The public consultation on the safety of apps and other non-embedded software took place between 9 June and 15 September 2016. This report takes stock of the contributions and trends that emerge from them focusing primarily on the quantitative analysis of the responses.

Objectives of the consultation

The public consultation on the safety of apps and other non-embedded software was launched to gather input from various stakeholder groups, in particular citizens, industry and public authorities, on their experience related to the safety of apps and other non-embedded software.

Only apps and non-embedded software that are downloadable on a device such as a personal computer, tablet or smartphone or accessible on a remote location (cloud) were covered by this consultation.

This consultation was of explorative nature with the purpose of obtaining a better understanding of the possible risks and problems that non-embedded software may pose and how these problems could be dealt with.

The analysis of views will help to define future policies at the EU level in the field of the digital economy.

Who replied to the consultation?

The consultation gathered a total of 78 replies from stakeholders in Member States as well as from outside the European Union.

The largest number of responses came from Germany (12), the UK (10), Spain and Italy (both 7).

A large number of citizens (37) have actively responded to this consultation. 27 replies were received from industry, coming from different categories such as trade associations (12), businesses (10) and professional associations (5). 6 contributions came from public authorities, 5 from academia and 3 were received from civil society.

Preliminary findings observed in the public consultation

What type of apps or other non-embedded software pose safety risks?

As mentioned by 33 respondents across all stakeholder groups, the main category of apps that could pose safety risks are health and wellbeing apps.

Many replies (17) from all stakeholder groups indicate that safety risks can originate from non-embedded software and apps that do not respect data protection principles by accessing or collecting sensitive data and sensor information of the device without informing the user or requesting consent for processing this personal data.

A significant number (12) of respondents say that some apps may be subject to cyberattacks for various reasons (data collection, financial operations, controlling another device), thus increasing the safety risk of the app.

What kind of risks do they pose and which sectors are most affected?

Respondents think the sectors most affected by safety problems are the health sector (52), followed by electronic communications/telecommunications (39), finance (33) and home automation/domotics (28).

60 respondents believe apps and other non-embedded software can create economic damages, followed by 55 who say non-material damage (pain and suffering). 51 respondents mention physical damage to individuals as a risk, 38 physical damage to property and 33 say other (several options could be chosen).

Have citizens encountered any problems with unsafe apps?

16 citizens out of 37 say that they encountered problems with unsafe apps or other non-embedded software in the past. Eight say that they had problems very often or often, five say a few times and two citizens encountered problems once.

To the question what they did to tackle these problems, four citizens replied that they did not take any action, three contacted the app or software manufacturer/developer, two contacted a national authority and ten took other actions.

Out of those citizens who took action, for five of them the problem could be solved while for nine this was not the case.

Next steps

The Commission is analysing the replies to the consultation. A full synopsis report will be published on this website in due course. The results of this consultation do not point to the need of a new Commission initiative at this stage but will be considered by the Commission as to their relevance for the regulatory frameworks on medical devices, product safety, and liability.