Source code is the foundation of how computer programs operate. Its correctness directly impacts the functioning and security of a business. In the digital age, where applications play a crucial role in almost every sector of the economy, the issue of legal liability for code, and more specifically for defects and errors in source code, is becoming a matter of fundamental importance.
One only needs to look at the effects of the global failure caused by CrowdStrike in July 2024 due to problems with the Falcon Sensor update. This shows that although debugging code is a natural process inherent in every software project, the costs associated with fixing errors can bankrupt even a well-prospering business.
Legal status of source code under Copyright Law
In Poland, source code is subject to copyright protection under the same principles as literary works. According to Article 74(2) of the Industrial Property Law, legal protection covers all forms of expression of a computer program. In simple terms, protection does not cover those parts of the code that result from the applied framework or define the general flow (define classes or functions). It should be emphasized that, according to the case law of the Court of Justice of the EU, the subject of protection includes a computer program in all its forms of expression that allow it to be reproduced in different computer languages.
Imagine creating a standard CRUD application (i.e., create, read, update, delete). The general flow of operation, i.e., a form for adding data, the logic for saving to the database, displaying a list, an editing form, or deletion logic, can be copied by anyone. So, what is protected? Unique algorithms that define operations on data, such as the method of compression or validation, the appearance of the interface, the sequence of operations that affects the efficiency of the system. This is especially important in the era of the growing popularity of AI solutions or the creation of applications from ready-made elements (no-code, low-code, or vibe coding).
Who is responsible for the code and its errors?
Since source code constitutes a work within the meaning of the Industrial Property Law, one might think that its execution does not differ from a legal point of view from cutting wood or creating a car. This leads to regulations that govern the execution of such work for remuneration. Therefore, the key from the perspective of liability is the method of software creation.
On the one hand, it can take place under an employment contract, which is regulated by the provisions of the Labor Code. This is the situation of many companies that employ their own team of programmers. On the other hand, we have B2B relations. This occurs not only when creating software in software houses or when cooperating with a company specializing in application development, but also in the case of providing software as a service. In such a situation, liability is shaped by the provisions of the Civil Code.
Responsibility for code created by an employee lies with the employer
In the case of employment under an employment contract, the employer is responsible for the correctness of the source code created by employees. This results from the specificity of this form of cooperation. The employee is subject to official instructions and does not fully independently decide what and how they do things (Article 100(1) of the Labor Code). They must, of course, have the competences corresponding to their position, but if someone suffers damage as a result of their actions, the employer is liable for it (Article 120(1) of the Labor Code).
This corresponds to the provisions of Article 74(3) of the Copyright. According to these provisions, proprietary rights to a computer program created by an employee under an employment relationship belong to the employer, unless the employment contract provides otherwise. This applies to both the complete computer program and its elements. Since the employer owns the code, it is natural that they are responsible for its potential errors or omissions. Moreover, according to Article 2(1) of the Copyright Law, any modifications to a work may be made with the consent of the copyright owner.
Contractual liability when working for oneself
In the case of defective code, disputes most often arise within the framework of contractual liability. This is due to the fact that the execution of development work usually takes place between the commissioning company and the contractor, i.e., in a B2B relationship. In such a situation, the fact that the code does not work at all or does not work properly is the basis for liability under Article 471 of the Civil Code. According to this article: "a debtor is obliged to repair damage resulting from the non-performance or improper performance of an obligation, unless the non-performance or improper performance is a consequence of circumstances for which the debtor is not liable„.
For liability for damages to exist, three conditions must be met:
- there must be a valid obligation - i.e., a contract for the execution of the system or regulations related to making this system available to clients,
- wierzycielowi musi zostać wyrządzona szkoda majątkowa – which occurs, for example, if the accounting or order processing system does not work,
- code defects must be the cause of the system's malfunction.
In the context of source code, this means that a programmer (sole proprietorship) or an IT company can be held liable if they provide defective code that does not meet the agreed requirements, and this defect causes damage to the client.
Warranty or guarantee and liability for the code
In the case of contracts for specific work, to which software development is often classified, Article 638 § 1 of the Civil Code applies. According to this article "'the provisions on warranty for defects in sold items shall apply mutatis mutandis to liability for defects in the work (…).” In practice, this means that the software creator is liable for defects in the source code, unless they result from the specifications or requirements provided by the client.
It is worth emphasizing that, according to the provisions on warranty, the seller (and in this case, the software contractor) is liable for defects that existed at the time the risk passed to the buyer or resulted from a cause inherent in the sold item (the computer program). This means that problems resulting from the later integration of the application with other programs or from the way the software is used, which was not parameterized during its creation, are the user's problem. Additionally, in B2B relations, the warranty can be excluded, and in the case of an advisory contract (liability for diligent action, not for the result of work), there will be no warranty at all.
A guarantee in IT projects is a unilateral obligation of the contractor to remove defects, errors, or faults in the software. It is free of charge and temporary, which means that the ordering party can demand the removal of defects only for a specified period defined in the guarantee. It is voluntary and is not granted by default. It must be provided by the IT project contractor by submitting a guarantee statement that specifies the guarantor's obligations and the buyer's rights in the event of software defects. Therefore, it usually occurs in contracts concluded under public procurement.
What to include in a contract with liability in mind?
The most important issue to regulate in the contract or regulations concerning the delivery or provision of software is the description of functionalities, requirements, and technical parameters. These form the basis for assessing whether the delivered or provided software complies with the contract or contains defects. Contracts concluded with companies that professionally develop applications to order also include provisions regarding the limitation or exclusion of liability. These protect the contractor.
On the other hand, for the ordering party, provisions regarding acceptance tests or the possibility of later code modification are particularly important. According to Article 74(2) of the Copyright Law, the scope of permissible modification of software for security or integration purposes with other systems is wider than in the case of ordinary works. However, this does not include the creation of new solutions, which is crucial for business development.
This material was prepared based on the following legal acts and source materials:
- The judgment of the Court of Justice of 22 December 2010, Case C-393/09 (Official Journal of the European Union C 2011, No. 63, p. 8/1), LEX 68019103.
- Labor Code - Act of June 26, 1974, Labour Code (consolidated text: Journal of Laws of 2025, item 277, as amended).
- Cypyryght Law - Act of February 4, 1994, on Copyright and Related Rights (consolidated text: Journal of Laws of 2025, item 24, as amended).
- The Civil Code – Act of April 23, 1964, Civil Code (consolidated text: Journal of Laws of 2024, item 1061, as amended).
