In brief

The European Council adopted the new Product Liability Directive on 10 October 2024, and it is now awaiting publication in the Official Journal of the European Union. From its entry into force, member states will have two years to transpose it into their national law. The new directive derogates Directive 85/374/CEE.

Considering the current context in which digitalization and business models based on sustainability and the circular economy are booming, it was crucial to carry out an update of the rules governing the civil liability of manufacturers and other operators of defective products.

The directive is part of the legislative compendium that develops a common regulatory framework at the EU level in the AI area, starting with the AI regulation that was adopted in March 2024.

Here are some of the key elements that all companies marketing products to natural persons (not entities) for non-professional use must consider, as one of the innovative aspects introduced by the directive is that a defective product is no longer only a tangible good but also an intangible good.

Relevant highlights

1. The definition of a “defective product” is maintained as a product that is unsafe, meaning that it does not offer the safety that a person is entitled to expect.
2. In assessing defectiveness, the following will be considered: presentation, labelling, design, technical characteristics, composition, packaging, instructions for assembly, installation, use and maintenance, the reasonably foreseeable use of the product and the effect on the product of any ability to continue learning.
3. The concept of “product” is broadened to include software (operating systems and applications, including those with integrated AI systems), whether embedded in a device or accessed through the cloud. It does not include the content of digital files, such as e-books or source codes. It does, however, cover digital services integrated or interconnected with a product (for example, a voice assistant service that allows one or more products to be controlled using voice commands), electricity and raw materials.
4. The economic operators that are liable for a defective product have been extended. They include the manufacturer (developer or producer of a computer product), as well as the distributor (marketer), importer, authorised representative of the manufacturer, and the provider of remote order processing services (online platforms that sell defective products, provided that they act as distributors and economic operators and not as intermediaries). If these are not located in the EU, the importer established in the EU or the authorised representative will be deemed liable. If there are none, the logistics service provider will be deemed liable.
5. The injured party may require the manufacturer to provide evidence of the defective nature of the product, respecting the principles of necessity and proportionality. The courts must guarantee confidential information and trade secrets.
6. With the same purpose of enabling the burden of proof, the Directive introduces the presumption of defect. There is a presumption of defect when the manufacturer refuses to provide the documentation required; when the product does not comply with the mandatory safety requirements established in national or European regulations; or when the damage is caused by an obvious malfunction of the product in normal or foreseeable use.
7. The presumption of a causal link, also complex to prove on certain occasions, is also introduced. The presumption will arise when, due to the technical or scientific complexity of the product, the injured party has excessive difficulty in proving its defectiveness and demonstrates that the product is likely to be defective (e.g., explanation of the inner workings of an AI system) or that a causal link exists (e.g., the relationship between a pharmaceutical or food product and the onset of a disease).
8. The release of the product into the market is no longer an exemption from liability when it does not entail the loss of control of the product by the manufacturer and the manufacturer does not introduce the necessary updates, improvements or machine learning algorithms to maintain the appropriate level of security, especially for digital products such as software or products that may be vulnerable to the evolution of cybersecurity risks.
9. The possibility of contractually limiting liability between the operators of the defective product is an option but never against the injured party.
10. Damages caused by the defective product that the injured party may claim include death or injury (including damage to psychological health), material losses such as destruction of data and moral damages. The right to compensation does not include damage to the defective product itself.
11. Legal action to claim damages is maintained at three years, although an additional expiration period of 25 years is added to the usual 10 years for injured parties in which the symptoms of a bodily injury develop slowly over time. Substantially modified products are considered new products, and, therefore, a new limitation period once such a modification occurs.
12. The liability regime established by the directive is without prejudice to the contractual liability (product warranty) or non-contractual liability (fault) that the injured party may have for reasons other than the defective nature of the good.

Finally, the directive will only apply to products placed on the market two years after its entry into force.

* * * * *

We want to thank Gemma Aquillue, Associate at BakerMcKenzie, for her contribution to this alert.