日本語 English

<br /> <b>Warning</b>: Undefined variable $sitetitle in <b>/home/xb675064/monolith.law/public_html/wp-content/themes/monolith_en/header.php</b> on line <b>117</b><br />

MONOLITH LAW OFFICE+81-3-6262-3248Weekdays 10:00-18:00 JST

MONOLITH LAW MAGAZINE

IT

HOME > LAW MAGAZINE > IT > Vendor Liability for Deliverables Including OSS: Explaining Civil Liability and Countermeasures for Each Type of Contract

Vendor Liability for Deliverables Including OSS: Explaining Civil Liability and Countermeasures for Each Type of Contract

IT

Vendor Liability for Deliverables Including OSS: Explaining Civil Liability and Countermeasures for Each Type of Contract

Open Source Software (OSS) is widely utilized in modern software development due to its advantages in cost reduction and improved development speed. However, incorporating OSS into projects can also lead to issues surrounding legal liabilities stemming from license violations and defects. This is particularly true for vendors who deliver products based on software development contracts, as they face realistic risks of being claimed for damages by users due to problems originating from OSS.

This article will explain the basic legal relationships regarding liability in software development using OSS, including the responsibilities of vendors according to different contract types and the possibility of disclaiming liability.

Contracts Between Vendors and Users: Either a Contract for Work or a Quasi-Delegation Contract Under Japanese Law

Contracts Between Vendors and Users: Either a Contract for Work or a Quasi-Delegation Contract

In Japan, contracts related to software development typically take the form of either a “contract for work,” which obligates the contractor (vendor) to complete a deliverable, or a “quasi-delegation contract,” which involves performing a certain task. Even for deliverables that include Open Source Software (OSS), the vendor’s legal responsibilities are determined based on these types of contracts.

What is a Contract for Work?

A contract for work, as defined in Articles 632 and subsequent of the Japanese Civil Code, is an agreement where the contractor (vendor) is paid by the client (user) to complete a deliverable. Under this contract, if the deliverable is defective, the contractor may be held liable for non-performance. For example, in a contract for work, if the completed software does not operate according to specifications, this would constitute a defect, regardless of whether the defect originated from OSS or not.

Reference: Japanese Civil Code | e-Gov Law Search

What is a Quasi-Delegation Contract?

A quasi-delegation contract, as stipulated in Articles 656 and subsequent of the Japanese Civil Code, differs from a contract for work in that it does not require the “completion of a result” but rather focuses on the “performance of a certain act” itself. Tasks such as on-site system engineering work or requirement definition fall under this category. In software development based on a quasi-delegation contract, even if there are defects in the deliverable, the vendor is only liable for non-performance if there has been a breach of the duty of care (negligence).

Vendors May Be Liable for Non-Performance if Software Is Defective

Under a contract for work in Japan, if the software is defective, the vendor may be obligated to rectify the issue or be liable for damages. Even if the defect is due to OSS, it is often difficult for the vendor to escape contractual liability, given that they incorporated the OSS into the deliverable.

Even under a quasi-delegation contract, if the selection and implementation of OSS are clearly inappropriate, the vendor may be held responsible for a breach of duty of care. Assessing the risks associated with OSS and verifying the usage licenses are critical obligations for the vendor.

Vendor Strategies for Delivering Programs Containing Open Source Software (OSS) Under Japanese Law

What measures can vendors take to avoid or limit civil liability when delivering programs that include Open Source Software (OSS)? The following contractual measures can be considered:

Establishing Exemption Clauses to Absolve Vendors from Breach of Contract Liability

The circumstances under which contractual liability is assumed can generally be freely determined through mutual agreement between the parties. Therefore, it is possible to avoid liability for breach of contract by establishing exemption clauses stating that the vendor is not responsible for any issues or license problems originating from OSS.

In this case, the contract may include clauses such as, “The vendor shall not be liable for any defects arising from OSS.”

Exemption Clauses are Invalid Under the Japanese Consumer Contract Act When the User is a Consumer

If the user is an individual, not a corporation, and is requesting software as part of their consumer life rather than for business purposes, the Japanese Consumer Contract Act applies to the contract.

Article 8, Paragraph 1, Item 1 of the Japanese Consumer Contract Act stipulates that clauses which “exempt the business operator from all liability for compensation for damages caused to the consumer by the business operator’s breach of obligation” are invalid. Therefore, even if there is an exemption clause in the contract, the vendor cannot escape liability if the user is a consumer.

Reference: Japanese Consumer Contract Act | e-Gov Law Search

Potential Violation of Public Order and Morals Regardless of User Attributes

Regardless of whether the user is a private consumer or not, one-sided exemption clauses may be deemed invalid under Article 90 of the Japanese Civil Code.

Article 90 of the Japanese Civil Code states that “legal acts that are contrary to public order or good morals are invalid.” For example, if a vendor intentionally or through gross negligence conceals risks associated with OSS, any exemption clauses may be invalidated, and the vendor may still be liable for damages.

It is essential, from a practical risk management perspective, not only to establish contractual exemption clauses but also to fulfill the responsibilities of selecting, managing, and explaining OSS.

Vendor Liability When the User Specifies the Use of OSS

In practice, users may sometimes specify the use of OSS. In the case of a contract for work, the contractor may be exempt from liability under the main text of Article 636 of the Japanese Civil Code if the client’s instructions are inappropriate.

However, if the contractor is aware that the client’s instructions are inappropriate, they cannot be exempt from liability under the proviso of Article 636 of the Japanese Civil Code.

In the case of a quasi-mandate contract, there is a possibility of being exempt from liability if there is no breach of the duty of due care. However, similar to a contract for work, if the contractor is aware that the client’s instructions are inappropriate, they may be deemed to have breached the duty of due care.

If the specified OSS is known to have security risks or licensing issues, and the vendor adopts it without pointing out these problems, they may be held responsible. As a vendor, it is their duty not to blindly accept the user’s instructions but to reconfirm from a professional standpoint and, if there are issues, to point them out and report them. Even if they could not refuse to use it, it is necessary to communicate concerns in writing and share the risks to prepare for any future liability claims.

OSS Developers Are Generally Not Liable Under OSS Licenses

OSS Developers Are Generally Not Liable Under OSS Licenses

It should be noted that even if there are defects in Open Source Software (OSS), this software is available for use free of charge, and developers typically specify in the license document that the software is provided “as is.” They clearly state that they are not responsible for bugs or security vulnerabilities.

This is a fundamental principle of OSS licenses. For example, the MIT License, Apache License, and GPL all include disclaimers at the end of the license that state, “No warranty is given, either expressed or implied.” Therefore, in the event of defects in the OSS itself, it is unusual for OSS developers to be held civilly liable for claims such as damages.

Conclusion: Consult a Lawyer for Contracts Involving Software Development Using OSS

While Open Source Software (OSS) is widely utilized in many development environments, it also encompasses legal and contractual risks. Even if OSS licenses stipulate that developers are not liable, vendors who use OSS to create deliverables can still be held civilly liable based on contractual relationships. In particular, under a contract for work, if the deliverable has defects, the vendor may be held responsible for non-performance of obligations, and even under a quasi-commission contract, neglecting the duty of care can lead to liability for non-performance.

To prepare for such risks, it is essential to limit liability in the contract, establish a system for selecting OSS and complying with licenses, and ensure transparent information sharing with users. To maximize the benefits of OSS while appropriately managing vendor responsibilities, preparing for legal risks is indispensable.

Guidance on Measures by Our Firm

Monolith Law Office is a law firm with high expertise in both IT, particularly the internet, and legal matters. Our firm provides contract drafting and review services for a wide range of clients, from Tokyo Stock Exchange-listed companies to venture businesses. For more information on contract drafting and review, please refer to the following article.

Areas of practice at Monolith Law Office: Contract Drafting & Review, etc.

Managing Attorney: Toki Kawase

The Editor in Chief: Managing Attorney: Toki Kawase

An expert in IT-related legal affairs in Japan who established MONOLITH LAW OFFICE and serves as its managing attorney. Formerly an IT engineer, he has been involved in the management of IT companies. Served as legal counsel to more than 100 companies, ranging from top-tier organizations to seed-stage Startups.

Category: IT

Tag:

Related Articles

How to Resolve System Development Disputes through Negotiation

How to Resolve System Development Disputes through Negotiation

IT

What is the Law Surrounding the 'Flameout' of System Development Projects?

What is the Law Surrounding the 'Flameout' of System Development Projects?

IT

What are the Points to Note When Entering into a Subcontracting Agreement for System Development?

What are the Points to Note When Entering into a Subcontracting Agreement for System Development.

IT

Who Owns the Copyright of a Program's Source Code in Japanese Law?

Who Owns the Copyright of a Program's Source Code in Japanese Law?

IT

How to Preserve Evidence of Defamation on Instagram? Explaining Methods to Save Admissible Evidence for Court Use

How to Preserve Evidence of Defamation on Instagram? Explaining Methods to Save Admissible Evide.

IT

Understanding Crypto Asset Mining: A Guide for Investors and Business Owners

Understanding Crypto Asset Mining: A Guide for Investors and Business Owners

IT

What Makes Blockchain a Novel Technology?

What Makes Blockchain a Novel Technology?

IT

Damaged by Cyber Attacks. What is the Liability for Damages of System Vendors? Explanation of Contract Document Examples

Damaged by Cyber Attacks. What is the Liability for Damages of System Vendors? Explanation of Co.

IT

What are the Laws Related to Disputes and Troubles at the System Operation Stage?

What are the Laws Related to Disputes and Troubles at the System Operation Stage?

IT


tag

Advertisement Review AI (ChatGPT and others) Contract Drafting and Review Cross-border Crypto Assets and Blockchains Cybercrime formula1 General Corporate ID of the Defamatory Statement Incorporation Internet IPO IPO in Japan IT Legal Support for VTuber Legal Support for YouTuber M&A M&A of SNS Accounts Mitigating Reputational Damage Personal Information Protection System Development Terms of Use

Weekly Popular Articles

Return to Top