{"id":65744,"date":"2025-07-24T19:56:56","date_gmt":"2025-07-24T10:56:56","guid":{"rendered":"https:\/\/monolith.law\/en\/?p=65744"},"modified":"2026-01-17T08:06:39","modified_gmt":"2026-01-16T23:06:39","slug":"oss-contract","status":"publish","type":"post","link":"https:\/\/monolith.law\/en\/it\/oss-contract","title":{"rendered":"Vendor Liability for Deliverables Including OSS: Explaining Civil Liability and Countermeasures for Each Type of Contract"},"content":{"rendered":"\n<p>Open Source Software (OSS) is widely utilized in modern software development due to its advantages in cost reduction and improved development speed. However, incorporating OSS into projects can also lead to issues surrounding legal liabilities stemming from license violations and defects. This is particularly true for vendors who deliver products based on software development contracts, as they face realistic risks of being claimed for damages by users due to problems originating from OSS.<\/p>\n\n\n\n<p>This article will explain the basic legal relationships regarding liability in software development using OSS, including the responsibilities of vendors according to different contract types and the possibility of disclaiming liability.<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_53 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<span class=\"ez-toc-title-toggle\"><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/monolith.law\/en\/it\/oss-contract\/#Contracts_Between_Vendors_and_Users_Either_a_Contract_for_Work_or_a_Quasi-Delegation_Contract_Under_Japanese_Law\" title=\"Contracts Between Vendors and Users: Either a Contract for Work or a Quasi-Delegation Contract Under Japanese Law\">Contracts Between Vendors and Users: Either a Contract for Work or a Quasi-Delegation Contract Under Japanese Law<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/monolith.law\/en\/it\/oss-contract\/#What_is_a_Contract_for_Work\" title=\"What is a Contract for Work?\">What is a Contract for Work?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/monolith.law\/en\/it\/oss-contract\/#What_is_a_Quasi-Delegation_Contract\" title=\"What is a Quasi-Delegation Contract?\">What is a Quasi-Delegation Contract?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/monolith.law\/en\/it\/oss-contract\/#Vendors_May_Be_Liable_for_Non-Performance_if_Software_Is_Defective\" title=\"Vendors May Be Liable for Non-Performance if Software Is Defective\">Vendors May Be Liable for Non-Performance if Software Is Defective<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/monolith.law\/en\/it\/oss-contract\/#Vendor_Strategies_for_Delivering_Programs_Containing_Open_Source_Software_OSS_Under_Japanese_Law\" title=\"Vendor Strategies for Delivering Programs Containing Open Source Software (OSS) Under Japanese Law\">Vendor Strategies for Delivering Programs Containing Open Source Software (OSS) Under Japanese Law<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/monolith.law\/en\/it\/oss-contract\/#Establishing_Exemption_Clauses_to_Absolve_Vendors_from_Breach_of_Contract_Liability\" title=\"Establishing Exemption Clauses to Absolve Vendors from Breach of Contract Liability\">Establishing Exemption Clauses to Absolve Vendors from Breach of Contract Liability<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/monolith.law\/en\/it\/oss-contract\/#Exemption_Clauses_are_Invalid_Under_the_Japanese_Consumer_Contract_Act_When_the_User_is_a_Consumer\" title=\"Exemption Clauses are Invalid Under the Japanese Consumer Contract Act When the User is a Consumer\">Exemption Clauses are Invalid Under the Japanese Consumer Contract Act When the User is a Consumer<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/monolith.law\/en\/it\/oss-contract\/#Potential_Violation_of_Public_Order_and_Morals_Regardless_of_User_Attributes\" title=\"Potential Violation of Public Order and Morals Regardless of User Attributes\">Potential Violation of Public Order and Morals Regardless of User Attributes<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/monolith.law\/en\/it\/oss-contract\/#Vendor_Liability_When_the_User_Specifies_the_Use_of_OSS\" title=\"Vendor Liability When the User Specifies the Use of OSS\">Vendor Liability When the User Specifies the Use of OSS<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/monolith.law\/en\/it\/oss-contract\/#OSS_Developers_Are_Generally_Not_Liable_Under_OSS_Licenses\" title=\"OSS Developers Are Generally Not Liable Under OSS Licenses\">OSS Developers Are Generally Not Liable Under OSS Licenses<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/monolith.law\/en\/it\/oss-contract\/#Conclusion_Consult_a_Lawyer_for_Contracts_Involving_Software_Development_Using_OSS\" title=\"Conclusion: Consult a Lawyer for Contracts Involving Software Development Using OSS\">Conclusion: Consult a Lawyer for Contracts Involving Software Development Using OSS<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/monolith.law\/en\/it\/oss-contract\/#Guidance_on_Measures_by_Our_Firm\" title=\"Guidance on Measures by Our Firm\">Guidance on Measures by Our Firm<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Contracts_Between_Vendors_and_Users_Either_a_Contract_for_Work_or_a_Quasi-Delegation_Contract_Under_Japanese_Law\"><\/span>Contracts Between Vendors and Users: Either a Contract for Work or a Quasi-Delegation Contract Under Japanese Law<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2025\/06\/cbb7871569c544101d14b4a0dd62bba1.jpg\" alt=\"Contracts Between Vendors and Users: Either a Contract for Work or a Quasi-Delegation Contract\" class=\"wp-image-138853\" \/><\/figure>\n\n\n\n<p>In Japan, contracts related to software development typically take the form of either a &#8220;contract for work,&#8221; which obligates the contractor (vendor) to complete a deliverable, or a &#8220;quasi-delegation contract,&#8221; which involves performing a certain task. Even for deliverables that include Open Source Software (OSS), the vendor&#8217;s legal responsibilities are determined based on these types of contracts.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_is_a_Contract_for_Work\"><\/span>What is a Contract for Work?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>A contract for work, as defined in Articles 632 and subsequent of the Japanese Civil Code, is an agreement where the contractor (vendor) is paid by the client (user) to complete a deliverable. Under this contract, if the deliverable is defective, the contractor may be held liable for non-performance. For example, in a contract for work, if the completed software does not operate according to specifications, this would constitute a defect, regardless of whether the defect originated from OSS or not.<\/p>\n\n\n\n<p>Reference: <a href=\"https:\/\/laws.e-gov.go.jp\/law\/129AC0000000089#Mp-Pa_3-Ch_2-Se_9-At_632\" target=\"_blank\" rel=\"noopener\" title=\"\">Japanese Civil Code | e-Gov Law Search<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_is_a_Quasi-Delegation_Contract\"><\/span>What is a Quasi-Delegation Contract?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>A quasi-delegation contract, as stipulated in Articles 656 and subsequent of the Japanese Civil Code, differs from a contract for work in that it does not require the &#8220;completion of a result&#8221; but rather focuses on the &#8220;performance of a certain act&#8221; itself. Tasks such as on-site system engineering work or requirement definition fall under this category. In software development based on a quasi-delegation contract, even if there are defects in the deliverable, the vendor is only liable for non-performance if there has been a breach of the duty of care (negligence).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Vendors_May_Be_Liable_for_Non-Performance_if_Software_Is_Defective\"><\/span>Vendors May Be Liable for Non-Performance if Software Is Defective<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Under a contract for work in Japan, if the software is defective, the vendor may be obligated to rectify the issue or be liable for damages. Even if the defect is due to OSS, it is often difficult for the vendor to escape contractual liability, given that they incorporated the OSS into the deliverable.<\/p>\n\n\n\n<p>Even under a quasi-delegation contract, if the selection and implementation of OSS are clearly inappropriate, the vendor may be held responsible for a breach of duty of care. Assessing the risks associated with OSS and verifying the usage licenses are critical obligations for the vendor.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Vendor_Strategies_for_Delivering_Programs_Containing_Open_Source_Software_OSS_Under_Japanese_Law\"><\/span>Vendor Strategies for Delivering Programs Containing Open Source Software (OSS) Under Japanese Law<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>What measures can vendors take to avoid or limit civil liability when delivering programs that include Open Source Software (OSS)? The following contractual measures can be considered:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Establishing_Exemption_Clauses_to_Absolve_Vendors_from_Breach_of_Contract_Liability\"><\/span>Establishing Exemption Clauses to Absolve Vendors from Breach of Contract Liability<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The circumstances under which contractual liability is assumed can generally be freely determined through mutual agreement between the parties. Therefore, it is possible to avoid liability for breach of contract by establishing exemption clauses stating that the vendor is not responsible for any issues or license problems originating from OSS.<\/p>\n\n\n\n<p>In this case, the contract may include clauses such as, &#8220;The vendor shall not be liable for any defects arising from OSS.&#8221;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Exemption_Clauses_are_Invalid_Under_the_Japanese_Consumer_Contract_Act_When_the_User_is_a_Consumer\"><\/span>Exemption Clauses are Invalid Under the Japanese Consumer Contract Act When the User is a Consumer<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>If the user is an individual, not a corporation, and is requesting software as part of their consumer life rather than for business purposes, the Japanese Consumer Contract Act applies to the contract.<\/p>\n\n\n\n<p>Article 8, Paragraph 1, Item 1 of the Japanese Consumer Contract Act stipulates that clauses which &#8220;exempt the business operator from all liability for compensation for damages caused to the consumer by the business operator&#8217;s breach of obligation&#8221; are invalid. Therefore, even if there is an exemption clause in the contract, the vendor cannot escape liability if the user is a consumer.<\/p>\n\n\n\n<p>Reference: <a href=\"https:\/\/laws.e-gov.go.jp\/law\/412AC0000000061#Mp-Ch_2-Se_2-At_8\" target=\"_blank\" rel=\"noopener\" title=\"\">Japanese Consumer Contract Act | e-Gov Law Search<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Potential_Violation_of_Public_Order_and_Morals_Regardless_of_User_Attributes\"><\/span>Potential Violation of Public Order and Morals Regardless of User Attributes<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Regardless of whether the user is a private consumer or not, one-sided exemption clauses may be deemed invalid under Article 90 of the Japanese Civil Code.<\/p>\n\n\n\n<p>Article 90 of the Japanese Civil Code states that &#8220;legal acts that are contrary to public order or good morals are invalid.&#8221; For example, if a vendor intentionally or through gross negligence conceals risks associated with OSS, any exemption clauses may be invalidated, and the vendor may still be liable for damages.<\/p>\n\n\n\n<p>It is essential, from a practical risk management perspective, not only to establish contractual exemption clauses but also to fulfill the responsibilities of selecting, managing, and explaining OSS.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Vendor_Liability_When_the_User_Specifies_the_Use_of_OSS\"><\/span>Vendor Liability When the User Specifies the Use of OSS<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>In practice, users may sometimes specify the use of OSS. In the case of a contract for work, the contractor may be exempt from liability under the main text of Article 636 of the Japanese Civil Code if the client&#8217;s instructions are inappropriate.<\/p>\n\n\n\n<p>However, if the contractor is aware that the client&#8217;s instructions are inappropriate, they cannot be exempt from liability under the proviso of Article 636 of the Japanese Civil Code.<\/p>\n\n\n\n<p>In the case of a quasi-mandate contract, there is a possibility of being exempt from liability if there is no breach of the duty of due care. However, similar to a contract for work, if the contractor is aware that the client&#8217;s instructions are inappropriate, they may be deemed to have breached the duty of due care.<\/p>\n\n\n\n<p>If the specified OSS is known to have security risks or licensing issues, and the vendor adopts it without pointing out these problems, they may be held responsible. As a vendor, it is their duty not to blindly accept the user&#8217;s instructions but to reconfirm from a professional standpoint and, if there are issues, to point them out and report them. Even if they could not refuse to use it, it is necessary to communicate concerns in writing and share the risks to prepare for any future liability claims.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"OSS_Developers_Are_Generally_Not_Liable_Under_OSS_Licenses\"><\/span>OSS Developers Are Generally Not Liable Under OSS Licenses<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2025\/06\/3b7de2fd67b0e4787a0b9d29fce355cb.jpg\" alt=\"OSS Developers Are Generally Not Liable Under OSS Licenses\" class=\"wp-image-138854\" \/><\/figure>\n\n\n\n<p>It should be noted that even if there are defects in Open Source Software (OSS), this software is available for use free of charge, and developers typically specify in the license document that the software is provided &#8220;as is.&#8221; They clearly state that they are not responsible for bugs or security vulnerabilities.<\/p>\n\n\n\n<p>This is a fundamental principle of OSS licenses. For example, the MIT License, Apache License, and GPL all include disclaimers at the end of the license that state, &#8220;No warranty is given, either expressed or implied.&#8221; Therefore, in the event of defects in the OSS itself, it is unusual for OSS developers to be held civilly liable for claims such as damages.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Conclusion_Consult_a_Lawyer_for_Contracts_Involving_Software_Development_Using_OSS\"><\/span>Conclusion: Consult a Lawyer for Contracts Involving Software Development Using OSS<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>While Open Source Software (OSS) is widely utilized in many development environments, it also encompasses legal and contractual risks. Even if OSS licenses stipulate that developers are not liable, vendors who use OSS to create deliverables can still be held civilly liable based on contractual relationships. In particular, under a contract for work, if the deliverable has defects, the vendor may be held responsible for non-performance of obligations, and even under a quasi-commission contract, neglecting the duty of care can lead to liability for non-performance.<\/p>\n\n\n\n<p>To prepare for such risks, it is essential to limit liability in the contract, establish a system for selecting OSS and complying with licenses, and ensure transparent information sharing with users. To maximize the benefits of OSS while appropriately managing vendor responsibilities, preparing for legal risks is indispensable.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Guidance_on_Measures_by_Our_Firm\"><\/span>Guidance on Measures by Our Firm<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Monolith Law Office is a law firm with high expertise in both IT, particularly the internet, and legal matters. Our firm provides contract drafting and review services for a wide range of clients, from Tokyo Stock Exchange-listed companies to venture businesses. For more information on contract drafting and review, please refer to the following article.<\/p>\n\n\n\n<p>Areas of practice at Monolith Law Office: <a href=\"https:\/\/monolith.law\/contractcreation\" target=\"_blank\" rel=\"noreferrer noopener\">Contract Drafting &amp; Review, etc.<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Open Source Software (OSS) is widely utilized in modern software development due to its advantages in cost reduction and improved development speed. However, incorporating OSS into projects can also l [&hellip;]<\/p>\n","protected":false},"author":32,"featured_media":71345,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[19,31],"acf":[],"_links":{"self":[{"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/posts\/65744"}],"collection":[{"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/comments?post=65744"}],"version-history":[{"count":2,"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/posts\/65744\/revisions"}],"predecessor-version":[{"id":71344,"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/posts\/65744\/revisions\/71344"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/media\/71345"}],"wp:attachment":[{"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/media?parent=65744"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/categories?post=65744"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/monolith.law\/en\/wp-json\/wp\/v2\/tags?post=65744"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}