Businesses and organisations will by now be aware of the century date change problem, variously referred to as the "millennium time bomb", the "millennium bug" the "year 2000 problem" and so on, which we will call here "Y2K". Detailed explanations are available from technical papers and a basic explanation of the problem is outlined in the sister publication to this, entitled " Legal Guidelines on Millennium Date Change Issues". This briefing can usefully be read in conjunction with those guidelines, which give pointers for approaching the problem.

It may not be immediately obvious that the legal issues raised by the Y2K problem are serious and demand immediate attention. So, as an introduction to this briefing and to help understand the impact of the Y2K problem, we offer the following statement:

By the end of 1998 companies facing substantial contingent liabilities in the cost of averting the Y2K problem will have had their accounts qualified if they are unable to properly cost and detail their remedial plans. Directors will need to consider whether they could become personally liable for wrongful trading.

Some, no one knows how many, businesses and organisations affected by the Y2K problem:

· will be unable to continue to provide services they are contractually bound to provide, because the resources required become too expensive or unavailable, or the internal systems that support them cannot be made to work;

· will be unable to continue their normal activities because a legally required licence or permission is void or revoked as a result of the inability of the systems of that business to meet statutory or regulatory requirements (e.g. Banks, Financial sector companies, utility companies, transport and process operating companies).

At the outset it must be recognised that Y2K is not solely an IT issue. Board members cannot simply hand over the project to their internal IT functions and hope to absolve themselves from responsibility. Y2K may have no impact on an organisation’s IT system at all but still have a significant commercial impact, because of embedded systems in non-IT managed areas (see below).

The Y2K problem can affect anything with a chip in it, even devices or systems that do not have any obvious time-keeping features. If personal injury or death could result as a failure of a device containing an embedded system failing to function correctly as a result of century or other date changes, a decision must be made as to whether the device can be tested adequately and, if not, whether the risks involved mean that affected equipment must be taken out of service.

Y2K is unique because it affects every organisation, business and government agency on the planet. More important to management, it potentially affects every customer and supplier of every business. If steps are not taken to eliminate exposure where there is a sole major supplier or customer of a particular product or service, inevitable interruption to service and possible business failure will follow.

Although, at the time of writing, there are still resources available in certain areas of IT skills, it is predicted that companies will face the prospect of being unable to recruit the people required to rectify their systems. As Goldman Sachs have said:

Throughout this briefing we refer to "systems" and "equipment". By these we mean not only computer hardware and software, such as PCs, but also anything in any type of computer-controlled or electronic/electro-mechanically operated product, machinery or automated device.

Collectively referred to as "embedded systems", these comprise anything containing programs that control operation. They are present in anything from telephones, videos and televisions, through to aeroplanes, manufacturing plant, oil refineries, traffic lights, cash registers, ships radar, parking ticket machines, oil and gas pipelines, lifts etc.

There are a number of unique features about embedded systems that make them particularly challenging from a Y2K point of view. These include: the fact that they are not easily found or identifiable, because, as their name suggests, they are usually embedded in the equipment; you cannot generally obtain from them a list of programs; and the act of checking them for Y2K readiness may cause them to fail or may destroy them.

For example an average manufacturing plant, producing, say moulded plastic, may encounter the following examples of problems with embedded chips:-

The heat sensors which regulate the temperature control in the pipes containing and routing the liquid plastic to the individual moulds may contain single individual chips, these may not be affected, but might if, for example, they send temperature readings to the main control panel so that a report can be produced every 12 hours, in which case they may be affected because they may contain date and therefore time code. Of course it could be the case that the chip may continue to provide a temperature reading, but not a reading for report purposes every 12 hours. Alternatively it may be programmed to take a reading every 3 minutes, in which case even the temperature reading may be affected, because the interoperability of the chip and the control panel may cause a conflict because of timing code problems and therefore because it cannot take a reading every 3 minutes it may fail to take any readings or cause errors when reporting data to the control panel. It is also conceivable that because of non-compliance they may fail altogether.

The pipes routing the liquid plastic may depend on an assembly of chips on a PCB to operate the valve supplying the correct quantity of liquid plastic into the mould. These may depend on date code, because the plant produces 50 moulded plastic fascias every hour and therefore may be affected by the millennium problem.

Alternatively a number of individual chips and assemblies may be used together with a PC to actually control the whole manufacturing plant process – here there may be a problem in the hardware (PC’s) or software in the PC which may have the same date change problem as office systems because of the language the program was written in, or the chips in the PC, added to this the chips in the sensors and valves, flow controls etc. actually embedded in the plant may be effected.

Some of the chips or assemblies may also relate to safety critical control functions and employees’ safety or the safety of visitors to the site may be compromised. The factory premises may rely on smoke detectors and alarm systems all containing chips with embedded time code. Self-testing functions as well as report data may be affected by the millennium problem.

It can be seen that in this scenario an average manufacturing business may be greatly effected by the millennium problem in embedded systems, not just the business desktop systems, such as accounting and spreadsheets.

In this example, employees’ safety may be compromised, the plastic may harden in the routing pipes causing the whole manufacturing process to grind to a halt. The cost of compensation and repair could be substantial, and in many cases uninsured. In addition there will be the cost to the business of lost sales, inability to meet existing contracts and claims from customers, not only for the failure to supply, but for their failure to comply with their own contracts with their own customers.

Prior to the Court of Appeal case of St. Albans –v- ICL there was some doubt as to whether or not "software" was "goods" under the Sale of Goods legislation. If it was "goods" then the implied terms under the Act would apply, otherwise software contracts might only be subject to ambiguous common law terms or the lesser standards contained in the Supply of Goods & Services Act to use reasonable care and skill.

Following the St. Albans case (see below) it appears that software supplied on a physical medium, the title to which passes to the purchaser, such as disks or tapes, is indeed "goods" so as to come within the ambit of the Act. Therefore software supplied online or installed without the physical medium (such as when a supplier installs the software on site, but takes the master disks with him, or where the program is downloaded from the internet) will not come within the ambit of the Act.

As will be realised the fact that software in certain circumstances may be subject to the Sale of Goods Act may have serious commercial liability implications for those who have supplied software which is non Y2K compliant, though obviously liability will be subject to the validity of any express exclusions set out in the supply contract.

The supply of hardware is "goods" under the Act, and if the software is supplied with the hardware as by OEM’s, then there will be, it is assumed, a physical medium upon which the software is supplied and, as such, the software, it appears, will satisfy the requirement of being "goods" under the Act.

The main provisions of the Sale of Goods Act 1979 relevant to Y2K issues are sections 13, 14 and 15

Section 13 of the Act provides that there is an implied condition in a contract of sale that the goods will correspond with the description, which will apply to any sale where the purchaser does not see the goods before he buys them. Even if the purchaser has seen the goods, there may be a sale by description if he has relied upon the description.

Therefore if goods are described as being Y2K compliant then if they subsequently are shown not to be, the purchaser can claim damages or reject the goods because they do not match the description. If the software documentation infers that dates will be processed, and they are not, because of Y2K, there will be a breach of this section. Suppliers will need to ensure that sales staff are made aware of the effect of representations and suppliers will need to ascertain whether sales staff have made any representations regarding Y2K in relation to recent supplies.

Section 14 is probably the best known and relates to satisfactory (formerly merchantable) quality and that goods be fit for a particular purpose.

There is an implied term in contracts of sale inserted by the Act that goods be of satisfactory quality (except for defects which are brought to the buyers attention or ought to have been noticed on examination – both of which are unlikely to be relevant in purchases of computer equipment so far as Y2K issues are concerned).

The second limb of s. 14, relating to fitness for purpose provides that where the purchaser of goods makes known to the seller, expressly or by implication, any particular purpose for which the goods are being bought, they be fit for that purpose, unless it can be shown that the purchaser has not relied, or it would be unreasonable for him to rely, on the vendors skill and judgement.

An accounts system which is to be used to extrapolate historical information into the future, which cannot recognise the year 2000 clearly would be in breach of this implied term. Note that if a purchaser has set out detailed functional requirements in a complicated specification or statement of user requirements, then it will be unlikely that this would be considered to be reliance upon the sellers skill and judgement. However if the specification has been written by the supplier or the contract for a system provides that the supplier shall be responsible for ascertaining the customers requirements, in relation to, for example an accounting system, and it fails to process Y2K dates, them clearly the customer will have relied upon the skill of the supplier and accordingly the system will not be fit for it’s purpose, which is to process dates.

Section 15 of the Sale of Goods Act deals with sales by description. This at first sight may appear to be irrelevant, but has been included to cover the situation where a user may purchase a multiplicity of computer related equipment for a multiplicity of sites and may be relevant where a supplier has procured parts from a number of sources, such as clone PC’s or PCB’s. In such circumstances it may be the case that some of the chips may be compliant and some not. It should also be noted that in some circumstances this section may apply to the supply of parts.

The section provides that there is an implied term that the bulk will correspond with the sample in quality; that the purchaser will have a reasonable opportunity of comparing the bulk with the sample; that the goods in question are free from defects making them unmerchantable which on reasonable examination of the sample would not be readily apparent.

In each case it will be necessary to decide whether or not the contract regarding the supply will be covered by the Act. Note that under s 14 there are no implied conditions or warranties as to quality or fitness in any contract of sale except as provided under that section.

Suppliers and purchasers should look at their contracts to ascertain whether any of these implied conditions relate to any particular transaction concerning non-compliant hardware/software or equipment with embedded chips and whether a) any conditions have been excluded and b) whether such exclusions are valid under the Unfair Contracts Terms Act 1997 ("UCTA").

Note also that UCTA provides that ss. 2-4 of the Act do not apply in relation to copyright licences per se which create a right or interest in the copyright work – this would tend to suggest that exclusion clauses in contracts for the supply of solely software under licence and without physical media( e.g. a disk under St. Albans) may be valid, but each case will depend upon the particular facts and circumstances and this exclusion may not apply if one looks at the totality of contractual terms in the licence agreement, i.e. it may be considered to be more than just a copyright licence per se.

This Act concerns the provision of services rather than the supply of goods per se and will cover, e.g. consultancy and programming services, but note that it will also cover an installation, because this is a transaction involving the transfer of goods during the provision of a service and therefore will come within the ambit of the Act.

This Act may mean that system integrators and consultants who may have recommended certain equipment, whether supplying it or not, may be liable in respect of non Y2K compliant equipment and this liability may be in addition to liability under the Sale of Goods Act. This may have implications for those who not only produce equipment, but consultants recommending particular types of products including forms of manufacturing plant or fire and security systems containing embedded chips.

Under s. 13 of the Act there is an implied condition that the service will be provided using reasonable care and skill. If a consultant or other service provider fails to use reasonable care and skill because, for example, he recommends non Y2K equipment, he may be found not to have provided the service with reasonable care and skill and will therefore be liable.

It should be noted that the Act does not apply to international supply contracts and therefore some IT related contracts (relating to "goods") will come outside the scope of the Act.

Essentially the Act will determine whether particular exclusion clauses (which includes limitation of liability, as well as, for example, exclusion of the implied terms under the Sale of Goods Act) are void unless they are reasonable. Whether a clause is reasonable will depend upon all the circumstances of a particular case, and the Act contains some guiding principles which should be taken into account.

The recent case of St. Albans v ICL dealt with exclusions under an IT supply contract, and awarded damages of £1.3 million, despite the limitation of liability in the contract of £100,000. Further details of the case can be obtained from Tarlo Lyons.

Surprisingly for such technology, the leading case on liability for negligence in the supply of computer goods and services is a 1932 case called Donoghue –v- Stevenson which is still used as the test for a claim in negligence.

To succeed in a claim in negligence it must be shown that the defendant owed the plaintiff a legal duty of care; that the duty was breached and that loss or injury resulted from it; and that the loss was not too remote.

Not every error or omission which causes loss will give rise to a claim in negligence, for it must be shown that the defendant failed to meet the standard of care exercised by a reasonable person in the position of the defendant. This of course raises questions in relation to computers as to what is the standard exercised by a reasonable person ? Clearly the standard of reasonableness will be related to the computer industry and therefore in relation to Y2K compliance, the plaintiff must show that the reasonable defendant would have taken into account the requirement that the computer (whether in terms of hardware/software or embedded systems or a combination of them) should have been able to process a date beyond the year 2000 (or any date before that and leap years). Therefore it may be reasonable to expect a computer to be Y2K compliant if supplied in 1997, but is it reasonable to expect a legacy system purchased in 1975 to recognise the year 2000 ?? In each case it will depend on the facts and the ability of experts in the IT field to give evidence as to industry practice and expectations, including International Standards and best practice.

Generally a manufacturer or supplier will owe a duty of care to all that come into contact with the goods. Therefore the duty is not constrained by a contractual relationship, but will apply to third parties that have no contract with the manufacturer.

This has implications particularly for those manufacturers who supply equipment containing embedded systems in safety critical areas, such as smoke detectors, gas pipeline sensors, navigation equipment and the like. If someone is injured, or a user suffers loss as a result of non Y2K compliance, then, if it can be shown that there was a breach of duty, the supplier will be liable to a workman or consumer who is injured, or the purchasers customer who suffers loss as a result, even though there is no contract. In such circumstances not only the manufacturer and the distributor would be liable, but so would the company using the equipment, the purchaser. In each case the party subject to the initial claim would claim a contribution from the other(s) in the chain.

It should also be noted that a claim in tort can result from a negligent statement or advice. For example, a company contracted to advise on Y2K compliance, who hold themselves out as possessing special skill in the area who subsequently make a statement which is acted on and such action results in loss will be liable in negligence if the statement breached the duty of care they owed to the third party. In certain circumstances liability may attach for a statement even though there was no contract between the parties.

By virtue of the Limitation Act 1980 there are various time limits within which claims must be brought.

Generally speaking for contract claims, proceedings must be brought within 6 years (or 12 if the contract is under seal) from the date breach, which in many cases will be the date of supply, and therefore the accrual of the cause of action.

In tort it is generally the case that the limitation period is 6 years from the date on which the cause of action accrued, but if the claim involves damages in respect of personal injury the claim must be brought within 3 years of accrual of the action or within 3 years of the date of knowledge, whichever is the later.

The limitation periods may however be extended in certain circumstances :-

a) where a person is liable for a quantifiable sum makes a written acknowledgement of his indebtedness or makes a part payment time will run anew from the date of part payment or acknowledgement

b) where a person is under a disability (a child or someone of unsound mind), time will run from the date the disability ceases or death whichever first occurs

c) where the action is based on fraud or mistake or where the right of action is concealed by the defendants fraud or mistake

Because of the effect of limitation periods, it may be too late to wait for the year 2000 to pursue a claim. In order to preserve the claim it may be necessary to consider issuing a protective writ now, so as to preserve the ability to pursue a claim notwithstanding the limitation period. The limitation periods define the time in which a claim must be issued.

Under the Consumer Protection Act 1987 strict liability will attach to a defective product which causes personal injury or damage to property.

Companies who therefore supply equipment which is non Y2K compliant and which subsequently causes injury or damage to property will be liable under the Act.

Liability will attach to the following parties:-

a) the producer of the product;

b) a person who holds himself out as being the producer (equipment badged even though manufactured by someone else);

c) the person who imported it into the EU in the course of business;

d) where the "producer" cannot, in a reasonable time, be identified, the person who supplied it, such as a retailer or wholesaler.

Note that "product" includes components – a particular problem with embedded systems and a potential source of liability under (d) for retailers and wholesalers because quite often the producer of equipment may purchase chips from a number of sources and the supplier may not have sophisticated stock control systems which will make it difficult to identify the supplier of a particular chip. It is also not uncommon to find that some chips do not identify the manufacturer.

Note that liability under the Act cannot be excluded in a contract.

In certain circumstances the Trade Descriptions Act 1968 may apply to Y2K issues, such as the case where a person states that equipment is compliant when in fact it is not.

Under the Act it is an offence to apply a false trade description to goods or knowingly or recklessly making a false statement in respect of the provision of services or facilities.

The offence is one of strict liability, and therefore, unlike most criminal offences, it is not necessary to show guilty knowledge, though exercising reasonable care and diligence may provide a defence.

A trade description means an indication, whether direct or indirect, and by whatever means.

Descriptions which are false may relate (for the purposes of Y2K liability), inter alia, to:-

Under the Health and Safety at Work Act 1974 an employer is under a duty to provide employees with a safe system of work. Note that this duty is also imposed under common law, but under the Act a failure may be a criminal offence. Following EC Directives a number of Regulations have been made under the 1974 Act.

The duty applies for example to the provision and maintenance of plant and equipment. Therefore, for example, injury caused by a chemical leak not being detected by a non Y2K compliant sensor would create liability for prosecution and would also give rise to a civil claim. Environmental systems in buildings which may contain embedded chips may cause companies to be in breach of regulations concerning the workplace, such as temperature control, adequate lighting, escalators etc.

It should also be noted that an offence may be committed even though no injury has occurred. Non Y2K compliant equipment could be determined by an HSE inspector to be not maintained properly.

There are various Statutes which create personal and/or criminal liability in relation to Directors of limited companies which may be invoked in relation to non Y2K compliance. Obvious statutory provisions creating specific criminal offences by directors are under the Health & Safety at Work legislation and the Trade Descriptions Act.

However, it should be noted that in certain circumstances criminal proceedings may be brought against directors of companies as a party to an offence committed by a company, even though there is no specific statutory provision creating an offence by a director, in that they may have aided and abetted or counselled or procured the commission of an offence by the principal offender, the company.

Other criminal proceedings which may be brought by prosecuting authorities in relation to directors include incitement to commit an offence or conspiracy to commit an offence.

Directors are generally said to owe a duty of care and skill but mere lack of judgement is not enough, there must be gross negligence. This may be satisfied if directors fail to check or query what is going on in a company. Generally a director will only be expected to act with such skill and care as is reasonably to be expected of them having regard to their knowledge and experience.

Depending upon the circumstances a director may be guilty of failing to use care and skill in relation to losses brought about by gross negligence in not doing anything about Y2K compliance.

Another aspect of directors liability arises under the concept of a directors fiduciary duty which essentially imposes upon a director the duty to act honestly and with the utmost good faith for the benefit of the company, by which is generally meant the shareholders, though in certain circumstances this may also include employees and creditors of the company.

The Act imposes eight principles which must be observed by data users, and most businesses now store and process information on computers which will require registration under and compliance with the Act. The main relevant principles relevant to Y2K compliance include:-

a) "personal data shall be adequate, relevant ……etc."

incorrect date information may breach this principle because it may not be relevant if the date information is incorrect.

b) "personal data shall be accurate and, where necessary, kept up to date"

clearly if certain records have incorrect dates because of the Y2K problem they will not be accurate, date problems may also prevent information being kept up to date.

c) "personal data …… shall not be kept for longer than is necessary"

if a program would normally delete entries on the third anniversary of the data event, but, because of non Y2K compliance it does not, then there may be a breach of this principle.

The Financial Services Act 1986 provides, under s. 146 in relation to listing particulars for offers to the public, that there is a duty to disclose certain information which investors and professional advisers reasonably require to make an informed decision about investing. This will include information about a company’s finances, including liabilities and prospects. There is also an ongoing duty to provide particulars which are new or where a mistake has occurred.

Any person who has acquired securities and suffered loss as the result of a material omission, misleading opinion or mis-statement may make a claim.

A company therefore wishing to raise finance by listing and issuing securities to the public may fall foul of the Act if it fails to address issues of liability for non Y2K compliance or the cost of ensuring compliance which may affect the bottom line and therefore the company’s financial status.

Similarly failing to disclose material information regarding Y2K liability or rectification costs on a merger or acquisition may invite a claim for breach of warranties of disclosure.

The Audit Faculty of the Institute of Chartered Accountants for England & Wales have recently issued a Technical Release (3/97) regarding the audit implications of the millennium date change problem.

According to the guidelines:-

a) the directors bear the responsibility of addressing the issue

b) auditors will need to make enquiries to ascertain any likely impact on the financial statements

The effect is that a companies accounts could be qualified if the auditors are not satisfied that the accounts of the business sufficiently and properly reflect the impact of the millennium date change problem.

Therefore Finance Directors and Board members may find that they have a nasty surprise in store if they’ve failed to address the issue when their auditors turn up.

Hopefully by now, senior management will have recognised the potential impact upon the business of non-compliance and will have committed resources to a compliance project.

Initially an enterprise may undertake an audit of all its existing systems which will be an inventory of all computer equipment, hardware and software and which should include an inventory of all the companies equipment, plant, machinery and environmental systems which may contain embedded systems.

Following the inventory a business may then undertake a risk assessment, which will include determining which systems are critical for the continued operation and survival of the business. Clearly systems should be categorised as critical and non-critical. Priority should be given to critical core systems.

The risk assessment may also need to take into account supplier and customer dependencies. Are your suppliers dependant on systems in order to meet your supply requirements, what are they doing about the problem and how will it affect your ability to meet your business responsibilities to customers, partners and stakeholders such as shareholders and banks ?

From a legal perspective you will need to collate all documents relating to the supply of the system, this will include all licences, escrow agreements, maintenance and support contracts, programming and contractor agreements, assignments of copyright in bespoke software, hardware supply agreements and all contracts relating to the supply and maintenance of equipment, plant, machinery and environmental systems which may include embedded systems.

An enterprise will also need to gather information from internal procurement managers of details of negotiations (if any) leading up to the purchase of relevant equipment including notes, memoranda and not forgetting any e-mail exchanges, which are easy to overlook. All of this may be relevant to the contractual relationship and whether the supplier bears responsibility for the cost of compliance, or (as may be the case under some maintenance or facility management contracts) the obligation to ensure compliance.

Before actually embarking on this process it will be good practice to discuss the evaluation and audit of contracts with your in-house lawyer (if any) or to appoint a suitably qualified law firm to undertake the process because any documents, reports and the like created during or in anticipation of litigation (which may inevitably result) will be protected by legal professional privilege and will prevent the other party from demanding it’s disclosure in any subsequent legal proceedings (see Legal Professional Privilege below).

Much of what has been said in relation to Users is relevant to Suppliers.

An audit and evaluation of products manufactured/badged and supplied to customers will need to be undertaken, determining which products may have date change problems. Again this will need to take into account not only software and complimentary hardware, but also any products sold or supplied which may contain date code in embedded chips.

A supplier will need to ascertain the extent of the problem and consider a risk assessment of liability issues which may arise from the supply of the product. Early legal input is extremely important for a supplier because of the need to assess likely claims and to carry out a legal approach to minimise exposure.

A supplier will also need to undertake an assessment of the compliance of down the chain suppliers who may provide parts or components of the finished product – can potential liability and contribution be claimed from them ? Are their parts or components Y2K compliant?

As with a user programme, a supplier will need to collate all contracts relating to supply (as above) and consider the extent and potential viability of warranty exclusions and limitation of liability. Copyright issues will also need to be addressed (see below) which may, depending upon licence and contractual terms, enable the supplier to use the rights as a bargaining tool. This of course will generally only be available in respect of software and not hardware.

The importance of a legal programme and the presence and advice of a lawyer in addressing contractual issues and dealing with potential liability and risks for a supplier cannot be over-estimated. For a supplier it will be absolutely crucial to ensure that documents created during this process attract legal professional privilege.

A commercial strategy for dealing with the process of compliance will need to be implemented and the approach will need continual legal advice. In some circumstances users affected by the supply of non Y2K compliant products will be under a duty to mitigate loss and this, together with a well developed legal strategy, may enable a supplier to address and minimise the risk of successful legal claims.

Legal input on negotiations with users will also be crucial. Commercial decisions will have to be made as to how to offer compliance – free of charge ? - As a paid for upgrade ? As part of the maintenance service? etc. Additionally commercial decisions, based on legal advice on risk and liability will need to be obtained in order to assess which products will, as a matter of priority, need to be made compliant, and which products can be phased out or a decision made not to ensure compliance because of, for example, legal limitation periods or a legal risk assessment based on exclusion clauses relating to warranties, liability etc.

In each case the strategy in relation to the product portfolio will depend upon a legal assessment based on the particular circumstances and contractual terms and suitable legal advice must be obtained to reduce exposure.

As stated above, involving a lawyer at the beginning of the audit and evaluation is essential in order to ensure that the conclusions of such evaluations will attract legal professional privilege.

The general rule is that communications between a lawyer and client in relation to obtaining legal advice and assistance are protected from disclosure in legal proceedings. This will include reports made by employees and third parties provided they are for the purpose of legal advice relating to anticipated litigation or actual litigation.

There are of course exceptions to the rule relating to privilege such as for an illegal or fraudulent purpose.

Once documents have been collated for review and evaluation it would be wise to set up a document policy across the firm. All material relating to liability issues should be restricted and marked as confidential and, where created for the purposes of obtaining legal advice, marked as privileged. Information regarding products and systems must be controlled, and preferably on a need to know basis only. Documents must be capable of being tracked and a document management system should be set up.

All requests from customers and third parties regarding Y2K issues must be centralised, as must any responses to questions. Salesmen and frontline staff must be educated regarding what they can and cannot say. Note that a comment made by a member of staff to a third party imputes knowledge on behalf of the company as a whole, and in many circumstances, whether authorised or not.

E-mail exchanges can be a particular problem. Such exchanges tend to be carried out in an informal and chatty manner. Quite often the company may not be aware that exchanges are taking place and because of their informal nature parties may be carefree in its use. Ensure that any E-mail exchanges are logged and hard copies made. Staff must be educated and a confidentiality template should be attached as a macro to all e-mail transmissions.

Faxes inter company and with your lawyers on Y2K issues should also be marked confidential and where appropriate privileged.

In certain circumstances communications should also contain a copyright notice as they will usually be protected as a literary work under the Copyright Designs and Patents Act.

Software qualifies as a literary work under the Copyright Designs and Patents Act 1988 and is protected by Copyright. As a result all software programs are copyright works, the unauthorised copying (in whole or part) of which will be an infringement without the permission of the owner of the copyright in the work and as such will render anyone who copies the work liable to a claim in damages for infringement.

This has severe implications for Y2K compliance projects because, depending upon any contractual terms and the nature of the rectification, an enterprise may be infringing the owners copyright in the work by carrying out the compliance project if it is not authorised either by the licence or by statute.

Under the Act the owner has the exclusive right to:-

a) Copy the work

b) Issue copies

c) perform, show or play the work

d) broadcast the work

e) make an adaptation of the work or do any of a) to d) in relation to an adaptation

Therefore the copyright in a computer program is infringed by a person who without the licence of the copyright owner does, or authorises another to do any of the acts set out in a) to e).

An infringement will occur in relation to the copying of the whole or a substantial part of the work and whether done directly or indirectly. Copying a program under the Act will occur if the work is reproduced in any material form and includes storing the work in any medium by electronic means. "Substantial in this sense relates to quality, not quantity and therefore any copying which takes the "essence" of a work, no matter how small, will be an infringement.

The problem with computer programs is that to use them automatically involves copying, which is usually authorised by a licence. In certain licences doing anything which is inconsistent with the licence may revoke it and therefore in some instances attempting to use a program for the purposes of making it Y2K compliant may revoke the licence (attempting to fix the program using someone other than the supplier may also invalidate any maintenance contract).

Additionally undertaking a compliance project may amount to an "adaptation" of the program which is also an act restricted by the copyright in the program and this may also amount to an infringement, because under the Act an adaptation in relation to a computer program means an arrangement or altered version of the program or a translation of it, and "translation" includes a version of the program in which it is converted into or out of a computer language or code or into a different computer language or code otherwise than incidentally in the course of running the program.

If therefore you do not own the copyright in the software or are appropriately authorised an infringement may occur if you attempt to rectify, amend or alter the program because it may amount to an adaptation. Unfortunately, even if you have handed the matter over to third party programmers or consultants you will not be able to avoid liability because you will have authorised the infringement and will be liable.

(Section 50A is concerned with back-up copies and is not relevant)

Under s. 50B there is a right of decompilation provided the decompilation is necessary to obtain information so as to create an independent program which can be operated with the program decompiled or with another program and that the information is not used for any other purpose other than this. However the information will not be necessary and will not satisfy the Act if the information is already available; goes beyond the acts necessary to achieve interoperability; or if the person obtaining the information supplies it to a person to whom it is not necessary; or uses it to create a program which is substantially similar in expression to the program decompiled or in order to do any of the acts restricted by copyright.

This may be helpful in a limited number of cases, but will be unsatisfactory for most business requirements, because it will result in an application tool which may not function in a seamless way across multiple applications and operating systems.

Both these sections cannot be excluded in any agreement, and any term purporting to do so is void.

The section which may assist is s.50C which provides:-

It is not an infringement of copyright for a lawful user of a copy of a computer program to copy OR ADAPT it, provided that it is necessary for his lawful use, which includes the necessity to copy or adapt it FOR THE PURPOSE OF CORRECTING ERRORS IN IT.

However, unfortunately a term or condition in a contract may limit lawful use and therefore many standard contracts will not allow error correcting and any attempt to copy or adapt in the face of a contractual provision prohibiting it will be an infringement.

The term of any licence may be persuasive to a court as to the question of liability for a product which is non-compliant. If, for example, a product was supplied in December 1994 under a licence granted for a period of 5 years, a court may be unwilling to hold a supplier liable for non Y2K compliance, because clearly the software was not intended to work beyond December 1999.

Conversely, a licence expressed to be "perpetual" may imply that if the software is not Y2K compliant then the supplier may be liable because the term "perpetual" implies that the software will be capable of working and recognising any date whether before or after the year 2000.

Some maintenance contracts may also give assistance in relation to potential liability, depending upon the particular terms of the maintenance or support contract. These may also apply to hardware as well as software. Terms in such contracts relating to such things as Error Correction and Updates or Modifications may provide valuable help in relation to questions of responsibility and/or liability for non Y2K compliance.

Under the CDPA the owner of a work is the creator, unless the creator is an employee who created the work in the course of his employment or, in relation to third parties (e.g. contractors), there is an express term in the contract assigning the copyright.

If an enterprise has bespoke software, and the contract between the programmer and the enterprise does not contain an express assignment or right to assign, the programmer will be the owner of the copyright. An enterprise cannot assume that they automatically own the copyright in the bespoke software just because they have commissioned and paid for it.

If you have no access to the source code you may have an escrow agreement, but these will normally only allow the release of the source code on the occurrence of specified events such as take-overs and liquidation. It may be possible to re-negotiate with some suppliers new escrow terms but this may be subject to a new payment or it may be unlikely to succeed.

The potential to seek to claim redress because of the millennium problem may encourage purchasers to question the validity of shrink-wrap licences. Shrink-wrap licences have been the preferred mode of contractual supply of off-the-shelf proprietary software for some time. The validity and usefulness of this type of contract is both ambiguous and unique. The effect of such a contract has for a long time been the subject of legal debate and cases regarding shrink-wrap licences have been almost negligible. The general argument about such licences is that you cannot impose unilateral contract conditions after the time of sale. With most shrink-wrap licences the purchaser usually only sees the contractual terms after the sale has been made and therefore the contractual terms cannot bind the purchaser who effectively only sees the contractual terms after the event.

It is therefore conceivable that some purchasers may seek to question the validity of any contractual terms regarding such supplies and suggest that any provisions relating to the exclusion of warranties or limitations of liability are voidable because the contractual terms cannot be imposed after the purchase.

Obviously whether this argument will succeed will depend upon the particular circumstances of the supply and the manner in which the terms and conditions were brought to the purchasers attention.

Those who supply such software would be wise to allow suitably qualified lawyers to review their supply contracts and to obtain advice on how to limit the ability of a purchaser of such products to argue against their validity.

When appointing third party consultants and programmers it will be necessary to ensure that compliance programs or adaptations are assigned or held in escrow as indicated above. You may also wish to negotiate a s. 50C clause even if the copyright in the program is not assigned.

Of paramount importance in any contract with a compliance contractor will be a warranty that the compliance work is actually Y2K compliant.

The drafting of a warranty in such circumstances should be with the benefit of legal advice and should cover a general definition of Y2K compliance not only for software but also the interaction of software with hardware and between operating systems and applications.

You may also wish to consider including clauses tying in particular project team members for the duration of the project and legal advice on restraint of trade and restrictive covenant clauses should be obtained.

Although there have been uncertainties as to the UK Governments view on EMU over the past 6 months it would appear from the recent statements from the labour Government, albeit delaying the decision for another 5 years, that it is sympathetic to monetary union, and it appears to be the case that the UK will join. Even if the UK does not join, many businesses who do business with Europe will be affected. EMU is raised because it will have an impact upon IT (including embedded systems in, for example, point of sale equipment and ATM’s).

The significant factor for those already facing the millennium date change problem is that EMU is fairly contemporaneous with Y2K. Unfortunately both projects face different challenges and it is unlikely that both projects will have sufficient in common to mean that businesses can deal with them as one project. As some observers have already put it, Y2K is an IT issue affecting businesses, whereas EMU is a business issue affecting IT. Unfortunately it appears to be the case that Y2K and EMU are two issues requiring two solutions.

This document is for general guidance only. Only specific advice should be relied upon where specific facts can be taken into account. Tarlo Lyons excludes all liability for actions taken, or not taken, in reliance on this briefing document alone.