EU directive: manufacturers of software and AI soon be liable for their products
The reformed Product Liability Directive comes into force. It creates a framework for claims for damages of defective products, including in the IT sector.
(Image: artjazz/Shutterstock.com)
The amendment to the Product Liability Directive, which was agreed by the EU legislative bodies last year, comes into force on Sunday. For the first time, it forms the basis for a broad framework for compensation claims for defective products, including in the area of software and hardware.
The new regulations apply to all goods – from conventional household items and electrical appliances to digital products and more complex technologies such as robots and smart home systems. They must now be transposed into national law in the member states within two years. With this initiative, the EU legislators were primarily responding to the increase in global online shopping, the increased use of technologies such as artificial intelligence (AI) and the ongoing transition to a circular economy.
With the amendment to the more than 40-year-old predecessor published in the EU Official Journal in October, the Parliament and the Council of Ministers has modernized and strengthened the rules for compensation for personal injury, property damage and data loss caused by unsafe products.
The reform is also intended to take account of the growing number of products on the internal market that are manufactured outside the European Economic Area. For example, the directive now stipulates that manufacturers must always name an economic operator in the EU from whom injured parties can claim compensation. This also applies to products sold online.
Exceptions for open source developers
In the case of the expressly covered computer programs, it is irrelevant whether the software is installed on a device or provided as a service, for example via the cloud. In the event of embedded software errors, suppliers of components are also liable in addition to the end manufacturer. This may include connected services such as voice assistants. Similar to the Cyber Resilience Act (CRA), there is an exemption for open source: in order not to hinder innovation and research, developers of free and open source software that was created outside a commercial activity and is not offered commercially are exempt from liability.
Videos by heise
Another new feature is that as long as a manufacturer can provide software updates, they are in control and can be held liable for any errors that occur, such as a breach of legitimate security expectations. There is an extended liability period of 25 years in cases where symptoms are slow to appear. MEPs initially even pushed for up to 30 years. The EU Commission, which initiated the 2020 amendment, assures: "The directive ensures fair and predictable rules for both businesses and consumers." The Brussels-based government institution wants to set up a publicly accessible EU database with court rulings on product liability cases to better inform consumers about the application of the new requirements and the development of case law.
(nen)
