{"id":1310,"date":"2022-09-30T13:31:13","date_gmt":"2022-09-30T11:31:13","guid":{"rendered":"https:\/\/fordaysec.de\/update-obligation-and-authorization\/"},"modified":"2025-12-04T11:21:43","modified_gmt":"2025-12-04T10:21:43","slug":"update-obligation-and-authorization","status":"publish","type":"page","link":"https:\/\/fordaysec.de\/en\/update-obligation-and-authorization","title":{"rendered":"Update obligation and authorization"},"content":{"rendered":"\n
<\/span>
\n

<\/p>\n<\/div><\/div>\n\n\n

Home<\/a><\/span> | Update obligation and authorization<\/span><\/span><\/div>\n\n\n
\n
\n
\n

UPDATE OBLIGATION AND AUTHORIZATION<\/h3>\n<\/div>\n\n\n\n
<\/div>\n<\/div>\n\n\n\n
\n
\n

Civil liability for IT security, i.e. the question of who is responsible for security vulnerabilities and in what way, is regulated only rudimentarily and ineptly by law. For example, an update obligation for hardware and software providers in relation to consumers has been introduced as of 1 January 2022. However, this only applies to the consumer\u2019s direct contractual partner, i.e. an electronics store or internet retailer, who regularly lacks both the technical expertise and the legal authority to provide updates himself. In contrast, the new law does not provide for any consumer rights against the actual manufacturers and providers. Thus, it can be expected that claims will often come to nothing. <\/p>\n\n\n\n

Here, product liability law could be applied. However, product liability has so far focused on physical products and \u2013 according to the prevailing opinion \u2013 excludes software. Our legal project is investigating both areas of law in order to create certainty of the law for all software supply chain participants. In this context the role of end users is also to be taken into account: For example, is it possible for the end users to prevent the installation of updates by suppliers or manufacturers. And as a following question, would they be liable for a third-party damage caused by their Internet of Things (IoT) devices in this case?<\/p>\n<\/div>\n\n\n\n

\n
\n
\"\"
from left to right: Raphael Brenner (from October 2022 to November 2024), Malte Leith\u00e4user (until July 2025), Thomas Riehm, not pictured: Elvin Lovic, Quirin Thomas (from April 2025 to August 2025)<\/figcaption><\/figure>\n<\/div><\/div>\n\n\n\n

Contact<\/strong><\/p>\n\n\n\n

Prof. Dr. Thomas Riehm
University of Passau
Mail: thomas.riehm@uni-passau.de<\/a>
Phone: +49 (0) 851 509-2240<\/p>\n\n\n\n

Elvin Lovic
University of Passau
Mail: elvin.lovic@uni-passau.de<\/a>
Phone: +49 (0) 851 509-2247<\/p>\n<\/div>\n<\/div>\n<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"

Civil liability for IT security, i.e. the question of who is responsible for security vulnerabilities and in what way, is…<\/p>\n","protected":false},"author":4,"featured_media":0,"parent":0,"menu_order":70,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"class_list":["post-1310","page","type-page","status-publish"],"acf":[],"yoast_head":"\nUpdate obligation and authorization - fordaysec<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/fordaysec.de\/en\/update-obligation-and-authorization\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Update obligation and authorization - fordaysec\" \/>\n<meta property=\"og:description\" content=\"Civil liability for IT security, i.e. the question of who is responsible for security vulnerabilities and in what way, is…\" \/>\n<meta property=\"og:url\" content=\"https:\/\/fordaysec.de\/en\/update-obligation-and-authorization\" \/>\n<meta property=\"og:site_name\" content=\"fordaysec\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-04T10:21:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/fordaysec.de\/wp-content\/uploads\/2023\/03\/C07-Riehm_.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"722\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/fordaysec.de\\\/en\\\/update-obligation-and-authorization\",\"url\":\"https:\\\/\\\/fordaysec.de\\\/en\\\/update-obligation-and-authorization\",\"name\":\"Update obligation and authorization - fordaysec\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/fordaysec.de\\\/en#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/fordaysec.de\\\/en\\\/update-obligation-and-authorization#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/fordaysec.de\\\/en\\\/update-obligation-and-authorization#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/fordaysec.de\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/C07-Riehm_.jpg\",\"datePublished\":\"2022-09-30T11:31:13+00:00\",\"dateModified\":\"2025-12-04T10:21:43+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/fordaysec.de\\\/en\\\/update-obligation-and-authorization#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/fordaysec.de\\\/en\\\/update-obligation-and-authorization\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/fordaysec.de\\\/en\\\/update-obligation-and-authorization#primaryimage\",\"url\":\"https:\\\/\\\/fordaysec.de\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/C07-Riehm_.jpg\",\"contentUrl\":\"https:\\\/\\\/fordaysec.de\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/C07-Riehm_.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/fordaysec.de\\\/en\\\/update-obligation-and-authorization#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/fordaysec.de\\\/en\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Update obligation and authorization\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/fordaysec.de\\\/en#website\",\"url\":\"https:\\\/\\\/fordaysec.de\\\/en\",\"name\":\"fordaysec\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/fordaysec.de\\\/en#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/fordaysec.de\\\/en?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/fordaysec.de\\\/en#organization\",\"name\":\"fordaysec\",\"url\":\"https:\\\/\\\/fordaysec.de\\\/en\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/fordaysec.de\\\/en#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/fordaysec.de\\\/wp-content\\\/uploads\\\/2022\\\/09\\\/ForDaySec-Logo.png\",\"contentUrl\":\"https:\\\/\\\/fordaysec.de\\\/wp-content\\\/uploads\\\/2022\\\/09\\\/ForDaySec-Logo.png\",\"width\":1000,\"height\":410,\"caption\":\"fordaysec\"},\"image\":{\"@id\":\"https:\\\/\\\/fordaysec.de\\\/en#\\\/schema\\\/logo\\\/image\\\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Update obligation and authorization - fordaysec","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/fordaysec.de\/en\/update-obligation-and-authorization","og_locale":"en_US","og_type":"article","og_title":"Update obligation and authorization - fordaysec","og_description":"Civil liability for IT security, i.e. the question of who is responsible for security vulnerabilities and in what way, is…","og_url":"https:\/\/fordaysec.de\/en\/update-obligation-and-authorization","og_site_name":"fordaysec","article_modified_time":"2025-12-04T10:21:43+00:00","og_image":[{"width":1000,"height":722,"url":"https:\/\/fordaysec.de\/wp-content\/uploads\/2023\/03\/C07-Riehm_.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/fordaysec.de\/en\/update-obligation-and-authorization","url":"https:\/\/fordaysec.de\/en\/update-obligation-and-authorization","name":"Update obligation and authorization - fordaysec","isPartOf":{"@id":"https:\/\/fordaysec.de\/en#website"},"primaryImageOfPage":{"@id":"https:\/\/fordaysec.de\/en\/update-obligation-and-authorization#primaryimage"},"image":{"@id":"https:\/\/fordaysec.de\/en\/update-obligation-and-authorization#primaryimage"},"thumbnailUrl":"https:\/\/fordaysec.de\/wp-content\/uploads\/2023\/03\/C07-Riehm_.jpg","datePublished":"2022-09-30T11:31:13+00:00","dateModified":"2025-12-04T10:21:43+00:00","breadcrumb":{"@id":"https:\/\/fordaysec.de\/en\/update-obligation-and-authorization#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/fordaysec.de\/en\/update-obligation-and-authorization"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/fordaysec.de\/en\/update-obligation-and-authorization#primaryimage","url":"https:\/\/fordaysec.de\/wp-content\/uploads\/2023\/03\/C07-Riehm_.jpg","contentUrl":"https:\/\/fordaysec.de\/wp-content\/uploads\/2023\/03\/C07-Riehm_.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/fordaysec.de\/en\/update-obligation-and-authorization#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/fordaysec.de\/en"},{"@type":"ListItem","position":2,"name":"Update obligation and authorization"}]},{"@type":"WebSite","@id":"https:\/\/fordaysec.de\/en#website","url":"https:\/\/fordaysec.de\/en","name":"fordaysec","description":"","publisher":{"@id":"https:\/\/fordaysec.de\/en#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/fordaysec.de\/en?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/fordaysec.de\/en#organization","name":"fordaysec","url":"https:\/\/fordaysec.de\/en","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/fordaysec.de\/en#\/schema\/logo\/image\/","url":"https:\/\/fordaysec.de\/wp-content\/uploads\/2022\/09\/ForDaySec-Logo.png","contentUrl":"https:\/\/fordaysec.de\/wp-content\/uploads\/2022\/09\/ForDaySec-Logo.png","width":1000,"height":410,"caption":"fordaysec"},"image":{"@id":"https:\/\/fordaysec.de\/en#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/fordaysec.de\/en\/wp-json\/wp\/v2\/pages\/1310","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fordaysec.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/fordaysec.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/fordaysec.de\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/fordaysec.de\/en\/wp-json\/wp\/v2\/comments?post=1310"}],"version-history":[{"count":10,"href":"https:\/\/fordaysec.de\/en\/wp-json\/wp\/v2\/pages\/1310\/revisions"}],"predecessor-version":[{"id":2624,"href":"https:\/\/fordaysec.de\/en\/wp-json\/wp\/v2\/pages\/1310\/revisions\/2624"}],"wp:attachment":[{"href":"https:\/\/fordaysec.de\/en\/wp-json\/wp\/v2\/media?parent=1310"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}