My Lords, I beg to move Amendment 34 and speak to Amendments 36, 37 and 38. Clause 34 specifies that digital content is,
“to be of satisfactory quality”,
and requires that digital content must be free from “minor defects”. I very much accept, unlike the noble Lord, Lord Stevenson, that there is a different regime for digital goods versus physical goods, but while this notion of satisfactory quality works well with traditional goods, it is unfortunately open to broad interpretation if applied to digital content, such as complex internet security software.
I suspect that Professor Bradgate will be much quoted today; I am no exception. In his report for BIS, which I quoted on Second Reading, he said:
“Even with extensive testing, it is quite common, and an experienced computer user will be aware of the fact, that the complexity of modern programs is such that bugs in the program are likely to manifest themselves throughout the program’s lifetime.
Modern complex programs therefore need regular updating and patching to correct bugs and/or other potential weaknesses in the program as they arise”.
Professor Bradgate also states that,
“the courts have shown themselves aware of the fact that new software cannot be guaranteed free from ‘bugs’ and the presence of bugs, especially in new software, does not necessarily make it unsatisfactory”,
because bugs are considered standard in digital content on issue.
It follows that, in general, the presence of bugs in software is not in itself regarded as a breach of contract. It seems from the impact assessment that it is not the Government’s intention to change the law in this regard. The difficulty with the new implied terms as drafted is that they do not appear to cater explicitly for the presence of bugs. There is a real danger that an ordinary reader of these provisions may well be led to conclude that digital content containing bugs is not of satisfactory quality, is not fit for purpose and is not as described.
As I have mentioned, one of the signs of satisfactory quality in Clause 34(3) is “freedom from minor defects”. The test under subsection (2) is what,
“a reasonable person would consider satisfactory”.
All relevant circumstances are to be considered. However, there is no evidence that a reasonable person would be aware that bugs are normal or consider this a relevant circumstance. The position would be clearer if the fact that the presence of bugs is normal was expressly mentioned as a relevant circumstance in subsection (5), but unfortunately it is not.
Some forms of digital content—music and e-books perhaps being the classic examples—are not expected to contain bugs. That is absolutely clear. That could be catered for by specific reference to those forms of content. In fact, the overwhelming majority of digital products are provided through and on top of an intricate underlying mesh of physical infrastructure, such as the broadband network; virtual infrastructure, such as a cloud server; hardware, such as a computer or smartphone; software, such as an operating system; and other products, such as the application needed to play a media file.
As a result, defects in complex software can rarely be identified in isolation from the context in which they are being provided. Therefore, the attribution of a defect or malfunction to one particular product will, in most cases, be at best ambiguous and sometimes outright impossible. The same product might perform flawlessly in one context and work poorly in another. For this reason, to require that complex software performs without minor defects in all circumstances would be unrealistic—the consequences of strict compliance are likely to be increased cost to consumers and slower product evolution from the increased time and resource required for testing. It would be preferable for consumers and businesses to require that minor defects or malfunctions that may surface as a product or service is used should be fixed as promptly as possible. I welcome the revised Explanatory Notes clarifying that it is common to encounter some bugs in
complex software, but this should be expressly included in the Bill as it would provide greater certainty to both consumer and industry.
4.45 pm
Moving on to Amendment 36, Clause 35 is likewise qualified by a requirement of reasonableness. However, in this instance, the position is even less clear than in Clause 34. There is no reference to a reasonable person test but simply to reasonableness. Again, there is no mention of the fact that bugs are normal.
Moving on to Amendments 37 and 38, Clause 36 requires digital content to be as described. The same considerations apply to Clause 36. It requires that digital content essentially remain as it was initially described for the entire duration of the contract. This is highly problematic for many types of digital content, especially complex internet security software, due to its dynamic nature. The quality of digital content may actually improve over time during the course of routine upgrades.
Software updates typically follow the evolution of the technology landscape and, as a result, functionalities may be introduced or phased out, become obsolete or vulnerable, or otherwise adapt to changing consumer needs, demands and expectations in the course of the service being provided or the software being used. As a result, the software product may not always or entirely meet the description given initially upon conclusion of the contract. The Bill would impose liability for nonconformity in such a case even though the change is very much in the interests of the consumer.
The Explanatory Notes rightly observe:
“As long as the digital content continued to match the original product description”—
and the quality is not reduced—
“additional features would not necessarily breach this right”.
However, this does not adequately take into consideration that certain characteristics, features, functionalities or other attributes may have to be removed or disabled from security software; for instance, to fix newly arisen vulnerabilities or to address issues caused by obsolescence, whether that of the seller’s digital content or of third party content, products or services.
According to Clause 36(4), changes to the digital content are permitted only when,
“expressly agreed between the consumer and the trader”.
This would prove extremely problematic in most cases, especially for security software products, which require frequent and regular modification, in particular to stay abreast of the fast-evolving threats that they are faced with. In practice, this clause would mean that software providers would need to seek the consumer’s agreement on a case-by-case basis to each and every modification of the product. The proposal for clarification in guidance is not a satisfactory solution. There is a risk that both the business and the consumer will spend time and money on an unnecessary dispute. There is also a reputational risk to a business if it declines to provide the remedy that the consumer believes is available; and, of course, consumer confidence would be undermined. I beg to move.