Introduction
The revised Product Liability Directive (EU) 2024/2853 introduces comprehensive regulations governing liability for digital and AI-based products, replacing the previous directive from 1985 [8] [9]. This directive significantly expands the scope of liability to include all types of software [1], explicitly encompassing applications [7], operating systems [3] [7], artificial intelligence (AI) systems [5] [10], mobile applications [6], and Internet of Things (IoT) devices. It establishes a strict liability system for producers [12], eases the burden of proof for consumers [11], and broadens the definition of “product” and “defect.” The directive also extends liability to various parties within the supply chain and introduces a new disclosure regime to assist claimants.
Description
The revised Product Liability Directive (EU) 2024/2853 introduces comprehensive regulations governing liability for digital and AI-based products, replacing the previous directive from 1985 [8] [9]. This directive significantly expands the scope of liability to include all types of software [1], explicitly encompassing applications [7], operating systems [3] [7], artificial intelligence (AI) systems [5] [10], mobile applications [6], and Internet of Things (IoT) devices. Set to come into effect on December 9, 2024 [10], it initiates a two-year period for EU member states to integrate the new framework into their national laws [10], applying to products marketed after December 9, 2026 [6]. Companies must prepare for these changes [1], which include stricter liability standards [1], a reduced burden of proof for claimants [1], and new procedural requirements such as streamlined evidence facilitation and disclosure obligations [1].
The directive establishes a strict liability system for producers of defective products, easing the burden of proof for consumers seeking compensation for damages [11]. It explicitly defines software [4] [6] [12], including applications and operating systems [3] [7], as products and broadens the definition of a “defect” to encompass issues arising from software updates, upgrades [7], interconnectedness [4] [12], self-learning capabilities [4] [12], and cybersecurity vulnerabilities [2] [4] [10] [12]. Manufacturers are liable for any defects present at the time their software or AI system is released [7], including those that may emerge post-release [3] [7]. Authorities and courts are mandated to consider cybersecurity requirements when assessing product defects [1]. Manufacturers of AI systems will be held liable for damages resulting from unexpected behaviors [10], as such unpredictability will not serve as a defense [10]. A key feature of the directive is the establishment of a rebuttable presumption of defectiveness and causality [5], which facilitates the burden of proof for victims claiming damages caused by AI [5]. This presumption is particularly relevant given the technical complexity of AI systems, which can hinder the ability to establish proof of defects or causal links [3].
The directive broadens the definition of “product” to encompass both tangible and intangible items [8] [9], including computer software, digital files [8] [9], robots [8] [9], drones [3] [8] [9], and other smart systems [8] [9]. A product is deemed defective if it fails to meet expected safety levels or legal requirements [1] [8] [9], with new considerations for AI systems that learn or evolve post-launch [1]. Manufacturers may be liable for unexpected harmful behavior in such products [1]. The definition of “manufacturer” now includes individuals and entities that develop or produce products [1], even for personal use [1], and encompasses anyone who presents themselves as the manufacturer [11].
Fulfilment service providers [1] [2] [8] [9], online platform operators [1], and authorized representatives are also held accountable for defective products, expanding the range of liable parties beyond traditional supply chains to include manufacturers [1], importers [1] [8] [9] [10], and distributors [8] [9]. This is particularly relevant for products manufactured outside the EU, as importers or representatives will be liable for damages caused by these products. If a product undergoes substantial modification by another party [1], liability may shift to the importer or fulfilment service provider [1]. The directive removes previous liability caps and deductibles [1], reflecting an anticipated increase in lawsuits. The long-stop period for latent damage claims has been extended from 10 to 25 years [2], allowing claims to be pursued longer after a product’s market introduction [2], with a further extension to 25 years in exceptional cases for personal injury claims.
To assist claimants in proving product defects [10], the directive establishes a new disclosure regime [10], enabling them to obtain necessary information from manufacturers while balancing the protection of confidential information and trade secrets [10]. Organizations must reassess their product design and development processes for the European market [8], evaluate their interactions within the supply chain [8], determine their liability [8], and explore risk mitigation strategies [8], including appropriate insurance [8]. Companies are urged to begin preparations early [1], conducting a comprehensive review of EU and national product safety laws [10], including a gap analysis to identify compliance issues [10], and ensuring transparency in documentation [1]. They should also assess older products that may lack necessary software updates [10], as failure to update could lead to liability for injuries caused [10]. Additionally, organizations should consider connections with other EU legislation [1], such as the forthcoming AI Liability Directive [2] [10], which aims to harmonize civil liability claims and establish a regime of strict liability for operators of high-risk AI systems [5], to mitigate future liability risks [1]. The directive recognizes medically acknowledged psychological damage and non-material losses as compensable damages [11], and Member States can implement national compensation schemes for victims unable to obtain compensation from liable economic operators [11].
The interplay of the AI Act [4], Revised PLD [4] [12], and proposed AI Liability Directive signifies a shift in product liability to encompass both physical and digital products [4], indicating a need for stakeholders to stay informed about this evolving regulatory landscape and its implications for business operations [4]. The proposed AI Liability Directive aims to harmonize non-contractual [4] [12], fault-based liability rules for injuries caused by AI systems [12], affecting negligence claims under tort law in various Member States [12]. It allows claims against any party influencing the AI system [12], not just manufacturers [4] [12], and covers a wider range of damages [12], including those related to discrimination and privacy breaches [12]. National courts would have the authority to compel providers of high-risk AI systems to disclose relevant evidence in cases of suspected damage [12], enhancing consumer protection against defective products [12].
Conclusion
The revised Product Liability Directive (EU) 2024/2853 marks a significant shift in the regulatory landscape for digital and AI-based products, expanding liability to encompass a broader range of products and parties. By establishing stricter liability standards and easing the burden of proof for claimants, the directive aims to enhance consumer protection and ensure accountability within the supply chain. Organizations must proactively adapt to these changes, reassessing their product design [8], development processes [8], and interactions within the supply chain to mitigate potential risks. The directive’s alignment with other EU legislation, such as the AI Liability Directive [10], underscores the importance of staying informed and prepared for the evolving regulatory environment.
References
[1] https://www.jdsupra.com/legalnews/new-eu-product-liability-directive-9358549/
[2] https://www.taylorwessing.com/en/insights-and-events/insights/2024/12/new-product-liability-directive
[3] https://www.jdsupra.com/legalnews/the-eu-updates-its-products-liability-9264079/
[4] https://www.mhc.ie/latest/insights/revised-product-liability-directive-and-the-proposed-artificial-intelligence-liability-directive
[5] https://www.europarl.europa.eu/legislative-train/theme-a-europe-fit-for-the-digital-age/file-ai-liability-directive
[6] https://www.lexology.com/library/detail.aspx?g=6196cc42-7487-44d2-8dd1-689fc056e7ef
[7] https://whatstrending.fenwick.com/post/102jran/the-eu-updates-its-products-liability-directive-to-include-ai
[8] https://www.law.co.il/en/articles/2024/12/12/eu-product-liability-directive-en/
[9] https://www.pearlcohen.com/the-new-european-directive-on-defective-products/
[10] https://www.pinsentmasons.com/en-gb/out-law/analysis/revised-eu-product-liability-regime-expands-ai-software-providers
[11] https://www.europarl.europa.eu/legislative-train/theme-a-europe-fit-for-the-digital-age/file-new-product-liability-directive
[12] https://www.lexology.com/library/detail.aspx?g=f605ac3b-c3f1-4ab8-bcb4-5d63c99e30ec
