Obligation to update digital products in delivery agreements

The analysis of the obligation to update digital products is crucial for identifying the legal and practical challenges suppliers face and contributes to the improvement of the legal framework and consumer protection in the digital age. Understanding the legal basis and specifics of this obligation contributes to better regulation and market alignment of digital products, which in the long run increases consumer trust and market stability.

2.    Theoretical Framework and Methodology

Following the introductory section that lays the foundation for understanding the obligation to update digital products, this chapter describes the research methods used in this study, as well as the materials that formed the basis for the narrative. The qualitative research methodology employed in this study encompasses several key steps, allowing for a deep understanding of the legal framework and practical implications of the obligation to update digital products.

Analysis of Legal Texts

The first phase of the research involved the analysis of legal texts, where the primary research method focused on analyzing relevant legal documents, with a particular emphasis on the provisions of the German Civil Code (BGB) that regulate the obligation to update digital products. Specifically, Articles 327 to 327u of the BGB, which became part of the Code through the implementation of Directive (EU) 2019/770, were used. This analysis provided a deep understanding of the legal framework governing the obligation to update digital products in Germany, laying the groundwork for further research and analysis.

Analysis Technique: A content analysis methodology was used to identify key provisions and their significance in the context of the updating obligation. The analysis included decomposing legal texts into their basic elements and evaluating each element in relation to the supplier’s obligation to provide updates. Steps in the analysis included:

• •    Identification of relevant legal documents and articles within the German Civil Code.

• •    Decomposition of legal texts into individual provisions.

• •    Evaluation of legal provisions through comparison with EU practice and international standards.

• •    Synthesis of findings to formulate implications for suppliers and consumers.

3.    The Necessity of Software Updates

Literature Review

Materials Used for Forming the Narrative of the Study

Additionally, legislative documents and explanations were used, including the "Rationale of the Draft Law for the Implementation of Directive (EU) 2019/770", which provides the rationale for the draft law implementing Directive (EU) 2019/770 into the German Civil Code. Finally, practical examples from the practice of digital product suppliers, including case studies illustrating the implementation of the update obligation, were essential for understanding how this obligation is carried out in the real world and what challenges the relevant actors face. In addition to the analyzed legal texts and legal literature, considerations were made regarding how the future legislative framework in Serbia might be shaped under the influence of European standards, with a special focus on regulating the obligations for updating digital products. It is expected that the adoption of such regulations could significantly enhance consumer protection and ensure legal certainty in Serbia's digital economy.

Software represents a special type of digital product that requires regular updates to remain functional and secure. Due to rapid technological development, software becomes obsolete within a few years if not updated. The main reasons for software updates are:

• •    Correction of errors and bugs that affect the functionality and stability of the software

• •    Improvement of performance and speed of the software

• •    Ensuring compatibility with new hardware and other software

• •    Fixing security vulnerabilities and protecting against cyber threats

• •    Adding new features and enhancing user experience

  Software suppliers have a legal obligation to provide regular updates for their products within a certain period. However, in practice, they may stop providing support and updates after some time. The digital transformation of business models, including aspects such as updates and upgrades of digital products, is thoroughly analyzed in the work of Schallmo, Williams, and Boardman (2017).

The consequences of outdated, non-updated software can be serious, ranging from loss of functionality and inability to access data to compromising system security. Therefore, users must be aware of the importance of regular software updates and demand that manufacturers fulfill their legal obligations. In the future, regulations on the mandatory minimum support and updates that software manufacturers must provide will likely need to be tightened. This is necessary to protect the interests and rights of software users.

Regular software updates are imperative for maintaining its functionality and security. Just as a car owner expects the manufacturer to fix safety defects for free, even if the vehicle is new, software users have the right to receive updates that fix identified errors and omissions. Unfortunately, software code, as a product of human creation, can never reach perfection. Despite the utmost dedication, programming teams cannot foresee all potential problems. Therefore, the process of improving software is continuous and necessary. New security holes, interoperability issues, and opportunities for performance and user experience improvements are discovered daily. Updates provide remedies for these issues. If users ignore them, the software becomes increasingly insecure and less usable. Operating systems like Windows require regular installation of security patches. Failing to do so makes the computer vulnerable to hacking and data loss. Similarly, applications like Zoom or

• •    Accumulation of technical debt. Although developers continuously fix bugs, they often introduce new bugs or temporary patches that later become problematic. Over time, a growing mass of poor code is created, which is hard to maintain.

• •    Erosion of architecture. Over time, deviations from the original software design occur, introducing changes that compromise the integrity of the architecture. The software becomes an incoherent patched structure.

• •    Obsolescence of technology. Technologies used for the original software become legacy and harder to integrate with newer solutions. Old software becomes incompatible.

• •    Lack of documentation. Knowledge about how the software works fades over time. Programming teams change and lose the institutional knowledge needed to maintain the system.

• •    Increasing complexity. Larger and more complex software is harder to maintain and debug. Even small changes can cause unforeseen consequences.

4.    Provisions of the German Civil Code Relevant to the Obligation to Update 5.    Specification of the Obligation to Update

To avoid software aging, sometimes it is necessary to redesign or rewrite the software from scratch on a new platform. This allows resetting errors and technical debt, restoring the architecture, and utilizing modern technologies. Of course, this is an expensive and risky endeavor but sometimes necessary to extend the lifespan of a valuable software system.

Strategies such as agile development, continuous integration, automated testing, and better documentation can slow down the process of software aging. But in the end, most software requires redesign if it is to survive the test of time. Software maintenance is a dynamic process of adaptation, not a one-time effort.

For a digital product to be in conformity with the contract (simply put, conforming or compliant), it must be delivered to the consumer without material and legal defects (Article 327d of the German Civil Code, amended in 2021, in accordance with Directive (EU) 2019/770). The provisions relevant to the obligation to update concern material defects. A digital product has no material defects if it meets the so-called subjective and objective requirements, as well as the requirements regarding integration, all three of which must be cumulatively fulfilled (Article 327e para.1 of the German Civil Code, amended in 2021, in accordance with Directive (EU) 2019/770). Of these requirements, the subjective and objective requirements are relevant for the obligation to update. Specifically, a digital product meets the subjective requirements if the supplier, among other things, makes updates available to the consumer for the period specified in the contract between the supplier and the consumer (Article 327e para.2 no. 3 of the German Civil Code, amended in 2021, in accordance with Directive (EU) 2019/770). Thus, it is an expressly agreed obligation of the supplier to make updates available to the consumer, the type, frequency, scope, and duration of which are determined by the supplier and the consumer (Buchmann & Panfili, 2022, p. 162; Mayasilci, 2022, p. 12). However, even if the obligation to update is not expressly agreed upon in the contract for the supply of the digital product between the supplier and the consumer, the supplier still has such an obligation. Specifically, a digital product meets the objective requirements if the supplier, among other things, makes updates available to the consumer and informs them about them in accordance with the rules of Article 327f of the German Civil Code (Article 327e para.3 no. 5 of the German Civil Code, amended in 2021, in accordance with Directive (EU) 2019/770), which thoroughly regulates the supplier’s obligation to update.

Article 327f of the German Civil Code stipulates that the supplier must ensure that, during the relevant period, updates necessary to maintain the conformity of the digital product are made available to the consumer, and that the consumer is informed about these updates. Necessary updates include security updates. Regarding the relevant period for which updates must be available, a distinction is made between contracts for the continuous supply of a digital product and contracts that provide for a one-time supply of a digital product or a series of individual supplies of a digital product. In the case of contracts for the continuous supply of a digital product, the relevant period is the entire agreed period of supply, while in the case of a one-time supply of a digital product or a series of individual supplies, it is the time interval that the consumer can expect, taking into account the type and purpose of the digital product, as well as the circumstances under which the contract was concluded, and the type of contract (Article 327f para. 1 of the German Civil Code, amended 2021, in accordance with Directive (EU) 2019/770). However, the installation of updates is not the obligation of the supplier but is left to the will of the consumer. Thus, the consumer may or may not install the updates, which will have certain consequences. Specifically, if the consumer fails to install the updates within a reasonable period, the supplier is released from liability for a material defect based solely on the missing update, provided that the supplier informed the consumer about the availability of the updates and the consequences of failing to install them, and that the reason the consumer did not install or did not properly install the updates was not due to incorrect installation instructions provided by the supplier (Article 327f para. 2 of the German Civil Code, amended 2021, in accordance with Directive (EU) 2019/770).

In the context of the legislation of the Republic of Serbia, the relevant legal provisions currently do not comprehensively cover the obligation to update digital products, but existing laws, such as the Law on Obligations and the Consumer Protection Law, provide a basis for further regulation. The Law on Obligations, in Article 478, stipulates the seller’s liability for material defects in goods, which could be extended to digital products through a more precise definition of the suppliers’ obligations regarding updates (Law on Obligations, 1978). Additionally, the Consumer Protection Law contains provisions that protect consumers from unfair business practices and ensure the right to information, which includes the obligation of suppliers to provide clear information about updates and their consequences (Consumer Protection Law, 2014). Implementing specific provisions on the obligation to update digital products in these laws would contribute to better consumer protection and alignment with European legal standards, especially given the growing importance of digital technologies in everyday life (Directive (EU) 2019/770, 2019). By introducing such legal solutions, Serbia would ensure that its legislation keeps pace with contemporary legal challenges and technological development.

As mentioned in the introduction, the supplier often will not be the manufacturer of the digital product and therefore will not be able to produce the necessary updates themselves. However, this is not expected of them (Mayasilci, 2022, p. 10). The supplier is obligated to ensure that the necessary updates are available to the consumer. From this formulation, it follows that the supplier does not need to personally fulfill the obligation to update but can use assistants to fulfill this obligation (Mayasilci, 2022, p. 10), for example, by involving the manufacturer in the process of fulfilling this obligation.

The problem arises from the fact that precisely defining and distinguishing the terms Update and Upgrade is not always possible. In the Serbian language, the terms “ažuriranje” and “Update” are often used as synonyms and denote changes made within the existing version of the software, while “Upgrade” refers to an upgrade, i.e., transitioning from an old version to a new version of the software. However, in practice, all three terms are often used interchangeably. Accordingly, attempts to distinguish between them may seem unnecessary and ineffective for specifying the obligation to update. Therefore, to specify the obligation to update, one should rely on the legal text, according to which the supplier owes updates necessary to maintain the conformity of the digital product. This includes all updates necessary to maintain the functionality, compatibility, and security of the digital product. The functionality of the digital product refers to its ability to perform its functions according to its purpose, while compatibility refers to the ability to operate with appropriate hardware and software without the need for conversion (Article 327e para. 2

6.    Duration and Timing of the Obligation to Update

The new European Union initiative called the Digital Product Passport (DPP) represents a significant step towards improving the tracking, identification, and transparency of digital products on the EU market (Worldfavor, 2023). The Digital Product Passport allows for detailed tracking of the entire life cycle of a product, from production to recycling, thereby increasing the accountability of manufacturers and suppliers. This initiative aims to enhance sustainability, reduce the ecological footprint, and improve consumer protection by providing clear information about the composition, origin, and environmental impact of products. The implementation of the DPP enables consumers to make informed decisions, while legislators and suppliers gain a tool for monitoring compliance with legal regulations.

Additionally, the Digital Product Passport encourages innovations in the field of the circular economy, as it facilitates the identification and reuse of materials. This initiative, which is part of the broader European Union strategy for digital transformation and sustainable development, can serve as a model for legislative reform in Serbia, particularly in the context of regulating the obligation to update digital products. Integrating similar solutions into Serbian legislation would contribute to improving legal certainty and consumer protection, as well as enhancing environmental standards at the national level. Within the DPP framework, there is also an obligation to update the information contained in the passport throughout the entire life cycle of the product. This means that manufacturers and suppliers must regularly provide updates that reflect changes in the product’s composition, performance, safety features, and environmental impact. This obligation to update ensures that the information in the digital passport is always accurate and relevant, thereby further increasing transparency and consumer trust. The implementation of such obligations in Serbia could significantly contribute to better information management practices for digital products and ensure that consumers are adequately informed throughout the entire product life cycle.

7.    Installing Updates

The German Civil Code (Bürgerliches Gesetzbuch, BGB) stipulates that the supplier is not liable for a material defect in the digital product if the consumer fails to install updates within a reasonable time, provided that the supplier has informed the consumer about the availability of the updates and the consequences of failing to install them, and that the failure to install or improper installation is not caused by incorrect instructions from the supplier (Article 327f para. 2 of the German Civil Code, amended 2021, in accordance with Directive (EU) 2019/770). The term “installing” refers to the measures the consumer must undertake, which include copying the content of the updates and executing other necessary steps specified by the supplier (Rationale of the Law, p. 60). The consumer should install the updates within a reasonable period, and the determination of this period is left to judicial practice. The rationale of the law provides guidelines for determining a reasonable period, taking into account the risks to the consumer’s digital environment in case of non-installation (especially for security updates), the time required for installation, and the impact of updates on other hardware and software (Rationale of the Law, p. 60). The supplier is only obligated to ensure the availability of updates to the consumer. The decision to install updates lies 148

8.    Conclusion

The analysis of the supplier’s obligation to update digital products, based on the provisions of the German Civil Code and applied in the context of Serbian legislation, leads to several key conclusions. Digital products, due to their specific nature, require continuous updates to maintain essential functionalities and security, which is crucial for consumer protection. This obligation arises from the need to maintain the compatibility and security of products, ensuring their long-term usability and user satisfaction. The legal basis for the obligation to update is not limited to explicitly agreed conditions, as the legal framework, particularly the German Civil Code, provides for it even when not expressly stated in the contract. This implicit obligation is significant for legal certainty and consumer protection, ensuring the responsibility of manufacturers and suppliers to maintain digital products. The provisions of the German Civil Code serve as a foundation for analysis, but their relevance to Serbian legislation is especially important in recognizing the need for similar legislative solutions. Tightening regulations on the mandatory minimum support and updates that software manufacturers must provide could significantly contribute to consumer protection and maintaining high-quality standards for digital products in the Serbian market. Suppliers face significant legal and practical challenges regarding the obligation to update. These challenges include coordinating with digital product manufacturers and informing consumers about the availability and consequences of updates. Effective communication and transparency with consumers are key to successfully fulfilling these obligations and avoiding potential legal issues.

Further regulation and clear definition of the obligations to update digital products in Serbian legislation are necessary. Additional regulation would provide better consumer protection and ensure that digital products remain reliable and safe throughout their lifecycle. Suppliers should adopt proactive strategies to fulfill their obligations, thereby increasing consumer trust and the long-term value of digital products.

Ječmenić Milan

Univerzitet MB, Poslovni i pravni fakultet, Beograd, Srbija

Ivković Ratko

Univerzitet MB, Poslovni i pravni fakultet, Beograd, Srbija