AI Regulation Update: New EU Product Liability Directive Approved by Commission

AI regulation in the EU was never just about the EU AI Act – the AI Act was part of a package that included a new AI Liability Directive and an updated Product Liability Directive . While the future of the former is unclear, the latter was approved by the Commission on 10 October, clearing the way for the new EU Directive on Liability for Defective Products (or “new PLD”) to be signed and published in the Official Journal. 

The new PLD has updated the existing, strict liability, product liability rules to make them more suitable for an increasingly digital world. Digital products, including software and AI, are now in-scope and changes to the rules around evidence and burden of proof should make it easier for individuals to claim compensation.  

What does the new Product Liability Directive do? 

The new PLD will replace the current Product Liability Directive, which has been in place since 1985. It lays down rules on the liability of ‘economic operators’ for damage suffered by individuals (natural persons) where that damage is caused by defective products placed on the market or put into service in the EU. Economic operators are quite a wide group – they include manufacturers of products or components (which are items/services integrated into, or interconnected with, a product) but can also cover providers of a related service, authorised representatives, importers, distributors and fulfilment service providers. 

Key changes under the new PLD include:

• Expanded scope: the definition of “product” in the legislation is extended to cover software, which would cover AI. Open-source software that is developed or supplied outside the course of a commercial activity is, however, excluded from the Directive’s scope. 
   
• Limited exemptions: under traditional product safety rules, there is an exemption from liability where it is likely the defect did not exist at the time the product was put on the market. The new PLD maintains this exemption, but restricts it where software (including updates and upgrades) is involved. 
   
• Impact of AI’s ability to learn and change: when assessing whether a product is defective, the effect on the product of any ability to learn or acquire new features post market launch will be taken into account. 
   
• Modifications: if a product is repaired or upgraded outside the original manufacturer’s control, the party that modified it should be held liable. 
   
• Disclosure of evidence: to help make it easier for individual’s to obtain compensation, an injured person claiming compensation before a national court can request access to evidence at the manufacturer’s disposal to prove their claim. While the new PLD contains some protections where trade secrets are concerned, there are still concerns around how this impacts confidential information like source code. 
   
• Burden of proof presumed: the new PLD makes it easier for claims to be brought by setting out situations where the defectiveness of the product, or the causal link between the product’s defectiveness and the damages, will be presumed. This includes where the manufacturer fails to provide evidence, and where it is likely the default or causal link applies but the claimant faces “excessive difficulties” in proving it (for example due to technical complexity).
   
• Damages for data: the right to compensation only applies in respect of certain specified types of damage, one of which is damage relating to the destruction or corruption of data, provided that data is not used for professional purposes.  The other types of damage relate to death or personal injury (including psychological health) and property damage (except for the defective product itself, where the product was damaged by a defective component or where the property is used exclusively for professional purposes).
    
• Products brought from non-EU manufacturers: where a manufacturer of a product is established outside the EU, it should be possible to hold the product’s importer or the manufacturer’s authorised representative liable (to ensure that the relevant individuals can claim compensation). 
   
• Platform liability: while this may not have a specific AI angle, it is also worth noting that platforms may be held liable for defective products sold on their platforms, like other economic operators (if they act like one).

Next steps 

Once the directive is published in the Official Journal, it will then automatically become law twenty days later. However, as with any directive, Member States will need to transpose the new Directive into national law. In this case, they will have two years to do so (meaning the new rules will not apply until at least late 2026). In the meantime, organisations should start getting ready!