The existing EU Product Liability Directive (85/374/EEC) imposes strict liability on manufacturers (and, in certain cases, other economic operators in the supply chain) for damage caused by a defective product. The burden of proof is on the claimant to show that the product was defective, they suffered damage and that there is a causal link between the defect and the damage. There is no requirement for the claimant to prove fault.

In 2022, the Commission proposed a new Directive. The two EU Parliament Committees responsible for this proposal have recently agreed a set of proposed amendments to the Commission’s proposal.

One key aspect of the Commission’s proposal is the extension of the definition of “product” to include software, both standalone (e.g. smartphone app) and embedded. Other aspects of the Commission’s proposal which similarly aim to address developments in technology, including protecting consumers from damage caused by AI, are set out below.

The proposal extends “damage” (which already includes death, personal injury or damage to or destruction of property) to the destruction or irreversible corruption of data not used for professional purposes provided that the material loss exceeds €1000 (the financial limit is a proposed addition by the EP Committees). Data includes any digital representation of acts, facts or information including in the form of sound, visual or audiovisual recording.

Under the proposal, a product is “defective” when it does not provide the safety which the public at large is entitled to expect taking into account a number of factors. Factors include the effect on the product of any ability to continue to learn after deployment and product safety requirements including safety-relevant cybersecurity requirements. The EP Committees have narrowed this factor to “relevant” safety requirements and to cybersecurity requirements laid down by law and intended to protect against the risk of the damage that has occurred.

In addition to the manufacturer being liable for damage caused by a defective product, where a defective component of the product has caused the product to be defective, the manufacturer of the defective component can also be held liable for the same damage.   By including connected software and services within “components”, the Commission intends to make manufacturers liable for damage caused by software updates and upgrades and machine-learning algorithms. This could cover, for example, robots, drones or smart home systems that are made unsafe by software updates, AI or the digital services required to operate them.

Finally, there are a number of circumstances in which the manufacturer or other economic operator in the supply chain can gain exemption from liability including if they can prove that it is probable that the defect did not exist when the product was placed on the market or that it came into being after that moment. Under the proposal, this exemption cannot be relied on where the defect is due to software (including updates or upgrades) or a lack of software updates or upgrades necessary to maintain safety which are within the manufacturer’s control. The EP Committees have proposed to narrow this provision to software updates or upgrades “for the reasonably expected lifespan of the product.”

The Committees’ amendments must now be approved by the European Parliament as a whole. After that, the trilogue discussions can begin with the EU Council and Commission on the final shape of the law.

For more information click here. To access the Committee’s Report, click here.