Defining Y2K
Affected Parties
Goods and Services Transactions
Stock Exchange Requirements
Director's Duties
Closing Advice

The millennium bug - you may have heard about it, you may have read about it, you may even have corrected it, but from a legal standpoint do you know anything about it? This article looks at some of the Y2K-related legal implications for commercial transactions.

Defining Y2K

The Y2K (or Year 2000) challenge refers to a problem in the programming of many computers. In computer dating systems the year '99' (representing 1999) will be followed by the year '00'. This is a problem because computers have been programmed to read '00' as the year 1900 rather than 2000. Computers will therefore follow the calendar of the year 1900 rather than 2000 (and this problem is compounded by the fact that 2000 is a leap year).

Products that are able to withstand the Y2K challenge are described as Y2K compliant. There are two widely-used definitions of 'Y2K compliance' that are likely to influence legal thinking. The first, provided by the Information Technology Association of America, is as follows:

"The IT product(s), when used in accordance with its associated documentation, will be capable upon installation of accurately processing, providing and/or receiving date data from, into, and between the twentieth and twenty-first centuries, including the years 1999 and 2000, and leap year calculations, provided that all other products (eg, hardware, software and firmware) used in combination with the IT products properly exchange date data with it."

The second definition, provided by the British Standard Institution, refers to four rules for compliance.

"Year 2000 conformity shall mean that neither performance nor functionality is affected by dates prior to, during and after the year 2000. In particular:

Rule 1: No value for current date will cause any interruption in operation.

Rule 2: Date-based functionality must behave consistently for dates prior to, during and after the year 2000.

Rule 3: In all interfaces and data storage, the century in any date must be specified either explicitly or by ambiguous algorithms or inference rules.

Rule 4: Year 2000 must be recognized as a leap year."

Because these definitions are couched in terms of compliance, they may form a contractual representation or warranty.

Most businesses have not yet dealt with the Y2K challenge, and there is very little time remaining to correct the problem. The estimated aggregate cost of fixing the problem in Malaysian businesses is 8 billion ringgit.

But Y2K is more than just a technical problem that will affect business operations. It will also cause some companies to breach contracts or find themselves subject to law suits for other reasons. Many businesses will need lawyers who are information technology (IT) specialists.

Affected Parties

A complete list of parties likely to be affected by the bug is impossible to prepare. Any commercial relationship involving non-compliant computer hardware or software most probably harbours a potential suit. This means that each client may seek redress at least from the person who supplied the IT product or advice. Categories of foreseeable actionable commercial relationships include the following:

  • client/customer v supplier (at each stage in the sale and distribution chain from end user to developer);

  • shareholders v company directors and officers;

  • client v IT product consultant; and

  • client v lawyer.

The bulk of the legal activity relating to the bug involves already existing contracts as these are probably silent on the issue. However, the existing legal framework can be adapted to apply to the problem and provide for solutions. The following discussion focuses on commercial aspects (ie, client/customer v supplier and shareholders v directors/officers).

Goods and Services Transactions

A transaction should first be characterized as either a sale of goods or the supply of services. This is important because the Sale of Goods Act recognizes the concept of implied warranties.

In the English case Saint Albans City & District Council v ICL, it was suggested that where software is supplied in a tangible form (ie, on disk), it could qualify as a good and thereby fall with the scope of the UK Sale of Goods Act. This case may influence Malaysian courts in their analysis of the existence of implied warranties. The main implied terms and their operation under Malaysia's Sale of Goods Act (SOGA) are the following.

Goods corresponding with description
Where a consumer purchases goods based on a statement that the goods are Y2K compliant, and then later finds that they are not, then that consumer may claim for damages. Vendors should therefore avoid such language as: 'Error free. This is the last software you will ever need'.

Goods fit for particular purpose
SOGA provides for an implied warranty that goods are fit for a particular purpose if two requirements are met. First, the purchaser must have let the supplier know of any particular purposes for which the software or hardware would be used (ie, for a computer program that needs to be Y2K compliant). Second, the purchaser must have relied on the judgment of the supplier in the selection of the appropriate product. If the product subsequently fails to perform for the purpose communicated, the purchaser may be able to repudiate the contract and claim damages.

SOGA also provides for an implied warranty of merchantability. This section applies when a customer who has not examined a product, purchases it based on the supplier's description of the product as suitable for the customer's needs. When the customer discovers that the software or hardware is not suitable for his needs (but are fit for the ordinary purpose for which they are used), he may be able to reject it and claim damages.

However, the implied warranty of merchantability is not guaranteed in this case. It could be argued that the hardware or software has been in use for some time and has been shown to be fit for the customer's needs. The merchantability warranty can also be contracted out by the parties to the sale. Nevertheless, consideration must be given to the court's general hostility toward exclusion clauses, particularly in relation to parties with unequal bargaining power.

Even if the warranty is found to exist, generally the vendor is given time (normally 60 to 90 days) to correct the defect (ie, make it Y2K compliant).

Stock Exchange Requirements

Since June 1 1998 the Kuala Lumpur Stock Exchange has required that all listed companies report any material developments in respect of the Y2K problem and that such information should be included in their annual reports, half-yearly reports and preliminary financial statements. Accurate disclosure of this information is important as Section 364(A) of the Companies Act 1965 imposes a penalty for false and misleading statements (ie, up to 10 years' imprisonment and/or a fine of up to 250,000 ringgit).

Directors' Duties

Company directors may find that their failure to combat the millennium bug may expose them to potential personal liability. Although directors have much discretion in making their business decisions (and it is well established that the courts are reluctant to substitute the judgment or opinion of the directors), there are limitations.

In determining whether the directors acted in the interests of the company the court may consider whether an honest and intelligent person placed in the position of the directors could have reasonably concluded that the acts in question were in the interests of the company. Therefore, where the decision made was not to deal with the bug, the duty to act in the interests of the company might be considered to be breached.

Also, directors have a duty of care and diligence. The courts may interpret this to mean that directors are under a duty to familiarize themselves with the business and may not safely proceed on the basis that ignorance and failure to inquire will be protection against liability for negligence.

Finally, Section 132(1) of the Companies Act 1965 imposes a duty on directors to act honestly and use reasonable diligence in the discharge of the duties of their office.

Where directors fail to respond to the Y2K problem, but they are aware of it and that it may impact their company's business, an argument may be raised that the directors have breached their common law and statutory duties. Liability may be personal and possibly criminal.

Closing Advice

Companies that have not already done a Y2K audit should consider doing so immediately. This should include both an IT audit and a legal audit. The IT audit is used to ascertain the extent of correction required and the action that needs to be taken. A legal audit ensures that rights, potential liability and responsibility are properly identified.

If a company finds that it has Y2K compliance problems, it should take the following measures. First, ascertain whether the supplier of software and/or hardware will rectify it by way of upgrades or remediation/correction. If not, try to obtain permission from the supplier to have the problem corrected by some other IT technician.

The company should also determine whether the agreement it has with the supplier may be modified to provide that the supplier must make the software/ hardware Y2K compliant or negotiate a separate rectification/remediation agreement with the supplier.

For further information on this topic please contact Julian Ding at Zaid Ibrahim & Co by telephone (+603 257 9999) or by fax (+603 254 4888) or by email ([email protected]).
The materials contained on this web site are for general information purposes only and are subject to the disclaimer.