1. COMP.SEC.100
  2. 4. Law and Regulation
  3. 4.6 Contracts (advanced)

Contracts (advanced)

The term contract describes a voluntary legal relationship between two or more persons. A very broad definition of a contract is: a promise whose performance is supported by law. A more abstract but still very concises definition is: a combination of mutually dependent expressions of intent.

In everyday language, the word contract is often used to describe communication or media in which contractual promises appear. It is worth remembering that a contract is a legal relationship that creates obligations between the parties, not a piece of paper. In some situations, however, the law may impose formal requirements on certain contractual obligations.

In the field of cybersecurity, the following contract-related issues are often important.

  • Online contracts: At what point is a contract formed in relation to the various stages of contractual communication and the arrival of a message?
  • Promoting security standards through contracts:
    • Binding the supply chain, for example, to comply with ISO 27001.
    • Closed trading and payment systems: binding participants to comply with terms, with PCI-DSS as an important example.
    • Freedom of contract and its limitations: Legislation may limit freedom of contract, including the aforementioned PCI-DSS arrangements. Another example is PSD2 (the EU Payment Services Directive #2), which may impose stricter authentication requirements than those agreed upon.
  • Warranties and their exclusion: Although providers of information technology, and especially services, often seek to exclude quality warranties, some remain as a matter of law. It is questionable whether security quality is sufficiently included.
  • Limitations and exclusions of liability: A phenomenon similar to warranties also applies to liability. Liability relates to various problems in the performance of a contract.
  • Breach of contract and remedies: What happens if the contract is not complied with.
  • A contract binds only the contracting parties, but a third party may suffer significant harm from a breach, for example a party relying on a certificate.
  • Choice of law: When the parties to a contract are in different countries, they should (try to) agree on which country’s laws govern dispute resolution. In Europe, under the Rome Convention, the default in B2B contracts is the law of the seller’s country and in B2C contracts the law of the consumer buyer’s country.
Posting submission...