The EU AI Liability Directive (proposed as COM/2022/496) establishes fault-based civil liability rules for AI systems, introducing a rebuttable presumption of causation when a claimant proves a defendant's non-compliance with relevant duties and a causal link to the AI output is reasonably likely. It also grants courts the power to order disclosure of evidence from AI providers and deployers.
EU AI Liability Directive: Implications for AI Providers and Deployers
Purpose and Scope of the AI Liability Directive
The AI Liability Directive addresses the "black box" problem in AI tort claims: claimants often cannot prove how an AI system caused their harm. Traditional fault-based liability under national tort law requires proving a duty of care, breach, causation, and damage. For opaque AI systems, proving causation is frequently impossible without access to the system's internal workings. The Directive supplements (not replaces) national tort law by creating procedural mechanisms that rebalance the evidentiary burden.
The Rebuttable Presumption of Causation
Article 4 establishes the Directive's central mechanism. A national court shall presume a causal link between the defendant's fault and the AI system's output (or failure to produce an output) when three conditions are met: (1) the claimant demonstrates that the defendant failed to comply with a duty of care under EU or national law, or a duty specifically established under the EU AI Act; (2) it is reasonably likely, based on the circumstances of the case, that the fault influenced the output; and (3) the claimant demonstrates that the output (or absence thereof) gave rise to the damage. The defendant can rebut this presumption by showing the fault did not cause the damage.
Disclosure of Evidence
Article 3 empowers national courts to order defendants to disclose relevant evidence about high-risk AI systems. When a claimant presents facts and evidence sufficient to support the plausibility of a claim, the court can order the provider, deployer, or authorized representative to disclose evidence in their control. For non-high-risk AI systems, disclosure orders are available only when the claimant has made reasonable prior efforts to obtain the evidence from the defendant. Failure to comply with a disclosure order triggers a presumption of non-compliance with the relevant duty of care.
Interaction with the EU AI Act
The Directive works in tandem with the AI Act. Non-compliance with AI Act obligations (such as risk management under Article 9, data governance under Article 10, or transparency under Article 13) constitutes the "fault" that activates the presumption. This creates a direct enforcement incentive: AI Act compliance is not merely a regulatory matter but a shield against civil liability claims.
| Element | AI Liability Directive | Revised Product Liability Directive |
|---|---|---|
| Liability type | Fault-based (negligence) | Strict (no-fault) |
| Burden of proof | Claimant, with rebuttable presumption | Claimant, with presumption of defect |
| Covers | AI providers, deployers, users with duties | Manufacturers, importers, distributors |
| Trigger | Non-compliance with duty of care | Defective product causing damage |
| Damages | National tort law governs | Death, personal injury, property, data loss |
Who Bears Liability
The Directive applies to any person who has a duty of care under EU or national law in relation to the AI system. This includes providers obligated under the AI Act to implement risk management systems, deployers required to use systems according to instructions and monitor for risks, and any other person with relevant obligations. Multiple parties can face liability in the same chain: a provider for a defective training dataset and a deployer for failing to monitor outputs.
Practical Implications for Compliance
Organizations should treat AI Act compliance as litigation risk management. Document every compliance step: risk assessments, data governance decisions, human oversight procedures, and post-market monitoring actions. Retain logs of AI system inputs and outputs for the periods prescribed by national limitation rules. Establish contractual allocation of liability between providers and deployers, specifying who bears disclosure obligations and maintains technical documentation. Consider AI-specific liability insurance, as traditional professional indemnity policies may exclude AI-related claims.
National Implementation Considerations
As a directive (not a regulation), member states must transpose its provisions into national law. Variation is expected in procedural details: the standard of "reasonable likelihood" for activating the presumption, the scope of disclosure orders, and the interaction with existing national tort doctrines such as France's responsabilite du fait des choses or Germany's Produkthaftungsgesetz. Organizations operating across member states should monitor transposition in each market.
Check your AI compliance readiness — free.
Take the Readiness Check 3 minutes · 10 questions · no signup requiredThis article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.