital ecosystems market their products as being recommended to run together, and where it is clear that one component must have caused harm in a way triggering liability, while it is unduly difficult for the victim to prove which of the components ultimately caused the harm, the producers of all components that might have caused the harm should be jointly and severally liable to the victim.

Principle 6: Standalone software as a product in its own right and equivalence of hardware and software

(1)

Where the law currently provides for safety and liability rules for products in general, those rules should be extended to, or be interpreted as covering, standalone software within the broad meaning of Principle 1 (i.e. including, for instance, SaaS). This is without prejudice to creating new rules specifically for software, which may be the preferable option.

(2)

Where the law currently provides for sectoral safety and liability rules for particular items, those rules should be extended to, or be interpreted as covering, standalone software if the latter can be functionally equivalent to the items primarily covered.

(3)

Paragraphs (1) and (2) should apply to off-the-shelf and customised software alike to the same extent as the law currently applies to both off-the-shelf and customised tangible items.

Chapter II: A Dynamic Concept of Software Safety

Principle 7: Software safety for all target groups

(1)

Software must be safe for the different degrees of diligence and digital literacy and skills that can be expected from the group that will foreseeably be using the software (whether or not intended for them), including in particular, where applicable, vulnerable user groups. This includes the way safety updates are offered to or imposed upon users and the extent to which hardware or software allows different software to be run in conjunction with it.

(2)

Where it is impossible to design software in a way that it is safe for all groups, reasonable measures must be taken to ensure...