Abstract The article examines how cyberattacks influence the allocation of liability under the United Nations Convention on Contracts for the International Sale of Goods (CISG). It focuses on a scenario where a seller’s systems are breached, and the buyer receives a phishing email with altered payment details. The fundamental enquiries posed are whether the vendor must inform the buyer’s obligation or non-performance attributable to the buyer and whether the seller must inform the purchaser of the cyberattack. The analysis examines the buyer’s obligation to pay the purchase price under the Convention, discussing whether fraudulent electronic communications can modify contractual payment terms. It then analyses the potential application of the liability exemptions contained in Articles 79 and 80 of the CISG, focusing on the role of the parties’ conduct and risk allocation in cases of cyber fraud. Particular attention is devoted to relevant international case law dealing with fraudulent payment instructions and compromised electronic communications. The study also considers the obligation to mitigate damages under Article 77 of the CISG, examining its relevance in the context of cybersecurity incidents. It concludes that, while the CISG does not explicitly address cyber-fraud, its existing provisions offer a flexible legal framework for resolving such disputes. The allocation of risk largely depends on the parties’ conduct, the degree of commercial diligence exercised, and the specific circumstances of each case. The growing frequency of cyberattacks in international trade underscores the importance of contractual safeguards and proactive cybersecurity measures in cross-border commercial relationships.
Anna Kretková (Tue,) studied this question.