Written by: Haim Ravia, Dotan Hammer, and Or Cohen
A new European Product Liability Directive (the “PLD”) now applies to digital and AI-based products. It replaces its predecessor from 1985. The PLD defines rules of evidence and liability for compensation for property damage, personal injury, and data loss. It applies to any company in the supply chain of software and artificial intelligence (AI) systems to the European Union market, including developers, manufacturers, importers, distributors, marketing platforms, and more. This update briefly outlines the scope of the PLD, its implications, and the main changes, and explains who bears responsibility in the event of damage under the PLD.
What is a Directive?
A European Union directive is a legislative act that requires EU member states to align their national laws with the provisions of the directive, through local legislation. Directives are distinguished from regulations such as the GDPR or the European AI Act, which apply directly as law within member states without requiring further national legislation.
Expanding and Adjusting Terminology for the Digital Age
Unlike its predecessor, the new PLD expands the definition of “product” to include tangible and intangible items, such as computer software, digital files, AI products, robots, drones, and other smart systems. A “defective product” does not provide the safety that a person is entitled to expect or that is legally required, under the circumstances, considering the manufacturer’s ability to control factors like software updates, new product features, implementation of security requirements, etc. The PLD also applies to previously manufactured that undergo significant changes, including software updates or AI machine learning.
“Damage” under the new PLD now includes any physical or psychological damage caused to an individual. It covers death and injury, as well as damage to tangible or intangible property, including data loss or damage to data.
Despite these broad definitions, in order to avoid hindering technological development, the PLD does not apply to free and open-source software products developed or supplied for non-commercial purposes or security improvements unless they are incorporated into a commercial product available in the market.
Expansive Liability Across the Supply Chain
A key change in the PLD is the expansion of liability to include the entire supply chain, including manufacturers of products produced outside the European Union. Liability will fall on the defective product’s manufacturer. If the manufacturer is located outside of the European Union, liability falls on the manufacturer’s importer and its authorized representative in the EU. In the absence of an importer or authorized representative in the EU, liability will apply to fulfillment service providers supplying the product (including online service providers). Importantly, anyone who makes substantial changes to a product beyond the original manufacturer’s control is considered a manufacturer. This also includes distributors and marketers of the product or online platform (such as Amazon) if the original manufacturer cannot be identified. All parties in the supply chain will share joint liability for damages caused by defective products but can seek indemnity from one another under certain limitations.
Limited Liability and Exemption
Similar to the previous PLD, the new PLD enumerates various exemptions from liability: those who neither placed the product on the market nor put it into service; a defect resulting from compliance with legal requirements; a defect that is undetectable at the product’s launch or during its support period due to technological limitations; and a defect that materialized only after the product’s launch. A manufacturer that substantially modifies a product will bear responsibility for defects resulting from the modification unless the defect stems from an unmodified part of the original product.
Liability for defects arising after the launch of the product – such as software or AI system – will not be limited if the defect is within the defendant’s control. Examples include database updates for navigation software or other essential ancillary services, software upgrades, critical safety updates that are not provided, or damages caused by substantial changes to the product.
If the damage results from both a product defect and the injured person’s wrongdoing, the manufacturer’s liability may be reduced. However, liability will not be reduced if the damage results from both a product defect and the actions of a third party outside the supply chain, such as a hacker. Finally, the PLD invalidates contractual terms that disclaim liability for defective products. At the same time, the PLD allows microenterprises, small enterprises, and software manufacturers to include clauses disclaiming liability when their products are integrated into other manufacturers’ products.
Easing the Burden of Proof
The burden of proving the actual damage, the product’s defectiveness, and the causal link between the two rests with the injured claimant. However, the PLD eases this burden by presuming that the claimant has met their burden of proof when the defendant fails to disclose relevant evidence upon the claimant’s request or court order (including confidential information like source code), when the product fails to meet mandatory safety requirements, or when the damage results from an obvious product malfunction. The claimant is also relieved from proving a causal link if they demonstrate a defect and it is likely linked to the damage caused. The claimant will be deemed to have met the burden of proof in the face of excessive technological or scientific challenges, such as those posed by AI systems (The black box problem of AI), where it is reasonable to assume the product was defective and contributed to the damage.
Scope
The PLD enters into force this month, but will only apply to products and services launched after December 9, 2026. Its implementation requires national legislation in EU member states.
The new PLD requires organizations to review how they design and develop new products for the European market, assess their interactions with third parties in the supply chain, determine their liability, and explore ways to mitigate risks, such as suitable insurance. We recommend preparing and reviewing these matters in advance. We are available to assist;
Haim Ravia, Adv. HRavia@pearlcohen.com
Dotan Hammer, Adv. DHammer@pearlcohen.com
Or Cohen, Adv. OCohen@pearlcohen.com
Cyber, Privacy, and Copyright Group – Pearl Cohen Zedek Latzer Baratz
Disclaimer: This update is not intended to exhaust all aspects of the subject. Its purpose is general information only. It should not be relied upon as legal advice.
