1. Introduction
2. What is Y2K?
3. How can Y2K affect my business?
4. Litigation is not an answer
5. Who will face legal liability?
6. What are my rights and obligations (causes of action)?
Not even lawyers are sure which areas of liability will arise but it is clear that Y2K will affect all sectors of commerce and society. It is of paramount importance to identify at least some of the potential risks of liability and to take immediate precautionary measures accordingly.
Establishing legal liability serves two functions:
Firstly, it will enable you to identify your liability exposure and which steps to take in this regard.
Secondly, it will enable you to identify who is responsible for the costs of fixing your systems/equipment and whether you should demand satisfaction from a commercial or litigation perspective.
In the old days of computer programming, software developers did not have the large amount of computer memory to write programs. They tried to save programm ing space (and costs) by storing years using only two digits instead of four (97 instead of 1997). When the century rolls over, most computers won't be able to tell the difference between 1900 and 2000. As a result, calculations will produce errors because 99 plus 1 does not equal 00, and because 00 < 99.
This is true for both hardware and software. Though the cause is simple, rectifying is difficult due to the wide range of software languages, applications, microchips (embedded systems), etc., currently in use today. Just one of the reasons its so difficult to fix in time, is the sheer number of date formats in common use. 1
Dates are used by computers to process and to communicate this data to other computers. If the dates aren't processed correctly, the data becomes corrupted or distorted and the wrong information is processed.
Large volumes of Y2K induced litigation is expected to commence from March 2000 and some could continue until 2005. Some international Y2K commentators belie ve approximately 50% of businesses (large and small) worldwide will not be Y2K compliant at the turn of the millennium which, in turn, may lead to the liquidation of 1 in every 5 of them. Closure of these businesses may result in millions of job losses causing, in turn, a rise in taxes and (perhaps) more crime.
The cost of Y2K litigation in the United States of America alone is estimated at more than US$1Trillion. Some commentators predict that, unless drastic remedial steps are taken, Y2K may cause a global recession.
Defendant companies may either be inundated with other Y2K lawsuits (and be liquidated) or the plaintiff company may be liquidated prior to ever reaching the courts (because of lawsuits against it). A flood of Y2K lawsuits will inundate the already stretched court roles and some lawsuits may take up to 5 years to finalize.
The legal costs of litigation is astronomical and, in some instances, the necessary expert witnesses may not even be available in South Africa for years to come because of being held up in Y2K litigation in other parts of the world.
These transactions involve various goods and/or services. These goods/services do not necessarily consist of computer hardware or software but may nevertheless be affected by Y2K.
For example: a bakery (vendor) may be unable to deliver its goods (bread) to the corner shop cafe (customer) because of Y2K non-compliant embedded 2 systems in its ovens. Lets assume the baker contracted to supply the cafe with 50 loafs of bread each day. As a result of the baker's inability to perform his side of the bargain the cafe owner may elect to sue him for breach of contract and damages (the café's lost profits on the bread).
The baker (who cannot conduct his business) may sue the supplier (a distributor) from which he bought 3 the ovens and the latter, in turn, may sue the manufacturer of the defective ovens.
Identifying potential legal liability may become more complex. For instance, the oven (because of Y2K) may malfunction and cause the bakery to burn down. In this scenario the baker may elect to sue (in delict) the oven supplier ( retailer), the distributor and/or the manufacturer even though there is no contract between the baker and the distributor or manufacturer.
These causes of action vary depending on the relationship between the parties and the nature of the commodity (goods/ services) 4 involved.
Virtually all causes of action for non-compliant goods/services will arise from either contract or delict. Contractual liability naturally requires a contractual relationship between the parties (e.g. agreements of sale of goods or the provision of services) while no direct relationship needs to exist between parties for delictual liability to arise.
A delict is committed whenever a guilty (negligent or intentional) act or omission causes harm to someone's person, property or financial position. The same act may give rise to either contractual or delictual liability or both 5
The breach may lie in the vendor's failure to comply with a specific term of the contract or its failure to perform any term of the contract at all. The court will assess non-performance by ascertaining "what was asked for" (according to the contract) and "what was delivered". If the delivered product differs materially from the product asked for it would be regarded as non-performance. Failure of computer software or system to function due to date changes (Y2K) would ordinarily be regarded as material (especially in interactive software applications.)
In general, any failure of a contracting party to perform his contractual obligations (whatever they may be) due to (whether directly or indirectly) the Y2K phenomenon, could constitute breach of contract. In some limited instances, provided the defaulting party had taken all reasonable measures to prevent Y2K failures, it may justifiably be entitled to voice the defence of "impossibility of performance" which, if succesful, could excuse him from performing some or all of his contractual obligations - at least for a certain period. However, since the Y2K phenomenon had been foreseeable for a long time, the "impossibility" defence is unlikely to succeed unless the defendant can show that no objective person/entity in its position would reasonably have been able to prevent (or circumvent) the Y2K failure which had caused the breach.
At present, indications are that Y2K non-compliance, in most instances, may well be regarded as a latent defect in the product. 7 Of course, implied warranties can be expressly excluded in the agreement between the parties.
One will find that vendors will attempt to exclude all forms of Y2K warranties while customers, in turn, will demand the inclusion thereof.
Keep in mind that there where no express exclusion of Y2K warranties have been made there may be , from a customer's point of view, no specific need to demand the inclusion of express Y2K warranties if South African courts are likely to regard Y2K as a latent defect.
Of course, this is a speculative matter and Y2K warranties should rather be expressl y dealt with. It should be noted that express warranties may be made in many forms. Warranties of Y2K compliance of goods/services 8 can be found in contract documents, tender documentation, product manuals, the prospectus, sales or marketing materials or statements by directors, officers or employees. 9
Generally speaking, you are negligent if a "reasonable person" in your position would have reasonably foreseen that such action (or omission) could result in harm and would have taken reasonable steps to prevent the harm.
Y2K is a foreseen risk which should be guarded against and any omission to take reasonable remedial steps could be regarded as a negligent act which may lead to liability.
In general, you will only sue someone in delict if no contractual relationship exists (e.g. motor vehicle accidents, aeroplane crashes, making false statemen ts which causes someone to lose money etc.).
The following are some examples of delictual causes of action:
Where a vendor sells products if it knew or should have known that they contain material defects (Y2K non-com pliance) it may be liable for making a false representation (by its actions or omission).
If misrepresentation accompanied the conclusion of a contract the customer, depending on the seriousness of the defect, may elect to cancel the agreement, return the goods and get a refund. In other instances the customer may not be entitled to cancel the agreement but, in turn, be eligible for a partial refund.
The vendor may also be liable against the customer for damages. Take notice that many contracts expressly provide that no representations have been made other than those in the contract or it may provide that the product is sold or leased "voetstoots". 11
In law, "professionals" are held to a higher standard of care than ordinary vendors.
Any vendor who holds itself out as having special expertise will be held to the standard of expertise implied by law to prevail in that specific sector of the industry.
With relation to Y2K it matters not whether the services performed relate specifically to software/hardware or whether it relates to non-computer goods/services.
For instance, manufacturers of custom made mechanical equipment may perform "professional services".
However, liability under this cause of action may primarily arise in instances where a vendor supplies custom design software and/or services to a customer.
Even professional advisors such as attorneys or auditors may, depending on the facts, risk liability if they should have advised the client on potential Y2K liability (e.g. during the conduct of "due diligence" exercises on companies to be taken over/merged).
This cause of action, with relation to Y2K, is difficult to prove. 15
Our law with relation to product liability is still in its developmental phases but this cause of action may become popular in Y2K litigation.
The contention that "most software developers are in the United States and, therefore, we can not sue them" should not cause too much difficulty since the plaintiff may rather elect to sue the local distributor/agent/vendor 16 for product liability.
If a "duty to take care" exists the person on whom the duty rests must take proactive steps to remedy Y2K defects (e.g. by providing "patches", "fixes" or free upgrades).
Analogous to a duty to take care is the fiduciary duty of directors and officers of a company to act in its best interests and thus to protect it from any foreseeable harm.
Negligent failure on the part of the directors to institute pro per Y2K identification- and remedial steps could constitute a breach of this duty making the directors liable to shareholders for any damages suffered because of Y2K.
It may transpire that directors and officers are not covered by "directors & officer s liability" insurance (see Insurance below)
The Minister of Trade and Industry may declare the practice unlawful and make certain other rulings. This cause of action could apply to manufacturers, importers and distributors of Y2K defective p roducts/services.
Only in the most extreme circumstances would a vendor, manufacturer or distributor who intentionally sells Y2K non-compliant hardware/software to innocent customers risk being charged with criminal fraud.
There would have to be some sort of moral disapproval or disgust with the action in question before the State would consider prosecution (e.g. if the accused continued supplying defective goods to customer even though he had been warned not to do so).
These provisions may apply to certain goods/services affected by Y2K. Each reader should consult his/her attorney to ascertain whether such provisions are applicable.
Every plaintiff is obliged to mitigate (limit) its damages and one cannot sit back and do nothing about Y2K risks.
If the risk had been fore seeable (such as Y2K), the party claiming damages may find that its own negligence contributed to its damage and the amount the plaintiff would have been entitled to would be reduced by the percentage of its own contributory negligence.
In some instances a plaintiff, having proven its case, may find that it is not entitled to any compensation whatsoever.
-cancel the contract; or
-enforce the contract; and/or
-claim damages (general and special).
"General" damages are the amounts equal to the extra costs which a plaintiff would have to spend in order to obtain the same results as if the contract had non been breached.
For example, if the same goods/services can only be obtained from someone else at a higher price, the defendant would be liable to pay the difference between the original contract price and the new price.
In some instances the customer may, in addition to general damages, be entitled to claim "special" damages (analogous to consequential damages in delict) e.g. such as loss of profit.
Special damages include all damages which the parties , at the time of contracting, reasonably contemplated would result from breach of contract. This is a question of fact and should be discussed with your attorney.
These damages are the amounts equivalent to the actual and direct financial harm suffered by a party. The damages may consist of harm to the plaintiff's person or property or it could consist of pure economic loss.
Liability for pure economic loss depends on the facts of each case and should be discus sed with your attorney.
Consequential damages are damage (pecuniary loss) suffered by a plaintiff which were not the direct but the indirect (but foreseeable) result of the wrongful act.
For example, if your computer system fails due to Y2K the costs to fix th e system is the direct damage suffered.
If, because of system failure, you cannot provide your goods/services for two months, the loss of profit during this period constitute consequential damages for which the defendant may (if such loss could have been reasonably foreseeable by the defendant) be liable.
Our courts are very reluctant to allow liability for consequential damages and your attorney should be consulted on your rights, risks and/or obligations in this regard.
If you fail to deliver your (non-computer) goods/services (due to Y2K) you may commit breach of contract.
Your contract party would only have to prove that you did not perform your side of the bargain as required by the contract. It matters not to him (or the law) whether you failed because of Y2K or some other reason.
A defendant would rarely be able to rely on a defense of "impossibility to perform its contract".
If a contract party knew or should reasonably have known of potential future risks (Y2K) which, if they materialize, would materially affe ct, for instance, its production line, such party cannot rely on the defense: "but it wasn't my fault, my system failed because the computer geeks messed up".
Y2K has been widely published in South Africa from, at least, November 1997 17 and courts may decide that companies should reasonably have started conducting Y2K identification and remedial steps since then.
Certain companies are starting to declare that after a certain date they would be unwilling to deal with suppliers if those suppliers had not made their own operations compliant.
A company must analyze its relationships with its suppliers in the Y2K context.
It is worthwhile endeavoring to procure written confirmation from one's key suppliers that they are or will be fully compliant by a certain date. If possible, this confirmation should be procured in such a way as to make it legally actionable in the event that it proofs inaccurate.
Supplier companies who have been "put on notice" by customer companies may face liability for special or consequential damages. Causes of action include non-performance, breach of warranty, misre presentation, professional negligence, product liability, breach of duty to take care and (possibly) even criminal fraud.
Our common law also provides that, unless exc luded in the contract, the lessor of goods has an obligation to keep the goods "fit for the purposes for which they were leased". Rental agreements often contain an option to purchase, which, if exercised, leads to a separate contract of sale.
Although no legal authority has yet addressed this issue, a credit grantor, unless expressly excluded in the contract, may be held liable for Y2K non-compliance as a latent defect in the merchandise. 18
Causes of action include non-performance, breach of warranty, misrepresentation, product liability, criminal fraud.
Whilst the custom software licencing provisions themselves may be very similar to those contained in a licence governing off-the-shelf software, the agreement will normally also contain additional clauses which may affect the liability of the manufacturer.
In the context of Y2K, the most important of these would be those governing the scope of the work to be car ried out and the acceptance tests carried out after the developer declares the work complete. 22
The normal method of software supplies is by way of a licence23.
However, in certain instances an entity commissioning a software house to write a software program will want to be the owner of all the rights (including copyr ight) therein, in which case the agreement is one of sale.
With regard to software, liability will depend on the System Development Life Cycle (SDLC) of the software or system.24
Causes of action: "Off-the-shelf" software manufacturers may generally be held liable for non-performance, breach of warranty, misrepresentation and/or product liability.
"Custom" software manufacturers may be held liable for non-performance, breach of warranty, professional negligence, misrepresentation and/or product liability.
Mainframe manufacturers usually exclude virtually all forms of liability.
However, exclusion of liability would not necessarily preclude a customer form canc eling the contract for breach of contract or misrepresentation (and claim a refund in whole or in part).
Defective mainframes may cause very significant business losses and interruptions which, in turn, could lead to liability of the customer against its own customers.
Causes of action may include non-performance, breach of warranty, misrepresentation, product liability, professional negligence and even criminal fraud.
Software licences often contain provisions which stipulate that the software is not error free, the software is supplied on a "voetstoots" or "as is" 14 basis or that it is the responsibility of the user to satisfy itself that the software is fit for the purpose for which it has in mind, etc.
Whilst software providers often address and rectify problems in a subsequent release of the software, there is generally no guarantee that even if they do so that such re-release will be available soon enough for the customer's business.
In view of these and other uncertainties, it is important for the maintainer's obligations to include a commitment to ensuring that any software under its control is or is made compliant by the maintainer.
In view of the potential difficulty in characterizing non-compliance such as "bugs or viruses", the maintainers commitment to making software compliant should be expressly provided for in every agreement.
Computer maintenance companies may be under contract to repair "all problems" ( as opposed to "fix bugs") for Rx, xx per month. These companies could find that the scope of the contract suddenly becomes much larger than expected.
Causes of action may include non-performance, breach of warranty, professional negligence, misrepresentation.
The terms are often used interchangeably which, strictly speaking, is inaccurate.
From a legal perspective, the distinction between facilities manager an d outsourcers is important.
Whereas a facilities manager, like a maintenance company, is dealing with software belonging to the customer, the outsourcer is not25.
If work needs to be done to make the software compliant, the facilities manager may well be responsible for evoking any relevant up-date /up-grade provisions in any contract which the customer has with a third party maintainer.
However, if there are no such maintenance contract provisions in place, the onus to mak e the management systems Y2K compliant would be likely to fall on the customer, and not the facilities manager.
Practically, this means that the outsourcer is obliged to produce certain results in specified time frames.
The advent of the Year 2000 or any other date should not relieve the outsourcer of those fundamental obligations.
In an effort to ensure that their IT systems do not fold partially or completely on account of the advent of Year 2000, IT customers are engaging the services of outside software engineers to scrutinize and ame nd their software programs as necessary.
When an IT customer enters a contract of this nature, it should not forget that it is vital that the solution provider actually commits itself contractually to do what the customer needs to do.
From the solution provider's point of vie w, an absolute commitment to make the customer's system "Year 2000 compliant" is extremely dangerous and should be avoided. According to IT specialists there is no way to be sure that a system would be 100% Y2K compliant no matter how good or comprehensive the testing.
The Johannesburg Stock Exchange has informed the business community that Y2K issues are mater ial to the financial stability of a listed company.
Thus, directors and officers have a duty to properly investigate their problem in time. If the company loses money when they cannot process invoices or orders, etc or where the company is sued for Y2K n on-compliance, the directors and/or officers may be subject to claims from shareholders.
The claims against directors may be founded upon a breach of their fiduciary duties owed towards the company.
This is a factual question an d no general rule can be formulated. The basic question would be whether a reasonable attorney/auditor under the same circumstances would have informed the particular client of such risks having regard to the prevailing standards in the profession.
Attorneys and auditors conducting "due diligence" exercises may well owe a duty to ascertain potential Y2K liability risks in companies to be merged/taken over by their clients.
-agreements with companies from which the company obtained computer hardware or software, which were incorporated into or bundles with its products and sold, either directly or through various channels of distribution, to a customer;
-development agreements with third parties for software or data bases which the company has incorporated into or bundles with its products;
-maintenance and support agreements with third party vendors;
-license agreements with customers for vendor software or data bases;
-distribution agreements for vendor products;
-maintenance and support agreements with customers for vendor products/services;
-computer service agreements with customers;
-third party agreements with trading partners;
-manuals and other documentation for vendor products provided to customers;
-advertising and promotional matters for the vendor's product/services;
-mergers and acquisition agreements;
-publicly available disclosure documents filed with public agencies; and
-Insurance contracts.
-your liability risks;
-who should pay for fixing non-compliant hardware/software;
-which rights you have if you get sued;
-which defences you currently have;
-which defences can you work on (such as a paper trail);
-which obligations do you owe your contracting parties and/or 3rd parties.
-The various remedial steps to be taken by the company with regards to amendments to existing contracts, negotiations with relation thereto, duty to disclose towards customers, scope of warranties and exclusion of liability etc must be discussed with you attorney.
-Letters of demand should be sent to suppliers who may be liable to fix non-compliant hardware/software.
-Attempt to obtain warranties from suppliers who are (currently) not legally liable to fix the defective goods.(It is improbable that they would supply you with these but its worth the try).
-All internal and external correspondence relating to Y2K should be dealt with by a "Y2K manager" who should preferably be appointed from within the ranks of senior management.
-Employees should be alerted to the Y2K risks, educated on preventative and remedial procedures and persuaded to participate in the program. 26
-Businesses must asses the Y2K compliance of their business partners. Compliance inquiry letters should be sent to them until adequate warranties are obtained.27
-Accurate and comprehensive record should be kept of all Y2K testing and remedial steps.28 All inter-company correspondence in this regard should be filed.
-Employees and management should be aware that any oral representations made on Y2K compliance may be legally binding on the company.
-What is the company doing at the present time?
-What is the status of our systems? (ranking the systems in the order of criticality);
-Have we begun to estimate the time and resources it will take to address the problem?
-How long will the identification and remedial program take?
-What will it cost? (What do we need to budget for?)
-Are we or the supplier of the software responsible for the costs of repairs?
-Where will we find the money?
-What options do we have? (replace, repair, delete, etc.)
-Do we have source code and do we have the right to use it?
-Do we have a capable full time Y2K project manager? If not, where can we get one urgently?
-Are there any internal resources that we can assign to the job? When?
-Should we consider outsourcing? Who can we use? What will it cost? When?
-What can we do to keep our own competent IT people from taking lucrative Y2K jobs elsewhere? What incentive programs can we use?
-Can we make our current not-so-competent IT people Y2K-literate? How? Costs?
-Do we have the right tools to do Y2K testing? How can we be sure?
-Do we have an evaluation process and checklist to assure that the vendor, outsourcer or partner who checks our systems is competent? What criteria do we use?
-Have we set up a system to periodically monitor progress towards the Year 2000 solution? Do we have mission critical and "drop dead" dates?
-What insurance coverage do we have in terms of errors and omissions- and directors/officers liability? When will they be renewed? Will coverage be excluded?
-What is our legal liability exposure to suppliers, customers, contractors, shareholders, employees, investors, 3rd parties, banks?
-What can we do to minimize our legal liability exposure?
-What are our plans to disclose the Y2K project status in our annual report to shareholders?
-What are our trading partners, suppliers and customers doing? Can we join forces?
-Are our shareholders ready for the problem? If our funders go down we might go down. Do we have backup plans?
-Which resolutions need to be formally passed do implement our program. When should they be passed?
-What steps have we taken to raise awareness of our employees?
-To what extent is management committed to fix the problem?
-What project plans do we have to perform a complete systems test of all fixed mission critical systems before we go into production?
-To what extent will we be able to freeze other systems development projects and/or functional enhancements, as we make changes to our systems to be Y2K compliant?
-What have we done to assure that we will be receiving reliable and timely status reports that will identify the work planned and completed, the programs that arose and their solutions, the issues that the directors and officers mus t work on and to summarize progress and highlight problems?
-What systems and project documentation do we require for this project in the event of lawsuits? Have we documented key decisions and the resolutions reached?
Virtually no Insurers are currently willing to provide any form of Y2K coverage. Most Insurance policies would expre ssly exclude any form of Y2K related coverage when the 1999 policies are issued. It may be argued that, because Y2K is a foreseen risk and Insurance does not apply to foreseen risks, Insurance law would not recognize Y2K as an insurable risk. All Insuranc e issues should be discussed with your Insurer and/or attorney.
Dates can be stored as:
- Ordinal/Julian (yyddd) [the ordinal day starts at midnight, the Julian starts at noon], and Gregorian (ddmmyy, mmddyy, yymmdd). These are the most common formats.
- As numbers, characters (letters or symbols), or a combination of both.
- With four positions (mmyy), five positions (dddyy), and six positions (yymmdd) in different sequences. The largest identified so far is a 64 position number.
- With a century prefix or without.
- Delimiters (or separators) may be used (mm/dd/yy or dd.mm.yy for example).
- As binary numbers consisting of 1's and 0's.
- With "+" and "-" signs (as in days of the week).
- They can be truncated (e.g., "-6" for any Saturday, "-15" for the 15th day of any month, etc.).
- Other (unusual) formats are Cyymmdd- C represents the first two digits of a century. (E.g. 0 is 19, and 1 is 20) and SSSYY where SSS represents the season.
Embedded systems are computerised devices used to control the operation of equipment, machinery, etc. The simplest of these is the single microprocessor or "microchip". Embedded systems can't be programmed. The processors, circuit boards, and sometimes the whole unit need to be replaced. In some cases application software can be added to the chip at a later stage, after which it is not possible to make the additional changes. This is also known as "firmware". Some examples of embedded systems are:
Basic service and utilities
Water and sewage systems, electric power stations, power grid systems, emergency monitoring and alert systems, flood and disaster control systems, waste disposal, natural gas delivery/metering
Communications
Landline telephone systems, cell phone systems, satellite systems, radar systems, television systems, radio systems
Items in the home Telephones and cell phones, thermostat controls, televisions, microwave ovens, certain wristwatches, personal computer, fax machine, answering machine or voice mail, video recorder, security system
Office Systems and Mobile Equipment
Telephone systems (including voicemail, forwarding, etc.), mobile phone systems, fax machines, copiers, time recordings systems, still and video cameras
Building systems
Backup lighting and generators, fire control systems, heating and ventilation systems, programmable thermostats, lifts, elevators, escalators, security cameras, security systems (including badge readers, gates, etc.), safes and vaults, door locks, vending machines
Banking and finance
Automated teller machines, credit card systems, electronic fund transfers, credit debit and interest records
Health
Hospital monitoring equipment, defibrillators, pacemakers, backup systems, record keeping systems, medical record security systems, accounting records, medical fund interface applications
Transportation
Aeroplanes, trains, buses, marine craft, automobiles, air traffic control systems, global positioning systems, signalling systems (e.g.railway switching), radar systems, traffic lights and controllers, streetlights, ticketing systems/machines, reservation and scheduling systems, car parking and other meters
Manufacturing and Process controls
Manufacturing plants, oil refinery and related storage facilities, bottling plants, automated factories, weight scales, conveyors, emissions monitoring, waist removal and disposal systems, hazardous waste and pollution monitoring/control systems
Embedded Dates
Embedded dates are used as components of longer character strings to uniquely identify particular items or events. These dates are found in invoice numbers, parts of policy numbers, licence numbers, merchandise sales tags, storage bin ba gs, transaction numbers and date stamps. Date stamps, for example, are used on such things as transaction tracing and backup recovery. They're automatically incorporated in a record by the system. Items that make use of date stamps are blood donations, prescriptions, me dical records etc.
Another date problem is created when dates are used at the beginning of an identifier. For example, some applications suppress leading zeros in number fields. This can cause a miscalculation because 00 may be treated as null data and may be rejected, or result in zero divide errors.
One can buy goods on payment of the full cash price or "on credit". Merchandise such as refrigerators, televisions, hi-fi systems, kitchen and domestic appliances, if bought on credit (or rented), is (provided certain conditions apply) governed by the Credit Agreement Act 75 if 1980 ("the Act"). The Act prohibits any contractual exclusion by a vendor of warranties implied by law such as the vendor's warranty against latent defects in the goods/services. In some instances Y2K non-compliance may con stitute a latent defect in the goods. Another question is whether the same common law principles apply with relation to leased goods (e.g. a leased AS400 mainframe). In general, the lessor of goods which are not governed by the Act has a common law obliga tion to keep the goods "fit for the purpose for which they are leased". Another view is that the law implies that the lessor warrants the leased goods against latent defects. In both instances this may imply that a lessor is obliged to "fix" Y2K defects. This is a legalistic issue which should be discussed with your attorney.
The commodity involved may be any kind of goods or services such as computer software/hardware, domestic appliances, motor vehicles, information technology solutions, customer orders, supplier services, government-, medical-, financial services, etc. Y2K liability will strike both enterprises providing non-computer related good/services to customers as well as those companies that do. The only difference is that the causes of action and damages, will vary.
If the terms of contract imply that the plaintiff can only sue in contract, the plaintiff will not be able to sue in delict. This depends on the terms of the contract and your lawyer should be consulted.
Latent defects are defects which render the goods/services wholly or partially unsuitable for the purpose for which they have been bought.
They are defects which are not apparent or cannot be detected after a reasonable inspection (trial run) of the product. The inspection does not have to be extensive (only reasonable) and it matters not if the person inspecting the goods is a layperson or an expert B the question is an objective one.
If software is not Y2K compliant it does not automatically follow that the software contains a defect. The SDLC (see footnote 25 ) of the software might have expired before the year 2000, in which case the software would not necessarily be regarded as defective. It may then be regarded as a "consumable" item that has expired.
If the goods/services involved are computer softwa re/hardware, a counter argument (to the latent defect argument) may be that the "patches" of source code in software which are not Y2K compliant may be regarded as "a bug" to be dealt with under the usual contractual provisions relating to "fixing bugs" i n the product.
In this instance it would not be treated as "breach of warrantee" since the parties expressly provided for the risks of "bugs" in the product. Accordingly, the customer may not cancel the agreement and would ordinarily have to pay for all f ixes himself.
The warranties outside the contract documents are generally not admissible in a court of law. However, there are legal exceptions and these warranties could, in any event, be used in a claim founded on delict.
Our law recognizes liability where negligent misrepresentation gives rise to damages. Liability under this cause of action may arise if a vendor were to assure a customer that a particular product or system was Y2K compliant without knowing whether t his was true. If a plaintiff can show that this statement was, in fact, not true and the vendor should have reasonably known about this, liability may arise.
No "voetstoots" or "buy as is" clause can save the vendor from liability for intentional misrepresentation. This type of claim is very difficult to prove on the part of the customer as it requires it to show intent to deceive on the part of the vendor . However, if the correct procedural litigation tools to the avail of a customer are followed, it may be possible to uncover inter-office or inter-group correspondence clearly showing that the vendor had been aware of the defect at all relevant times. Employees may also be subpoenaed to testify on behalf of a customer to this effect.
At present, indications are that Y2K non-compliance may be regarded as a "design defect" in the product (as opposed to manufacturing defect). Of course, various defences or counter arguments may eventually strike down this contention. For instance, it may be contended that the two-digit design had been the "state of the art" at the time. The closer to 2000 the software has been manufactured the less likely any defence to design defect will succeed.
Not all vendors may face consequential damages. The current legal position is that only those vendors who profess to have expertise or skill with relation to the product may face consequential damages.
In general, a defective design or manufacturing process would, in itself, go a long way in proving negligence on the part of the manufacturer.
Manufactures may successfully argue that using two digits in dates instead of four had been the "state of the art" at the time of manufacturing. Thus, so the argument goes, the manufacturers had not been negligent in design or manufacturing since "eve rybody did it at the time".
See Kroonstad Westelike Boere Ko-op v Botha 1964(3) SA 561 (A)
In November 1997 the Y2K issue was debated in parliament which is usually a reflection of prevailing community concerns.
The Credit Agreement Act 75 of 1980 ("the Act") provides that the credit grantor may not exclude its liability for breach of warranty of terms which are implied by law. Unfortunately, the Act does not specifically include "computer hardware" and it is unlikely that the provisions of the Act will be deemed to be applicable. However, the Act does apply to domestic consumer items such as kitchen appliances, televisions, hi-fi's, motor vehicles etc.
The English Court of Appeal in St Albans City and District Council v International Computers Ltd (1996) delivered a judgement which may have a bearing on Y2K litigation in South Africa.
The view of the Court was that the sale of "off-the-shelf" software (including the disk) would be a goods contract and that the English Sale of Goods Act (a restatement of English common law on the sale of goods ) would apply.
This meant that terms would be implied into these contracts that the software would be of "merchantable quality" and that it would be "fit for its purpose".
Where software was installed otherwise than on disk, similar terms as to fitness for purpose would be implied by the prevailing English common law in the absence of any express terms to the contrary.
Although by no means certain, Y2K defective software may be treated in the same way as otherwise "bad" (non Y2K related) software. Although there are arguments that software which is not "Year 2000" compliant may not be "fit for purpose" or of "m erchantable quality", the courts are very reluctant to impose longer term obligations under these provisions.
If a problem does not have any manifest consequences for a number of years from the time that the software was purchased, then the courts are lik ely to take the view that the "fitness for purpose" and "merchantable quality" requirements will have been satisfied. Of course, the nearer to the Year 2000 that software agreements are entered into, the more likely that "fitness for purpose" and "merchan table quality" requirements will include Year 2000 compliance.
Custom software are software manufactured by programming specialists where a customer is not simply becoming a licensee of a product already on the market but commissioning an application customized to its particular requirements.
The clause governing the scope of the work to be carried out cross refers to a document called a specification which sets out the parameters of the development project including the Y2K compliance of the software to be developed.
Where an original equipment manufacturer (OEM) (or a purchaser who has acquired the proprietary rights and intellectual property rights in software from an OEM) makes the property available to a customer their relationship will be governed by a sof tware licence agreement.
The customer will have no rights in and to the source code of the software and will only have the right to use and utilize the software subject to the limitations placed thereon by the licensor. Software licences are usually independent agreements bu t may also form part of a more comprehensive agreement.
The SDLC refers to the stages and tasks in the development and productive use of a system throughout its conception and productive life. In this life cycle, a specified sequence of activities is followed, and separate and distinct stages or phases of the process are demarcated by the production of "key deliverables". Such deliverables may be delivered by people with different skills and classifications. It may transpire that the SDLC of the system expires before the turn of the millennium in which cas e, as a general rule, the vendor/provider would have no obligation to fix the software or risk liability for non-compliance.
The normal role of a facilities manager is to take over the in-house systems of an IT customer and run them on behalf of that customer, typically at the customer's offices. Additionally, it may well take on some or all of the customer's staff. An ou tsourcer on the other hand will not adopt the systems previously run by the customer in-house. It will run its own systems, typically from its own offices and without recruiting any of the customer's personnel. Many customers turn to out-sourcing for fi nancial reasons and one of the most important factors in that equation is that they will no longer have to bear the costs of maintaining the necessary systems and staff.
Businesses may be forced to lay off staff after 2000 because of Y2K caused losses and, if alerted to the risk, employees would be able to make a large contribution to the Y2K program.
A business may still face liability towards customers if (although its systems are compliant) it cannot deliver its products/services because of third parties' Y2K non-compliance)
On the one hand such a record may serve to prove that the company and/or its subsidiaries took all reasonable steps at an early stage to obtain Y2K compliance.
Conversely, if such a "paper trail" is eventually used in Y2K litigation and serves to pro ve that the company and/or its subsidiaries failed to take reasonable steps to remedy all problems, this very same record may serve to hold the company liable against virtually all its potential plaintiffs.
Accordingly, the existence of such a paper trai l should be held in confidence and the file or files containing such documentation should be managed by senior management. Updates of this progress should becommunicated to your legal representatives to subject the documentation to the protection of "legal privilege".
Warren S. Reid, The Year 2000 Crisis: What surprises are left?, Cyberspace Lawyer, October, 1997