Skip to content

AI-generated content: Responses are generated by AI, automatically assembled and may contain errors. Conformi is a research tool and does not replace legal advice or case-by-case legal review. All responses should be verified using the linked original sources.

Conformi/Knowledge Base/Consumer protection/Digitale Inhalte
🛒Consumer protection

Directive (EU) 2019/770 — Digital Content and Digital Services Contracts

Analysis from 17 April 20262 sourcesOriginal version (OJ L 136, 22.5.2019, p. 1)EUR-Lex Original

Can a customer demand a refund or free fix when my SaaS product, app, or digital download does not work as promised — and what happens if our terms say otherwise?

Since 1 January 2022, any trader supplying digital content or digital services in the EU must ensure conformity with both contractual and objective quality standards — non-compliant terms are void, consumers can demand repair, price reduction, or contract termination, and your legal team must act first to align contracts with the mandatory rules.

Short Answer

Directive (EU) 2019/770 fully harmonises key contractual rules for B2C supply of digital content and digital services across all EU Member States [Art. 4]. Traders must meet both subjective requirements agreed in the contract [Art. 7] and objective quality, security, and update obligations that cannot be contracted away [Art. 8]. The burden of proof for conformity at the time of supply rests on the trader for at least one year after delivery, and for continuous-supply contracts throughout the entire contract duration [Art. 12]. Any contractual term that excludes or limits consumer rights under this Directive before the lack of conformity is reported is automatically non-binding [Art. 22].

Who is affected

Any trader — regardless of size — that supplies digital content (e.g. apps, e-books, music files, video files, software) or digital services (e.g. SaaS, cloud storage, social media, streaming) to consumers in the EU, whether for a price or in exchange for personal data [Art. 3(1)]. This includes platform providers acting as direct contractual partners. Free and open-source software supplied without price and without using personal data beyond security/compatibility/interoperability purposes is excluded [Art. 3(5)(f)].

Deadline

Fully applicable since 1 January 2022. Ongoing obligation: traders must ensure conformity at all times for continuous-supply contracts and provide security updates for the period the consumer may reasonably expect [Art. 8(2)]. Minimum liability period for single-supply acts: not less than 2 years from the time of supply [Art. 11(2)].

Risk

The Directive itself does not prescribe specific fines — sanctions and enforcement are left to Member States [Art. 21]. However, non-conformity triggers mandatory consumer remedies: free repair within a reasonable time [Art. 14(3)], proportionate price reduction [Art. 14(5)], or full contract termination with reimbursement within 14 days [Art. 18(1)]. In practice, traders face aggregate refund exposure, representative actions by consumer organisations [Art. 21(2)], and reputational risk from cross-border enforcement under Regulation (EU) 2017/2394.

Proof

Legal status

  • In force
  • as of 2026-04-17
  • Original version (OJ L 136, 22.5.2019, p. 1)

Primary sources

What to do now

Legal / DPO

  • Audit all B2C terms and conditions for digital content and services to remove any clause that limits or excludes consumer conformity rights before a defect is reported — such clauses are automatically non-binding [Art. 22(1)].
  • Verify that contracts allowing modifications to digital content or services during continuous supply include a valid reason clause, advance notice on a durable medium, and a consumer right to terminate within 30 days if the modification negatively impacts use [Art. 19(1)-(2)].
  • Establish a right-of-redress framework against upstream suppliers and developers in the supply chain to recover costs when conformity claims from consumers originate from third-party defects [Art. 20].

Compliance

  • Implement a conformity-monitoring process that tracks both subjective requirements from each contract and the objective requirements mandated by the Directive — including functionality, compatibility, interoperability, and security [Art. 7, Art. 8(1)].
  • Document burden-of-proof readiness: for single-supply acts, retain evidence of conformity at the time of supply for at least 2 years; for continuous-supply contracts, maintain conformity logs for the entire contract duration [Art. 11(2)-(3), Art. 12(2)-(3)].
  • Ensure that update and security-patch obligations are tracked and that consumers are informed about update availability, consequences of non-installation, and technical compatibility requirements before contract conclusion [Art. 8(2)-(3), Art. 12(4)].

IT / Security

  • Establish a security-update pipeline that delivers necessary patches for the period the consumer can reasonably expect — failure to provide security updates constitutes a lack of conformity triggering mandatory remedies [Art. 8(2)].
  • Implement digital-environment compatibility checks and document technical requirements communicated to consumers before contract conclusion, since proving incompatibility shifts the burden of proof back to the consumer [Art. 12(4)].
  • Build incident-response capabilities to bring non-conforming digital content or services into conformity within a reasonable time, free of charge and without significant inconvenience, as required for the first-tier remedy [Art. 14(3)].

Product / Engineering

  • Ensure every digital product or service is supplied in its most recent version at the time of contract conclusion, unless otherwise agreed — this is an objective conformity requirement [Art. 8(6)].
  • Design data-portability flows so that upon contract termination, consumer-generated content (other than personal data) can be exported free of charge, without hindrance, in a commonly used and machine-readable format, within a reasonable time [Art. 16(4)].
  • For subscription-based or continuous-supply products, build the modification workflow to comply with Art. 19: valid reason in the contract, no additional cost, clear notice on a durable medium, and either a 30-day termination window or the option to keep the unmodified version.

Key Terms

Digital content
Data which are produced and supplied in digital form, such as software, applications, video files, audio files, music files, digital games, or e-books [Art. 2(1)].
Digital service
A service that allows the consumer to create, process, store, or access data in digital form, or to share or interact with data uploaded or created by the consumer or other users — e.g. cloud storage, SaaS, social media [Art. 2(2)].
Conformity
The degree to which digital content or a digital service meets both the subjective requirements agreed in the contract (Art. 7) and the objective requirements mandated by law — including fitness for purpose, functionality, security, and update obligations (Art. 8).
Lack of conformity
Any failure of the digital content or service to meet the subjective or objective requirements, including defective or missing updates, incorrect integration due to faulty trader instructions, or third-party IP restrictions limiting use [Art. 7-10].
Functionality
The ability of the digital content or digital service to perform its functions having regard to its purpose, including aspects such as DRM restrictions or region coding that may limit usability [Art. 2(11)].
Interoperability
The ability of the digital content or digital service to function with hardware or software different from those with which digital content or services of the same type are normally used [Art. 2(12)].
Durable medium
Any instrument enabling the consumer or trader to store personally addressed information in a way accessible for future reference and allowing unchanged reproduction — e.g. paper, email, USB sticks, or memory cards [Art. 2(13)].
?

Frequently Asked Questions

Does the Directive apply when the consumer pays with personal data instead of money?
Yes. Directive 2019/770 applies where the consumer provides personal data to the trader, unless the data are exclusively processed for supplying the digital content/service or for legal compliance [Art. 3(1)]. This covers, for example, social media accounts where the consumer provides a name and email used for purposes beyond service delivery.
What remedies does a consumer have when a digital service does not conform to the contract?
The consumer may first demand that the trader bring the digital content or service into conformity, free of charge and within a reasonable time [Art. 14(2)-(3)]. If that is impossible, disproportionate, or fails, the consumer may claim a proportionate price reduction or terminate the contract [Art. 14(4)]. Contract termination requires that the lack of conformity is not minor [Art. 14(6)].
Who bears the burden of proof — the trader or the consumer?
The trader bears the burden of proving conformity. For single-supply contracts, this applies for at least one year from supply [Art. 12(2)]. For continuous-supply contracts, it applies throughout the entire supply period [Art. 12(3)]. The burden shifts to the consumer only if the trader proves the consumer's digital environment is incompatible and communicated this clearly before the contract [Art. 12(4)].
Is free and open-source software covered by the Directive?
No, provided it is supplied without a price and the consumer's personal data are used exclusively for improving security, compatibility, or interoperability of that specific software [Art. 3(5)(f)]. If the open-source software is sold for a price or personal data are used for other purposes, it falls within scope.
What are the rules on modifying a digital service during an ongoing contract?
The trader may modify the digital content or service beyond conformity maintenance only if the contract provides a valid reason, the modification is free of cost, the consumer is clearly informed, and — where the change negatively impacts access or use in more than a minor way — the consumer receives advance notice on a durable medium and a right to terminate within 30 days [Art. 19(1)-(2)].
Does the Directive cover goods with digital elements, such as smart watches?
No. Digital content or services incorporated in or inter-connected with goods (goods with digital elements) are governed by Directive (EU) 2019/771 on sale of goods [Art. 3(4)]. Directive 2019/770 only applies to standalone digital content and services not forming part of a sales contract for goods with digital elements.
How quickly must the trader reimburse the consumer upon contract termination?
The trader must reimburse within 14 days of being informed of the consumer's decision to terminate, using the same means of payment and without charging any fee [Art. 18(1)-(3)]. For continuous-supply contracts, reimbursement covers only the non-conforming period and any prepaid period after termination [Art. 16(1)].
3

Assessment Factors & Checklist

Premium
Start 7-day free trial
4

Questions for Your Lawyer

Premium
Start 7-day free trial
5

Conclusion & Summary

Premium
Start 7-day free trial

Detailed analysis with source links.

Schalten Sie die KI-Analyse frei — mit markierten Fundstellen und direkten Links zu EUR-Lex. 7 Tage kostenlos testen.

Start 7-day free trial

Keine Kreditkarte heute. Kündigung jederzeit.