Revised Product Liability Directive

Proposal for a revised product liability Directive (COM(2022)495)

Status

EU

Adopted in the EU 10 October 2024.

EEA

Pending. The Commission has marked the proposal as EEA-relevant.

Norway

Pending. Implementation will likely result in an amendment of the Norwegian Product Liability Act.

Scope

The proposed Directive applies to economic operators, such as manufacturers, importers and distributors, of “products”. Providers of online platforms that allow consumers to conclude contracts with traders, are also subject to the Directive.

The proposed Directive extends the scope of potentially liable entities by defining software, digital manufacturing files and certain digital services as “products” in the meaning of the Directive. Therefore, the proposal will be of relevance for technology companies offering digital products.

The scope of the proposed Directive does not extend to the source code itself and non-commercial open source-software.

Relevance

The proposal is set to replace the current Directive on product liability. Its overarching goal is to bring the EU product liability regime up to speed with the digital age, circular economy and global value chains. While the proposed Directive has many similarities with the current Directive, it introduces important changes for the technology sector by introducing new provisions that clarifies the scope of product liability for digital products (software etc.).

Key obligations

Entities covered by the proposed Directive are subject to a strict liability (liability regardless of fault) for damages caused by defective products, including defective software and digital manufacturing files. Liability arises when an injured person proves that the product was defective, he/she has suffered damages, and there is a casual link between the damage and the product’s defectiveness.

According to the proposal, product defectiveness may extend to the lack of software updates under the manufacturer’s control as well as the failure to address cybersecurity vulnerabilities.

The proposed Directive extends the nature of damages to loss and corruption of data that is not used exclusively for professional purposes. Hence, its implementation will potentially affect limitations of liability for the customers loss of data in B2C-contracts.

Furthermore, the proposed Directive introduces new rules on evidence, which alleviate the burden of proof for example when the claimant meets excessive difficulty in proving defectiveness or a casual link because of the scientific or technical complexity of the product (e.g. AI-systems).