The existing EU Product Liability Directive (85/374/EEC) imposes strict liability on manufacturers (and, in certain cases, other economic operators in the supply chain) for damage caused by a defective product. The burden of proof is on the claimant to show that the product was defective, that they suffered damage, and that there is a causal link between the defect and the damage. There is no requirement for the claimant to prove fault.

In 2022, the Commission proposed a new Directive. On 12 March, the European Parliament formally adopted the text it had provisionally agreed with the Council of the EU in December 2023.

As previously reported by Wiggin, the Commission’s proposal aims to modernise EU law relating to product liability, now almost 40 years old, to address, amongst other things, developments in technology. The adopted text therefore makes it clear that the definition of a “product” includes software (including updates), both standalone (e.g. smartphone app) and embedded. The text also extends “damage” (which already includes death, personal injury (which under the adopted text includes damage to psychological health) or damage to or destruction of property) to the destruction or corruption of data not used for professional purposes (e.g. deletion of files from a hard drive). Determination of whether a product is defective will now also include an assessment of the effect on the product of its ability to continue to learn or acquire new features after it is placed on the market and relevant cybersecurity requirements.

In addition to the manufacturer being liable for damage caused by a defective product, where a defective component of the product has caused the product to be defective, the manufacturer of the defective component can also be held liable for the same damage. By including integrated and connected software and related services within “components”, manufacturers may also be liable for damage caused by software updates and machine-learning algorithms to, for example, autonomous vehicles, drones or smart home systems, that are made unsafe by software updates, AI or the digital services required to operate them.

Other economic operators besides the manufacturer, such as importers, authorised representatives and fulfilment service providers, can be liable for damage in certain circumstances. The adopted text also provides that a distributor can also be liable in certain cases. This could include an online marketplace. Specifically, the distributor of a product could be liable where the relevant economic operator is based in the EU, but the distributor fails to identify that operator in response to a request from the injured user of the product. That provision will also apply to any provider of an “online platform” that allows consumers to conclude distance contracts with traders, and which itself is not an economic operator, where the conditions of Article 6(3) of the Digital Services Act are fulfilled (i.e. where an online platform enables a specific transaction in a way that would lead an average consumer to believe that the product or service is provided either by the online platform itself or by a recipient of the service who is acting under its authority or control).

A national court can presume the defectiveness of the product or the causal link between its defectiveness and the damage, or both, where, despite the disclosure of evidence by the claimant, and taking into account all the relevant circumstances of the case, the claimant faces excessive difficulties, in particular due to technical or scientific complexity (e.g. black box AI systems), in proving liability, and demonstrates that it is likely that the product is defective or that there is a causal link between the defectiveness and the damage, or both.

Finally, the circumstances in which an economic operator can be exempt from liability for a defective product will not include where the defect is due to a related service, software (including updates or upgrades) or a lack of software updates or upgrades necessary to maintain safety, where such services or software are under its control. Unlike the existing law, these provisions effectively provide that liability can arise when a defect comes into being after the product has been placed on the market or put into service. This, along with some of the other provisions of the adopted text discussed above, potentially increases the risk of doing business in the EU for in-scope providers and products.

The text must now be formally adopted by the Council. Once the law enters into force, Member States will have two years to implement the Directive into their national laws.

For more information, click here.