Legal expert explains: What claims victims now have after the IT chaos
Chaos at airports and train stations, postponed operations in hospitals – the damage caused by the failure of operating systems is enormous. Legal expert Marco Rogert explains whether claims for damages can now be made.
The “Falcon Sensor” program from the US company Crowdstrike is one of only a few software products used for (virus) protection of Microsoft cloud services. An update to the program has now resulted in significant problems that have paralyzed Microsoft cloud services worldwide.
Crowdstrike outage also affects sensitive infrastructure
Such applications are used not only by, but also by large companies such as airlines, clinics and so on. So it is about sensitive infrastructure. Crowdstrike shares fell massively. According to reports, no operations could take place in the affected clinics and several airlines could not operate flights, including Eurowings.
Devices affected worldwide: How to fix the “Blue Screen of Death” on Windows
Who is now liable for the damage?
However, this is probably only the tip of the iceberg of a gigantic global damage. Many companies have suffered considerable damage. The question of liability naturally arises:
- Is Crowdstrike liable for the damage caused?
- Which law is applicable?
- Where can a lawsuit be filed?
- Does any exclusion of liability or limitation of liability stipulated by the user in the general terms and conditions (GTCs) apply?
- What about Microsoft's liability if antivirus protection was delivered embedded via Crowdstrike?
- Does cyber insurance or perhaps business interruption insurance pay?
About the expert
Marco Rogert is a lawyer and commercial lawyer at the Rogert & Ulbrich law firm in Düsseldorf. The law firm represents thousands of VW buyers in the context of the emissions scandal. As one of the lawyers for the plaintiff consumer association vzbv, he helped to bring the model declaratory action against Volkswagen to a successful conclusion. 235,000 victims were compensated by VW as part of a settlement. The law firm is currently also representing people suspected of vaccine damage against pharmaceutical companies.
Rogert studied at the University of Osnabrück and the Rijksuniversiteit Leiden (Netherlands) and specializes in transport law, international commercial law and credit security law. Until May 2020, he lectured in commercial and logistics law at the University of Economics and Management (FOM) in Essen.
Still unclear whether German law is applicable
In the B2B sector, the provider cannot completely exempt itself from liability under German law, just as in the B2C sector. However, it is not possible at this point in time to make general statements about whether German law is applicable, since a Choice of law may have been agreed and this must be checked for its effectiveness.
Does the stock behind the computer chaos now offer investors a mega opportunity?
The same applies to the question of which places of jurisdiction are open, since the whole thing also applies to jurisdiction agreements. In principle, liability of the protection program provider seems obvious This damage is also likely to be covered by cyber insurance. These insurers could then seek recourse against the person who caused the damage.
Cyber insurance covers risks
Since the volume of damage is probably huge, the issue could even bring reinsurance companies into play. If the software was purchased via Microsoft's cloud services, Microsoft or the provider that used the software could also be liable. If damage occurs, it currently seems sensible to involve a lawyer who is familiar with international private law and civil procedure law as well as with the enforcement of claims for damages.
