RP11/98-99

Y2K Liability Legislation: Overseas Experience




9 July 1999



Prepared by

Ms Eva LIU



Research and Library Services Division
Legislative Council Secretariat



5th Floor, Citibank Tower, 3 Garden Road, Central, Hong Kong
Telephone : (852) 2869 7735
Facsimile : (852) 2525 0990
Website : http://www.legco.gov.hk
E-mail : library@legco.gov.hk




C O N T E N T S

page
Part 1 - What is Y2K Liability Legislation1

Part 2 - Legislative Efforts in the United States3
Year 2000 Information and Readiness Disclosure Act3
Year 2000 Readiness and Responsibility Act3
    Period of Effectiveness
3
    Contract
3
    Tort
3
    Statutory Requirement: Limited Relief
4
    Consumer Protection
4
    Damages
4
    Limits in Class Actions
4
    Alternative Dispute Resolution
4
    Protection of Y2K Disclosure made under the Good Samaritan Act
5
Small Business Year 2000 Readiness Act (Public Law 106-8)5
Examination Parity and Year 2000 Readiness for Financial Institutions Act (Public Law 105-164)5
Other Bills5

Part 3 - Legislative Efforts in the United Kingdom8

Part 4 - Legislative Efforts in Australia9

Part 5 - Legislative Efforts in Canada10

Notes12

Appendixes13

----------------------------------------------------------------------------------------------------
The Legislative Council Secretariat welcomes the re-publication, in part or in whole, of this research report, and also its translation in other languages. Material may be reproduced freely for non-commercial purposes, provided acknowledgement is made to the Research and Library Services Division of the Legislative Council Secretariat as the source and one copy of the reproduction is sent to the Legislative Council Library.




Y2K LIABILITY LEGISLATION: OVERSEAS EXPERIENCE

PART 1 - WHAT IS Y2K LIABILITY LEGISLATION?

1.1 This refers to legislation which seeks to establish certain procedures for civil actions brought for damages relating to the failure of any computer or related device or system or process that deal with the transition from the year 1999 to the year 2000 (Y2K). The question of transition arises from a programming convention established years ago when two digits, instead of four, were used to record year so as to save computing memory and cost. As a result, many computer systems, software programmes, and semiconductors or microprocessors which contain "programmed" instructions embedded in machines or equipment (commonly referred to as "embedded chips") are not capable of recognizing certain dates in 1999 and after 31 December 1999. They will read dates in the year 2000 and thereafter as if those dates represent the year 1900 or thereafter, or will fail to process those dates. Such failure could cripple computer systems that are essential to the functioning of markets, business, consumer products, utilities, government, and safety and security systems. As computer systems are frequently linked, failure in one could lead to failure in another. A list of possible Y2K problems is in Appendix I.

1.2 Reprogramming or replacing affected computer systems before the problem cripples essential systems is a matter of socio-economic significance. Certain legislation has been introduced in overseas countries to encourage disclosure and exchange of information about computer processing problems, solutions, test practices and test results. This kind of legislation has been referred to as the "Good Samaritan Act" because it encourages companies to share information on Y2K readiness and contingency plans. Such legislation usually precedes the Y2K liability legislation in which the duties and obligations of the parties concerned are defined and the procedure for dispute settlement established.

1.3 Y2K liability may fall into three categories:

    Contract: If a software vendor fails to deliver a product that is Y2K-compliant, liability may arise under an express contractual term. In the absence of any express agreement, the vendor may still be liable under an implied contractual term that the goods provided must be of merchantable quality and fit for their intended purpose or in the case of the provision of services, they are provided with reasonable care and skill.

    Negligence: There is a duty for a supplier of goods or services to take reasonable care so that the goods or services supplied would not bring harm to the user. Failing to take such reasonable care would constitute negligence. In a claim in negligence, the plaintiff needs to prove that such failure caused reasonably foreseeable loss or harm. There is an established process by which the court assesses professional liability. Action in tort is usually taken if the defendant by his negligence caused damage to the person or property of the plaintiff. In the context of Y2K liability, action in tort may arise in many cases, such as failure of medical equipment or passenger lift which is driven by Y2K-non-compliant "embedded chips'.

    Statutory requirement: The legislature may make statutes requiring certain standards to be met, procedures to be followed, or for certain institutions and individuals to keep proper records, such as banks, brokerages, estate agents, employers, etc. In the context of Y2K liability, failure to keep proper records could result in an infringement of the statutory requirement.

1.4 This paper outlines the experience of legislative efforts to resolve Y2K liability in the United States, the United Kingdom, Australia, Canada.

PART 2 - LEGISLATIVE EFFORTS IN THE UNITED STATES

2. Year 2000 Information and Readiness Disclosure Act

2.1 The United States Congress was one of the first legislatures in the world to make legislative efforts to tackle the problem of Y2K-compliance in computers. First, it passed in October 1998 the Year 2000 Information and Readiness Disclosure Act (the "Good Samaritan Act'), which became Public Law 105-271 upon signature by the United States President on 19 October 1998. The Act encourages disclosure and exchange of information about computer processing problems, solutions, test practices and test results in connection with Y2K. It limits the liability against the maker of Y2K statements in all civil litigation, unless bad faith or fraud is involved. Temporary antitrust exemption (until 14 July 2001) is granted to individuals or businesses engaging in activities to correct or avoid a Y2K problem. A copy of the Act is attached at Appendix II. A brief summary of its legislative history is at Appendix III.

3. Year 2000 Readiness and Responsibility Act

3.1 Secondly, and most importantly, the United States Congress approved on 1 July 1999 a conference report (with conferees from the House of Representatives, the Senate and White House) on a bill to establish certain procedures for civil actions brought for damages relating to Y2K failures--bill number H.R. 775, Year 2000 Readiness and Responsibility Act. Both the House and the Senate passed the conference report on 1 July 1999; the Bill is cleared and enrolled for signature by the United States President soon. The Bill is made in response to an estimated expenditure of US$50 billion spent by American businesses to re-programme their computers and possible Y2K-related litigation estimated to be in excess of US$1 trillion. The text of the Bill is reproduced at Appendix IV and its main provisions are summarized as follows:

Period of Effectiveness

3.2 The Bill applies to Y2K failures which occur before 1 January 2003. This means that the Bill represents a one-time change in contract- and tort-related actions limited to harm caused during a narrow three-year window.

Contract

3.3 The Bill preserves all terms of an existing contract. Existing law of contract applies.

Tort

3.4 The Bill does not apply to claims for personal injury or wrongful death.

Statutory Requirement: Limited Relief

3.5 The Bill preserves all existing statutory requirements. Nonetheless, it provides limited relief from penalties for Y2K-related violations of a reporting or monitoring nature. This provision is limited to a defence to penalties; the defendant would need to show that the non-compliance was (a) unavoidable in the face of an emergency directly related to a Y2K failure; and (b) necessary to prevent the disruption of critical functions or services that could result in harm to life or property. The defendant would also be required to demonstrate that it had made a reasonable good faith effort to anticipate, prevent and effectively correct a potential Y2K failure; that it has notified the regulatory agency within 72 hours of the violation; and that it had fixed it within 15 days. The defence does not apply to any such violations occurring after 30 June 2000.

Consumer Protection

3.6 The Bill ensures that homeowners cannot be foreclosed due to Y2K failure. This provision is limited to residential mortgages and only applies to transactions occurring between 16 December 1999 and 15 March 2000.

Damages

3.7 The Bill caps punitive damages at US$250,000 or three times compensatory damages, whichever is less, for individuals with a net worth of up to US$500,000 and for companies with 50 or fewer employees. This is an objective to prevent extortion suits against deep-pockets defendants. The Bill gives a 90-day grace period to the defendant to solve problems before a suit is filed. The Bill creates a proportionate liability formula for assessing blame so that a company's financial liability is linked to its share of causing the problem. This formula would make whole individual consumers even if one of the defendants went bankrupt. The Bill applies current State standards for establishing punitive damages instead of creating a new pre-emptive Federal standard. The Bill provides no punitive damage awards against governmental entities.

Limits in Class Actions

3.8 The Bill requires class action suits to be litigated in federal court to have at least 100 plaintiffs and US$10 million in claims, or which seek punitive damages.

Alternative Dispute Resolution

3.9 The Bill encourages remediation and alternative dispute resolution over litigation. It discharges a defendant who settles a Y2K action that is not a contract action at any time before court verdict or judgement from all claims for contribution brought by other persons.

Protection of Y2K Disclosure made under the Good Samaritan Act

3.10 The Bill confirms that the protection for the exchange of information provided by the Year 2000 Information and Readiness Disclosure Act (Public Law 105-271) shall apply to any Y2K action.

4. Small Business Year 2000 Readiness Act (Public Law 106-8)

4.1 This law is popularly known as the Small Business Y2K Act, enacted 5 April 1999. It amends the Small Business Act to authorize the Small Business Administration (SBA), during the period ending on 31 December 2000 to (a) guarantee loans made by eligible lenders to small businesses to address Y2K problem, including repair and acquisition, consulting, and related expenses; and (b) provide relief for a substantial economic injury incurred by a small business as a direct result of Y2K problems. The law provides loan amounts and administration participation limits. It also requires an annual report from the SBA to the congressional small business committees on the loan guarantee programme. A copy of the law is at Appendix V.

5. Examination Parity and Year 2000 Readiness for Financial Institutions Act (Public Law 105-164).

5.1 This law addresses the Y2K problems with regard to financial institutions, to extend examination parity to the Director of the Office of Thrift Supervision and the National Credit Union Administration. Each Federal banking agency and the National Credit Union Administration Board shall offer seminars to all depository institutions and credit unions under the jurisdiction of such agency on the implication of the Y2K problem. This Act was signed by the United States President on 20 March 1998. The Homes Loan Act and Federal Credit Union Act are amended to allow examination by the regulatory agency. Copies of the law are available at Legislative Council Library; it can also be downloaded from "Research Activities" at the Legislative Council Library Sub-homepage at [EXAM.HTM].

6. Other Bills

6.1 There are a number of other bills before the United States Congress which deal with Y2K. The question addressed by some of them has been incorporated into H.R. 775 mentioned above. There are many more bills at State legislature level which deal with different aspects of Y2K within the State. For reasons of expediency, only relevant federal bills are summarized below for easy reference. Bills which originated from the House of Representatives have a bill number that begin with "H.R." while bills which originated from the Senate have a bill number that begin with "S".

S.962 "Small Business Y2K Compliance Bill": a bill to allow a tax deduction from gross income for Y2K conversion costs of small businesses. The aggregate cost could not exceed US$40,000. The Bill was introduced, read twice and referred to the Committee on Finance on 5 May 1999.

S.1138 "Y2K Bill": a bill to regulate interstate commerce by making provision for dealing with losses arising from Y2K-related failures that may disrupt communications, intermodal transport, and other matters affecting interstate commerce. Placed on calendar in Senate on 27 May 1999. All proposals have been incorporated in H.R. 775.

H.R. 1447 "National Y2K Test Day Bill": a bill to provide for the coordinated end-to-end testing and disclosure of the readiness of certain federal and non-Federal computer systems for the Y2K problem. Referred to the Subcommittee on Technology, House Committee on Science, on 22 April 1999.

S.723 "Y2K Regulatory Amnesty Bill": a bill to provide regulatory amnesty for defendants who are unable to comply with federal enforceable requirements because of factors related to a Y2K system failure. Read twice and referred to the committee on Governmental Affairs on 25 May 1999. This amnesty is referred to as "Y2K upset", which has been incorporated in H.R.775.

S.738/H.R.1319 "Y2K Fairness in Litigation Bill": a bill to assure that innocent users and businesses gain access to solutions to Y2K failures through fostering an incentive to settle Y2K lawsuits that may disrupt significant sectors of the American economy. Read twice and referred to the Committee on Judiciary on 25 May 1999. Incorporated in H.R.775.

H.R.1022/H.R.909/S.174 "Y2K State and Local Government Assistance Bill": a bill to authorize the Secretary of Commerce to make grants to States to correct Y2K problems in computers that are used to administer State and local government programmes. There would be a total of 75 grants, not more than 2 per State. Funding capped at US$40 million, to be appropriated from a special fund already established for the purpose of ensuring Y2K compliance in government. Referred to Subcommittee on Government Management, Information and Technology, House Committee on Government Reform on 12 March 1999.

H.R.1502 "Year 2000 Bill": a bill to minimize the disruption of Government and private sector operations caused by the Y2K problem. It stipulates action to be taken by government agencies and assistance to be given to health care providers and water utilities. Referred to the Subcommittee on Technology, House Committee on Science, on 27 April 1999

S.AMDT.621: to ensure that manufacturers provide Y2K fixes if available. Motion agreed in Senate on 10 June 1999.

S.RES.7: a resolution "to …increase funding of the Special Committee on the Year 2000 Technology-related Problems". Measure passed Senate, amended, roll call #29.

6.2 For the latest update on the progress of these bills in the U.S. Congress, please search for "Y2K" "Bill Status" at .

PART 3 - LEGISLATIVE EFFORTS IN THE UNITED KINGDOM

7.1 The Computer Millenium Non-Compliance (Contingency Plans) Bill was presented to the House of Commons on 2nd February 1999. It requires organizations responsible for the provision of essential public services and critical infrastructure to draw up contingency plans, to notify such plans and the persons responsible to an appropriate authority and to make such information available on demand. A copy of the Bill is at Appendix VI. The Bill is on the Order Paper for Second Reading on 23 July 1999.

7.2 This is the third time David Atkinson, Member of Parliament, tries to legislate on the subject. Atkinson first introduced the Companies (Millennium Computer Compliance) Bill in November 1996. The Bill imposed a statutory duty on every company to assess the Y2K compliance of its computer systems and to disclose the result in its report to the shareholders. The Bill was dropped later as it was not able to overcome procedural hurdles. Atkinson's second attempt was to bring in a Bill which requires any company related to the manufacture or sale of computer systems to conform to Y2K. He made the first reading on 31 March 1998 but took no further action subsequently.

7.3 For the latest update of this bill, please visit

PART 4 - LEGISLATIVE EFFORTS IN AUSTRALIA

8.1 Australia enacted the Year 2000 Information Disclosure Act 1999 on 26 February 1999. The Act establishes a framework for voluntary disclosure and exchange of information about Y2K computer problems and remediation efforts. The Act protects persons making Y2K statements from civil liability, unless certain exceptions apply. These exceptions are made for a range of circumstances, including false statements, pre-contractual statements, or statements made in fulfilment of an obligation or to induce consumers to acquire goods or services. Specifically, a Y2K disclosure statement does not amend a contract unless the parties otherwise agree. Copies of the law are available at Legislative Council Library; it can also be downloaded from "Research Activities" at the Legislative Council Library Sub-homepage at [ aust.htm].

8.2 There is no indication of any current discussion in the Australian Parliament leading to the making of another bill on Y2K liability. For the latest update of the legislative efforts in Australia, please visit .

PART 5 - LEGISLATIVE EFFORTS IN CANADA

9.1 There is no law enacted in Canada concerning Y2K liability. The Parliamentary Standing Committee on Industry recommended in its sixth report "The Year 2000 Problem - Where is Canada Now?" tabled in the House on 14 May 1998 that "legislative amendments be introduced to add the explicit responsibility of ensuring Year 2000 compliance to the list of directors' duties for federally incorporated businesses". The Government of Canada's response by February 1999 is extracted below:

    "Present corporate governance statutes give directors responsibility to manage the business and affairs of the corporations they oversee, with a view to the best interests of the corporation and with the care, diligence and skill of a reasonably prudent person in comparable circumstances. The Department of Justice has advised that this duty requires directors to take into account such major issues as Year 2000 problems."2
9.2 The Parliamentary Standing Committee on Industry also recommended in its sixth report that "legislative amendments be introduced to eliminate legal liability for firms who, as good Samaritans, make Year 2000 solutions available free of charge." The Government of Canada's response is extracted below:
    "The government shares the objectives of the Standing Committee's recommendation. Matters that deal with civil liability generally fall within the jurisdiction of the legislatures of the various provinces and territories. The government is bringing the Standing Committee's recommendation to the attention of provincial and territorial governments."3
However, we have not been able to locate relevant legislation at the provincial level.

9.3 In addition, the Parliamentary Standing Committee on Industry also recommended in its sixth report mentioned above that there be a complete tax write-off for new computers purchased by small and medium size businesses to replace those that are not Y2K-compliant. The Canadian Government accepted the recommendation and allowed all small and medium size businesses in Canada to take a 100% capital cost allowance on all purchases up to C$50,000 in hardware, software and in formation technology. The allowance period was made retroactive to 1 January 1998 and would be effective until 30 June 1999, later extended to 31 October 1999.

9.4 A Member of the Canadian Parliament asked the Government to consider setting a date for Y2K compliance of all computer hardware and software devices and incorporate it into the Canadian Standards Act. The Canadian Government considered that the tax exemption mentioned above was sufficient to ensure Y2K-compliance in computer hardware and software4. In addition, the Canadian Government designated the week of 8-13 February 1999 to be National Year 2000 Preparedness Week, during which every household in Canada received a guide with information on their appliances, vehicles, insurance, personal finances and computers.

9.5 For the latest update of the legislative efforts in Canada, please visit .

Notes

  1. The procedure of passing a parliamentary Bill in the United Kingdom Parliament is summarized as follows:
    First reading------Second reading------Committee stage------Report stage------Third reading------Passage through the other House------Royal Assent

  2. Please see Response to Recommendation 2 in Appendix A - Government response to the Sixth Report, "The Year 2000 Problem - Canada's State of Readiness", Thirteenth Report (Interim), Standing Committee on Industry, tabled in the House on 8 February 1999.

  3. Please see Response to Recommendation 6 in Appendix A - Government response to the Sixth Report, "The Year 2000 Problem - Canada's State of Readiness", Thirteenth Report (Interim), Standing Committee on Industry, tabled in the House on 8 February 1999.

  4. Mr. Jim Jones, see Canadian Parliamentary Hansard Number 121, 12 June 1998 at time 1150.

Appendix I

POSSIBLE Y2K PROBLEMS

A. Possible Year 2000-related Dates

9/4/99 = the 99th day of the Year 99 ("99" and "9999" digits are used as a marker for "end of file" in some computer programmes; hence, programmes may fail immediately after that date)

21/8/99-22/8/99 = the roll-over of the satellite navigation Global Positioning System

31/12/99 and 1/1/2000 = the roll-over to the new Millennium

29/2/2000 = some computer programmes may not recognize the year "00" (used to express "2000") as a leap year; hence, cannot recognize the leap day

B. Possible Y2K Problem Areas

Automated burglar alarm
Automated fire alarm
Automated lighting system
Automated sprinkler system
Computer
Cash register
Computer network
Computerized access control, including building entrance, car park entrance, passenger lift
Computerized medical equipment
Computerized payroll
Computerized production equipment or machinery
Computerized register of transaction such as trading in goods and services, including stocks and shares, issuing or processing of travel tickets, cash transfer or credit card payment, sale and purchase of real estate, etc.

Computerized recording such as programmable, closed circuit television recorder, video-cassette recorder etc.

Dating equipment
Fax machine
Safe and time lock
Telephone set, mobile telephone and telephone switchboard
Time clock
Time register, i.e. clock-in machines
Vending machine

Appendix III

A SUMMARY OF LEGISLATIVE STATUS OF
THE YEAR 2000 INFORMATION AND
READINESS DISCLOSURE ACT, U.S. PUBLIC LAW 105-271

DateFloor Actions
19 Oct 1998 Public Law 105-271
8 Oct 1998 Measure presented to President
8 Oct 1998Enrolled Measure signed in Senate
8 Oct 1998 Enrolled Measure signed in House
1 Oct 1998 Measure passed House
1 Oct 1998 Measure considered in House
1 Oct 1998Measure called up by unanimous consent in House
28 Sep 1998 Measure passed Senate, amended
28 Sep 1998 Measure considered in Senate
28 Sep 1998 Measure called up by unanimous consent in Senate
17 Sep 1998 Reported to Senate from the Committee on the Judiciary, amended