The revised EU Product Liability Directive (Directive 2024/2853) explicitly includes software and AI systems within the definition of "product," subjecting AI providers to strict (no-fault) liability for damage caused by defective AI. It introduces a presumption of defectiveness when a product does not comply with mandatory safety requirements, and extends liability to cover data loss and psychological harm.
Product Liability and AI Systems: The Revised EU Product Liability Directive
Why the Product Liability Directive Was Revised
The original Product Liability Directive (85/374/EEC) predated modern software and AI. Courts struggled with whether software constituted a "product" (a movable item) or a "service." The revised Directive (2024/2853) resolves this by explicitly including software, including AI systems, in the product definition (Article 4(1)). This means providers of AI systems face strict liability: a claimant need not prove fault, only that the product was defective and caused damage.
Definition of Defect in AI Systems
Article 6 defines a product as defective when it does not provide the safety a person is entitled to expect. For AI systems, relevant factors include: the product's presentation and marketing claims, reasonably foreseeable use and misuse, the effect of the product's ability to continue learning after deployment, the effect of other products reasonably expected to be used with the AI system, the moment the product was placed on the market or put into service, and mandatory product safety requirements including those in the AI Act. An AI system that fails to meet AI Act requirements for its risk category benefits from a presumption of defectiveness under Article 9(3).
Scope of Liable Parties
The Directive identifies several categories of economic operators who can face liability. The manufacturer (or AI provider who places the system on the EU market) bears primary liability. Importers and authorized representatives face liability if the manufacturer is outside the EU. Fulfilment service providers can be liable in certain circumstances. Notably, providers of AI systems that substantially modify a product already on the market become manufacturers of the modified product.
| Liable Party | Condition | Practical Example |
|---|---|---|
| Manufacturer / Provider | Placed product on EU market | Company developing and selling an AI diagnostic tool |
| Importer | Non-EU manufacturer | EU distributor importing US-developed AI software |
| Authorized representative | Designated by non-EU manufacturer | EU entity appointed under AI Act Article 22 |
| Component supplier | Defective component caused the damage | Provider of a pre-trained model integrated into a product |
| Substantial modifier | Modification affects safety | Fine-tuning a foundation model for medical use |
Damages Covered
The revised Directive expands recoverable damages beyond the original scope. It now covers: death and personal injury (including medically recognized psychological harm), damage to or destruction of property, and loss or corruption of data that is not used exclusively for professional purposes. The EUR 500 threshold for property damage claims is abolished. This is significant for AI systems: an algorithmic error that corrupts a consumer's personal data files now gives rise to a product liability claim.
Burden of Proof and Presumptions
While strict liability removes the need to prove fault, the claimant must still prove the defect, the damage, and the causal link. The revised Directive eases this burden for complex products including AI. Article 9 establishes that a court shall presume defectiveness when: (a) the defendant fails to comply with a disclosure obligation; (b) the claimant establishes that the product does not comply with mandatory safety requirements; or (c) the damage was caused by an obvious malfunction during normal use. For AI systems, proving the internal defect is often impossible without the provider's cooperation, making the disclosure-related presumption particularly powerful.
Interaction with AI Act Conformity
Compliance with the AI Act's requirements for high-risk systems (conformity assessment, CE marking, quality management) provides a defense argument but does not create immunity. A product can comply with regulatory requirements and still be defective if it fails to meet the legitimate safety expectations of consumers. However, non-compliance with AI Act requirements creates a near-automatic presumption of defectiveness under Article 9(3), effectively making AI Act compliance a minimum floor for product liability defense.
Post-Market Obligations and Continuing Liability
AI systems that learn or update after deployment raise unique product liability questions. Article 6(1)(c) explicitly accounts for the product's ability to continue learning. A provider who deploys an AI system with continuous learning capabilities remains liable for defects arising from that learning, even post-deployment. This necessitates robust post-market monitoring systems, the ability to roll back updates, and clear documentation of the system's behavior envelope at deployment and after each significant update.
Check your AI compliance readiness — free.
Take the Readiness Check 3 minutes · 10 questions · no signup requiredThis article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.