On 18 November 2024, the new Product Liability Directive (the Directive) was published in the Official Journal of the EU (link). It replaces almost 40 years of legislation that was no longer relevant in the digital age, given the dynamic development of new technologies. What does it bring and what has changed? We have prepared a short summary for you.
What constitutes a product? Both software and artificial intelligence systems now fall under product liability!
The new Directive explicitly classifies software as a product. It is irrelevant whether the software is stand-alone or integrated into another item or how the software is provided (e.g. whether it is provided as part of cloud or on-premises solutions). It is clear from the Directive’s recitals that the definition also includes artificial intelligence systems. However, liability does not apply to free and open-source software when it is provided outside the course of a commercial activity. Conversely, if software is provided in exchange for personal data, it is considered to be supplied in the course of a commercial activity, and liability would therefore to such software.
When is a product considered defective?
A product is defective if it does not provide the safety that a person is entitled to expect or that is required by law. In doing so, all relevant circumstances must be assessed, including the presentation and characteristics of the product, the reasonably foreseeable use of the product, or product safety requirements, including cybersecurity requirements. AI’s continuous learning ability can be also taken into account when such product is placed on the market or put into service.
It is therefore worth bearing in mind that even inappropriate advertising or marketing claims on product packaging can now contribute to consumer claims. Not only the software’s marketing promotion, but also its technical documentation or any breach of cybersecurity legislation will play a role when assessing liability for damage caused by the software. With regard to AI systems, we point out that the Artificial Intelligence Act, if breached, can result in in, for example, liability for damage caused by the AI system under the Product Liability Directive.
Liability caused by product defect
The Directive updates the existing rules on the strict liability of manufacturers for defective products. It provides that anyone who has suffered damage to health (physical or psychological), property or data (through destruction or corruption) as a result of a defective product is entitled to compensation. The Directive includes compensation for any damage, including non-material losses if those losses can be compensated under national law. However, the Directive only addresses claims by natural persons and not claims by legal persons. The damage is no longer required to exceed €500. At the same time, it should be noted that the rules cannot be contractually limited or excluded in relation to consumers.
Who can be held responsible? Not only the manufacturer!
The Directive provides for a cascading mechanism to shift liability for product defects to successor entities in the supply chain, starting with the importer on the EU market and the manufacturer’s representative in the EU. If the manufacturer or importer cannot be identified, any distributor of the product in the EU may be held liable.
In addition to the manufacturer of the product itself, the manufacturer of a specific defective component may also be held liable if the integrated component caused defect. In addition, a person who substantially alters a product outside the manufacturer’s control and then places it on the market or into service in the EU may also be considered the manufacturer.
When should the manufacturer (or other responsible person) be exempted from liability?
Similarly to the 1985 Directive, this one provides for a number of exonerating circumstances, for example, if it is likely that the defect that caused the damage did not exist when the product was placed on the market. However, the creator of the software is not exempted from liability if the defect was caused by a subsequent or insufficient update of the software.
Simplifying the burden of proof: New obligation to disclose evidence and rebuttable presumptions!
A further significant change brought about by the Directive is the introduction of an obligation for the defendant to disclose relevant evidence on request. Courts are then entitled to require that evidence to be presented in an easily accessible and easily understandable manner, which can be problematic in practice, particularly in the case of software and artificial intelligence. Conversely, courts are obliged to take special measures that are necessary to preserve the confidentiality of trade secrets.
The Directive also establishes a number of rebuttable presumptions which, in certain circumstances—for example, if the defendant fails to disclose relevant evidence—allow for the presumption of, for example, the defectiveness of the product or a causal link between the defect in the product and the damage. In practice, these rules also ease the burden of proof for the plaintiff.
Practical implications? Class actions!
Product liability claims can become subject of class action in the future. In the EU, the deadline for implementing the Class Actions Directive, which allows authorized entities to bring actions on behalf of a group of consumers, has recently passed. Due to the nature of product liability claims, class actions could significantly increase the overall scope of claims and thus the associated business risk exposure.
When will the rules come into force?
The Directive will enter into force on the 20th day following its publication in the Official Journal of the European Union. Member states have two years to implement the Directive in national legislation.
By Zdenek Kucera, Partner, and Stepanka Havlikova, Senior Associate, Dentons
