13  Liability with OS

13.1 Are contributors to open source exposing themselves to any liability of their solutions?

• What are possible sources of liabilities?

• Are there mitigating actions which can limit or eliminate liabilities?

13.2 Understanding Liability and Warranty in Software Development

Liability and warranty are two crucial legal concepts in the realm of software development. Liability refers to the legal obligation or responsibility that arises from actions or lack thereof. In the context of software, this could mean the responsibility for any system malfunctions, data breaches, or data loss that occur due to the software.

On the other hand, a warranty is a pledge or assurance given by the provider of the source code. It’s a promise that the software will perform as described and that any defects or issues will be addressed within a specified period.

Given the potential risks associated with software use, such as system malfunctions or data breaches, the liability and warranty of the source code provider become critical considerations.

Most open-source licenses include a disclaimer to shield developers from claims. However, the responsibility for liability and warranty doesn’t solely rest with open-source users, either. It extends to all software users, including those using commercial software.

Andy Nicholls has helpfully provided a link to the EMA’s Notice on validation and qualification of software tools used in clinical trials. This document clearly states that the sponsor bears the ultimate responsibility for the validation of the computerised system. They must provide adequate documented evidence of the validation process.

While the sponsor can rely on qualification documentation provided by the vendor, they must assess the adequacy of the vendor’s qualification activities. Based on a documented risk assessment, the sponsor may also need to perform additional qualification and validation activities.

The sponsor is ultimately responsible for the validation of the computerised system and for providing adequate documented evidence on the validation process. […] The sponsor may rely on qualification documentation provided by the vendor, if the qualification activities performed by the vendor have been assessed as adequate. However, the sponsor may also have to perform additional qualification (and validation) activities based on a documented risk assessment.

Summary: Regardless of whether open-source or commercial software is used, the sponsor carries the responsibility for warranty and liability. While commercial software requires reliance on the vendor, the transparency of open-source software offers additional avenues for assurance and accountability.

13.3 Liability and Warranty according Open Source Licenses

Most open source licenses include a disclaimer of liability and warranty. So according the license there is no liability and warranty from the source code provider.

Examples:

• MIT License

  The software is provided “as is”, without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose and noninfringement. In no event shall the authors or copyright holders be liable for any claim, damages or other liability, whether in an action of contract, tort or otherwise, arising from, out of or in connection with the software or the use or other dealings in the software.

• Apache License 2.0

  7. Disclaimer of Warranty
     Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
     
     
  8. Limitation of Liability
     In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
     
     
     
  9. Accepting Warranty or Additional Liability
     While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.

• GNU General Public License v3.0

  15. Disclaimer of warranty.
      There is no warranty for the program, to the extent permitted by applicable law. Except when otherwise stated in writing the copyright holders and/or other parties provide the program “as is” without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. The entire risk as to the quality and performance of the program is with you. Should the program prove defective, you assume the cost of all necessary servicing, repair or correction.
      
      
  16. Limitation of liability.
      In no event unless required by applicable law or agreed to in writing will any copyright holder, or any other party who modifies and/or conveys the program as permitted above, be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program (including but not limited to loss of data or data being rendered inaccurate or losses sustained by you or third parties or a failure of the program to operate with any other programs), even if such holder or other party has been advised of the possibility of such damages.

• BSD 3-Clause “New” or “Revised” License

  This software is provided by the copyright holders and contributors “as is” and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the copyright holder or contributors be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage.

13.4 How to Contribute

Contribute to the discussion here in GitHub Discussions:
Are contributors to open source exposing themselves to any liability of their solutions?

All contributions should:

• Provide your thoughts and perspectives

• Provide references to articles, webinars, presentations (citations, links)

• Be respectful in this community