Artificial IntelligenceShared Stakes: What the EU Product Liability Directive’s New Rules Mean for AI and You

On 8 December 2024, the revised EU Product Liability Directive (PLD) came into force, bringing transformative changes to how liability for AI systems, software, and products is defined and enforced. This update reflects the EU’s commitment to protecting consumers in the digital age while ensuring manufacturers and businesses adapt to the risks of new technologies.

If your organization develops, uses, or distributes AI systems, software, or digitally connected products, this directive has significant implications for your operations, compliance practices, and risk management strategies. Here’s what you need to know.

The Ripple Effect

The directive applies to a wide range of stakeholders involved in the lifecycle of AI systems, software, and physical products.

Key Parties Affected:

1. Manufacturers: Including AI providers, who are liable for defects, even those emerging post-deployment (e.g., from updates or evolving AI behavior).
2. Importers and Authorized Representatives: When the manufacturer is outside the EU, these entities are held accountable.
3. Fulfillment Service Providers: Responsible when no EU-based manufacturer, importer, or representative is available.
4. Distributors: Liable if no other responsible party can be identified or if they fail to provide manufacturer details.
5. Online Platforms: Platforms acting as manufacturers or intermediaries may face liability, particularly under conditions outlined in the Digital Services Act (DSA).
6. Organizations Using AI: Businesses that integrate or use AI systems need to meet safety requirements, as failures could result in liability presumptions under the directive.

Who Can File Claims?

• Any individual who suffers damage caused by a defective product (e.g., physical harm, property damage, or data loss) can file a claim for compensation.
• While the directive doesn’t cover corporate victims, some EU countries extend similar rules to companies.

Regions and Countries Affected

The directive applies across all EU member states, impacting:

• Businesses headquartered in the EU.
• Non-EU businesses that sell products or operate services in the EU (e.g., through an importer, distributor, or fulfillment service provider).

The directive also emphasizes liability across global value chains, ensuring an EU-based liable party is available for claims, even if the manufacturer is outside the EU.

From Risk to Responsibility

The directive introduces several critical changes, particularly for those involved in AI systems and software:

1. Liability for Post-Market Defects

• Manufacturers can be held accountable for defects that appear after deployment, especially those arising from updates, upgrades, or evolving AI behavior.
• Organizations must adopt lifecycle risk management, including monitoring systems post-deployment and implementing effective update processes.

2. AI Literacy as a Compliance Requirement

• Organizations are expected to ensure their staff possess sufficient AI literacy, aligning with the AI Act (effective February 2025).
• Failure to provide training could expose businesses to liability, making AI education a business imperative.

3. Supply Chain Accountability

• The directive holds manufacturers, distributors, and intermediaries accountable, emphasizing the importance of clear contracts that define responsibilities for defects.
• Software providers integrated into larger systems could face liability, encouraging stronger warranties and risk-sharing agreements.

4. Compliance and Governance

• A proactive approach to risk management and compliance is essential. Organizations must:
  • Reassess contracts with suppliers and partners.
  • Ensure alignment with EU regulations like the AI Act and Digital Services Act.
  • Invest in tools and processes to track and mitigate potential risks throughout a product’s lifecycle.

Reshaping Liability

The EU Product Liability Directive is a call to action for risk, security, and compliance teams to rethink how they manage AI, software, and digital products. To stay ahead of the curve, here’s what your team should prioritize right now:

1. Strengthen AI Governance Frameworks

• Assess Your AI Landscape: Map out where AI is being used across your organization and identify risks tied to system updates, upgrades, and evolving AI behavior.
• Implement AI Policies: Establish clear governance policies that align with the directive and ensure AI systems meet mandatory safety standards under the AI Act.

2. Build AI Literacy Across Teams

• Invest in Training: Equip your staff with the skills to understand, operate, and oversee AI systems. AI literacy isn’t just for IT—it’s essential for anyone involved in decision-making and compliance.
• Embed AI Education: Make training an ongoing initiative, focusing on how AI impacts risk, compliance, and liability.

3. Rethink Contracts and Risk-Sharing Agreements

• Revisit Existing Contracts: Ensure agreements with suppliers, integrators, and distributors include clear liability clauses for post-market defects and updates.
• Incorporate Risk Provisions: Add robust warranties, indemnities, and escalation processes to protect your organization from unexpected liabilities.

4. Enhance Post-Market Risk Monitoring

• Establish Monitoring Protocols: Create a system to track AI and software performance after deployment, focusing on updates and evolving risks.
• Conduct Regular Audits: Implement regular reviews of AI systems to ensure compliance and address potential defects before they escalate.

5. Prepare for Legal and Regulatory Scrutiny

• Stay Ahead of the AI Liability Directive: Begin preparing for the forthcoming AI Liability Directive, which will likely make it easier for claimants to bring AI-related liability claims.
• Document Everything: Maintain thorough records of your AI systems’ development, updates, and risk assessments to demonstrate due diligence in case of legal challenges.

6. Leverage Scenario Planning and Simulations

• Test Your Response Capabilities: Use scenario planning, Microsimulations or tabletop exercises to model potential liability scenarios, such as AI system failures or post-market defects.
• Identify Weak Points: Pinpoint vulnerabilities in your supply chain or product lifecycle and address them proactively.

Shared Stakes Ahead

The directive has entered into force, but there are key dates and steps ahead:

1. Transposition Deadline:
   • EU member states must incorporate the directive into their national laws by 9 December 2026.
2. Applicability Timeline:
   • The directive will apply to products placed on the market from 9 December 2026 onward.
   • The 1985 directive remains applicable for products placed on the market before this date.
3. AI Liability Directive in Progress:
   • A complementary AI Liability Directive is expected, further streamlining AI-related claims. Organizations should monitor developments to prepare for additional compliance requirements.
4. Organizational Action Steps:
   • Review and update contracts to align with the new liability framework.
   • Implement AI literacy training to meet AI Act mandates.
   • Enhance post-market risk management strategies, including monitoring, updates, and compliance checks.

Preparing for the Future

The EU Product Liability Directive reflects a bold move toward protecting consumers in the digital age while ensuring businesses remain accountable. For organizations, particularly those using or developing AI systems, the directive emphasizes the need for proactive compliance, robust risk management, and clear contractual terms across supply chains.

As the deadline for EU adoption approaches, now is the time to assess your contracts, policies, and operational approaches to ensure you’re ready for this new era of AI liability.