Berlin | Dusseldorf | Frankfurt | Hamburg | Cologne | Munich | Stuttgart
Header-Anwalt-Rechtsanwalt-Kanzlei-MTR Legal Rechtsanwälte
Contact
Berlin | Dusseldorf | Frankfurt | Hamburg | Cologne | Munich | Stuttgart
MTR Legal Rechtsanwälte Logo
Contact
Berlin | Dusseldorf | Frankfurt | Hamburg | Cologne | Munich | Stuttgart
Contact

Legal Lexicon

Wiki»Legal Lexikon»Rechtsbegriffe (allgemein)»Update Obligation

Update Obligation

Definition and Significance of the Duty to Update

The duty to update is a central concept in German and European law, describing an obligation to continually adapt existing information, data, or software products to changing circumstances, new findings, technological developments, or legal requirements. The duty to update serves to protect consumer interests, legal certainty, and the maintenance of technical and contractual standards. In various areas of law, the duty to update has different, but always significant, effects.

Legal Basis of the Duty to Update

Duty to Update in Sales Law (§§ 434, 475 BGB)

With the implementation of the European Sale of Goods Directive (Directive (EU) 2019/771), the duty to update was explicitly incorporated into the German Civil Code (BGB). In particular, it plays a significant role for digital products and goods with digital elements.

  • § 475b BGB – Digital Products: According to these provisions, the entrepreneur is obligated to provide the consumer with all updates necessary to maintain conformity with the contract for a specified period. This particularly includes security and functionality updates.
  • § 434 BGB – Liability for Defects: The obligation to provide updates is an essential element of freedom from defects. Missing or inadequate updates can constitute a material defect.

Further Statutory Embedding

In addition to sales law, obligations to update can be found in other laws and regulations, for example in:

  • Product Safety Act (ProdSG): Manufacturers and providers are obligated to take appropriate updating measures when dangers become identifiable due to the current state of technology.
  • Telecommunications Act (TKG) and Data Protection Law (GDPR): Providers of information technologies and data processing systems must keep software and systems up to date to ensure data protection and data security.

Areas of Application of the Duty to Update

Digital Products and Services

A particular focus is on digital products and products with digital elements. This includes software, apps, smart home appliances, and vehicles with software integration. The provider is required to offer updates during the typical period of use to ensure compatibility as well as security and functionality.

Contracts for Digital Content

For contracts regarding the provision of digital content, such as streaming services or cloud applications, the duty to update obliges the provider to make new versions, security updates, and bug fixes available. The scope and duration of the duty to update are determined by the state of the art, contractual agreements, and legitimate consumer expectations.

IT Security Law

In the context of IT security, particularly for critical infrastructures and in the commercial sector, companies are required to ensure that the hardware and software they use is continuously updated and adapted to existing or known security vulnerabilities.

Legal Consequences of Breach of the Duty to Update

Liability for Defects and Warranty Rights

If the entrepreneur fails to comply with the duty to update, this often constitutes a material defect within the meaning of § 434 BGB. In such cases, consumers may assert claims for subsequent performance, withdrawal, reduction or damages. For digital products, failure to provide necessary updates can result in non-conformity with the contract.

Product Liability

Omissions with regard to the duty to update can also lead to liability for damages under product liability law if the manufacturer or provider fails to provide or delays necessary updates, resulting in danger to life, health or property.

Data Protection Law Consequences

A failure to fulfill the duty to update within IT security can violate data protection requirements. Companies may face fines and claims for damages under the General Data Protection Regulation (GDPR).

Obligations of the Parties and Contractual Arrangements

Obligations of the Entrepreneur or Provider

The provider is obliged to keep digital products functional, secure, and compatible for a reasonable period of time. This includes providing both regular functional updates and updates relevant to security.

Obligations of the Consumer

Consumers are obliged to promptly install provided updates, provided they have been properly informed about the availability and relevance of the update. Refusal by the consumer to carry out updates may result in exclusion from liability or restriction of warranty rights.

Drafting of Contracts

The duty to update may be detailed in the contract, for example regarding the period, the type of updates provided, and the update delivery method. Clauses that fall short of the statutory minimum duration or unreasonably restrict the duty to update are generally invalid.

Limits and Exclusions of the Duty to Update

The duty to update is not unlimited. It regularly ends after the usual product lifespan or the agreed period of use of a digital product. The duty only covers updates necessary to maintain contractual conformity; voluntary further developments or new features are generally not included. A complete exemption of the provider from this duty is not permitted in consumer contracts.

Significance of the Duty to Update for Contractual and Product Liability

The duty to update is a central element of warranty and product liability law in the digital economy. It significantly contributes to the safety, transparency, and reliability of digital offerings and protects the consumer from outdated, insecure, or poorly functioning products.

Literature and Further Reading

  • German Civil Code, in particular §§ 434, 475, 327 ff. BGB
  • Sale of Goods Directive (EU) 2019/771
  • General Data Protection Regulation (GDPR)
  • Product Safety Act (ProdSG)
  • Telemedia Act (TMG)
  • Federal Ministry of Justice: Laws for the Implementation of Directive (EU) 2019/771

The duty to update is a dynamic and central legal concept whose significance is increasing as digitalization progresses. It is an essential tool for protecting consumer rights, ensuring and maintaining IT security, and advancing modern contract law.

Frequently Asked Questions

When does the duty to update apply under German law?

The duty to update applies in particular within the framework of sales law pursuant to § 475 (3) BGB and affects contracts for digital products as well as goods with digital elements. It obliges the seller to provide the buyer with required updates – both functional and security updates – for a certain period. The obligation to provide updates begins at the time of delivery of the goods or provision of the digital product. The period for which updates must be provided depends on what the consumer can “reasonably expect”, taking into account the type of product, typical period of use, and public statements (for example, in advertising). It is important that the duty to update is always part of the definition of material defects. Especially for digital products, constant updating is essential for maintaining safety and functionality, and the entrepreneur must actively inform about available updates.

Which products and contractual relationships are covered by the duty to update?

The duty to update applies in particular to contracts for the provision of digital products (§ 327a ff. BGB) as well as goods with digital elements (§ 475a BGB), such as smart TVs, smartphones, connected household devices, or software products. Purely analog goods (for example, a simple chair) are not affected. Furthermore, the duty covers both sales and rental contracts for digital products, as well as service contracts with digital content. The decisive factor is that the digital component is essential for the product’s distribution function. The duty to update also applies to digital services where ongoing performance is provided to the user (such as cloud services or streaming platforms), provided that the defect results from a missing update.

How is the scope of the duty to update determined legally?

The scope of the duty to update is determined by the characteristics and intended use of the product. Consideration is given to the normal period of use of comparable products, information in the product description or advertising, and the state of the art at the time of contract conclusion. Providing security updates is regularly required to prevent risks to the user. For functional updates, the legitimate interest of the buyer is differentiated: As long as the item remains functional without updating and there are no significant security risks, there is no obligation to introduce new features that affect functionality. Specific agreements on the scope and period of updates, for example in general terms and conditions or contract documentation, may further specify the duty in individual cases, provided these agreements do not lead to unreasonable disadvantages for the consumer.

What information obligations does the entrepreneur have regarding the duty to update?

Entrepreneurs are required to inform consumers about both available and installed updates. This obligation arises in particular from § 476 (4) BGB. The information must be provided in a way that enables the consumer to effectively and promptly carry out the update. Failure on the part of the entrepreneur to meet this obligation can result in rights relating to material defects, such as claims for subsequent performance or damages. The form of information may vary, for example via email, push notifications, or in the case of hardware products, by installing updates directly onto the end device. It is always important for the information to be demonstrable in the event of a dispute.

What are the legal consequences of violations of the duty to update?

If the duty to update is violated, this usually constitutes a material defect, allowing the buyer to invoke statutory warranty rights. These include the right to subsequent performance (§ 439 BGB), reduction of the purchase price (§ 441 BGB), withdrawal from the contract (§ 323, § 440 BGB), and, if applicable, damages (§ 280 BGB). Additionally, a breach of the information obligations under § 476 (4) BGB can result in an extension of the reversal of the burden of proof to the detriment of the entrepreneur. In the case of significant security vulnerabilities, liability under product safety laws, such as the Product Liability Act, may also come into consideration.

What special features apply to the termination of the contract with regard to the duty to update?

Upon expiration of the contractually agreed period or at the end of the normal period of use, the duty to update generally also ends. If the contractual relationship is terminated prematurely, for example by withdrawal, failure of the basis of the contract, cancellation or other unwinding, the duty to update no longer applies. An exception may apply if the contract was terminated due to a breach by the entrepreneur and the consumer continues to rely on the update to prevent damage.

Does the duty to update also apply in the B2B sector or only in business-to-consumer transactions?

The duty to update under §§ 475a, 327f BGB generally applies only in relationships between entrepreneurs and consumers (B2C). There is no statutory duty to update for contracts between businesses (B2B). However, such a duty may be established in B2B contracts by means of appropriate contractual agreements. In practice, it is therefore advisable, especially for business-critical digital products, to expressly regulate the duty to update in the contract in order to avoid legal uncertainties.

Auf dieser Seite

Further term explanations