EC wants software makers held liable for code

After identifying gaps in EU consumer protection rules, the European Commission is proposing that software makers give guarantees about the security and efficiency of their code.

Tom Espiner Special to CNET News
3 min read

Software companies could be held responsible for the security and efficacy of their products, if a new European Commission consumer protection proposal becomes law.

Commissioners Viviane Reding and Meglena Kuneva have proposed that EU consumer protections for physical products be extended to software. The suggested change in the law is part of an EU action agenda put forward by the commissioners after identifying gaps in EU consumer protection rules.

A priority area for possible EU action is "extending the principles of consumer protection rules to cover licensing agreements of products like software downloaded for virus protection, games, or other licensed content," according to the commissioners' agenda. "Licensing should guarantee consumers the same basic rights as when they purchase a good: the right to get a product that works with fair commercial conditions."

"Digital content is not a tangible good and should not be subject to the same liability rules as toasters."
--Francisco Mingorance, BSA director of public policy

EU consumer commissioner Kuneva said that more accountability for software makers, and for companies providing digital services, would lead to greater consumer choice.

"If we want consumers to shop around and exploit the potential of digital communications, then we need to give them confidence that their rights are guaranteed," Kuneva said. "That means putting in place and enforcing clear consumer rights that meet the high standards already existing in the main street. (The) Internet has everything to offer consumers, but we need to build trust so that people can shop around with peace of mind."

The Business Software Alliance (BSA), which represents the interests of software makers including Apple, IBM, and Microsoft, criticized the proposals.

"Digital content is not a tangible good and should not be subject to the same liability rules as toasters," Francisco Mingorance, BSA director of public policy told ZDNet UK on Thursday. "Unlike tangible goods, creators of digital content cannot predict with a high degree of certainty both the product's anticipated uses and its potential performance."

Mingorance said the performance of a piece of software depends on the environment it operates in, how the code is updated, whether it is possible to adapt and modify the software, and whether the code is attacked.

According to Mingorance, the proposed regulatory extension would cover all software, including beta products, and would cover both proprietary and open-source software.

Right now, under the current EU Sales and Guarantees Directive, physical products are expected to carry a guarantee of two years. Extending those terms to software would have the effect of limiting customer choice, as contract terms would have to be extended to a minimum of two years, Mingorance added.

"Extending the scope would force the businesses to maintain update services for such contracts beyond the contractual term and ultimately limit the choice of offers," the BSA director said. "It is like renting your house for a summer month and being then obliged to extend the rent for another 23 months."

In addition, Mingorance said that extending consumer regulation to software could lead to less interoperability between software products, as manufacturers might decide to limit how far third-party developers could access their code.

Software companies have long argued against accepting responsibility for the security and efficiency of their code. Linux kernel developer Alan Cox in 2007 told a House of Lords Committee that neither proprietary nor open-source developers should be held accountable for their code.

Tom Espiner of ZDNet UK reported from London.