As discussed last week, the Internet of Things (IOT) is the network of devices which are internet enabled to collect data and share that data with both users and other internet-enabled devices.

The IOT is rapidly growing, as more devices are connected to it and more connections are created between devices already part of the IOT. Device manufacturers, software developers, users, distributors, and data analysts are all involved in a complex relationship to make use of the IOT.

This brings up the question of who is at fault when things go wrong. Because of the huge range of devices using the IOT, the results of something going wrong range from the merely inconvenient to the potentially lethal. Imagine a patient’s medication records are incorrectly transferred from a home device (A) to a hospital device (B) and as a result they are given another drug which causes a fatal interaction. 

So where does the potential for liability lie in such a catastrophic case? It depends on how the devices are manufactured, how they interact, and the pre-agreed scope of each party’s responsibility.

Both devices may have been manufactured by different companies. In addition to this, the software used in both devices may have been developed by multiple different development firms.

Further, because the IOT relies on an internet connection, the error could have been caused by a network failure. All networks have periods of downtime, planned or unplanned. A network may be able to contract out of liability if they can show their uptime levels meet the amounts agreed.

If the software in device A was developed independently and licensed for use in the device, then the license agreement may limit the liability of the device manufacturer for software errors. However, if the software for device B was developed specifically for, and owned by, the manufacturer - then the manufacturer could be liable.

During development of devices and software, rigorous testing is carried out – particularly for medical devices. But real life throws curve-balls which can’t be anticipated in testing. Contractually, the scope of what testing can reasonably be expected to foresee needs to be spelled out between developers and manufacturers. 

The tangle of liability only increases when more than two devices are sharing data. Add in the actions or inactions of the user – for example, treating a device as infallible when there is a tiny margin of error – and the question of liability in a case of systemic failure becomes a very thorny one indeed. But yet it is a question that could potentially cost billions of dollars in a lawsuit.

Because of this high cost, the contractual liability agreements between all parties involved in developing and using devices connected to the IOT must be spelled out exactly and precisely to make sure that the commitment and scope of each party’s responsibility is restricted to their particular aspect of development and implementation.