AI Sigil Logo
Contact Us
Back to all insights
A broken robot

Sections

New Product Liability Challenges for AI Innovations

New Product Liability Risks for AI Products

The new EU Product Liability Directive 2024/2853 came into force on 8 December 2024, marking a significant milestone for consumer redress. This directive aims to modernize the product liability rules and remove obstacles for consumers, fundamentally altering the current product liability risk landscape for companies utilizing AI in their products, such as medical applications.

Strict Liability Regardless of Fault

The new Product Liability Directive applies to all companies placing products on the EU market. It replaces the existing Product Liability Directive 85/374/EEC, which has been in effect for nearly 40 years. This framework establishes when companies are liable for damages caused by defects in their products. A product is deemed defective when it fails to provide the level of safety that consumers are entitled to expect. Importantly, the directive maintains a standard of strict liability, meaning consumers do not need to prove negligence or fault on the part of the company. Liability requires only that:

  • A product was defective
  • A person suffered damage
  • There was a causal link between the defect and the damage

Software and AI Integrated Products Under New Rules

The classification of software as a product within the realm of product liability law has been a contentious issue. The new EU Product Liability Directive aims to resolve this ambiguity by explicitly classifying software and AI-integrated products as “products”. This classification applies to software embedded within another product (e.g., a radiotherapy device) or software connected to another product (e.g., digital health monitoring services leveraging physical product sensors for data collection).

Liability for Insufficient Updates and Cybersecurity Weaknesses

The directive clarifies that manufacturers and providers of digital products, such as AI applications, may be held liable for damages resulting from faulty software updates or vulnerabilities in the product’s cybersecurity. This expands the scope of product liability beyond the moment of market entry.

Furthermore, the definition of defect in the new Product Safety Directive places greater emphasis on compliance with safety regulations, including those set forth by the AI Act. Non-compliance or actions by regulatory authorities, such as product recalls, may indicate a defect in the product.

Adapting Product Liability to the Digital Age

The new directive seeks to update product liability rules to reflect the realities of the digital age. Significant amendments for digital products allow claimants to pursue broader damages, including claims for data destruction or corruption. Additionally, previous deductibles and maximum liability limits have been removed.

Presumption of Product Defect in Complex Cases

One of the directive’s aims is to facilitate consumer redress by easing the burden of proof for claimants. A presumption of defectiveness and a causal link will be established if:

  • Proof is “excessively difficult” due to the technical or scientific complexity of the product
  • A product defect and/or causality is at least “likely”

This provision is particularly crucial for AI products, where proving a defect may be challenging due to the complexity and opacity of their functionality (often referred to as the black box problem). The onus will then be on the company to refute the presumption.

Moreover, courts can mandate defendants to disclose relevant evidence if the injured party presents a sufficiently plausible claim for damages, addressing potential disadvantages faced by claimants in accessing information regarding product manufacturing and operation. However, measures will be implemented to protect the defendant’s business secrets.

Withdrawal of the EU Plans for an AI Liability Directive

The European Commission’s initial proposal for an AI Liability Directive in September 2022 has since stalled, leading to its withdrawal from the legislative agenda on 11 February 2025. This decision highlights the challenges of reaching an agreement on the proposal. The new Product Liability Directive will therefore take precedence in covering software and AI products.

Conclusion and Preparations for 2025

The new EU Product Liability Directive introduces a more claimant-friendly liability regime, reducing legal certainty for businesses. This shift could significantly impact companies producing AI medical devices, making it easier for consumers to file claims within the EU for defective products, especially in cases where complexities hinder evidential clarity.

The directive must be implemented by Member States by 9 December 2026, while the old Product Liability Directive will remain applicable to products already on the market. Companies are advised to utilize this period to conduct comprehensive risk assessments, particularly concerning cybersecurity protections. Establishing regulatory compliance, including adherence to the AI Act, will be critical. Furthermore, companies should reassess their product liability risk profiles, insurance coverage, and existing monitoring and recall systems.

More Insights

A globe with a digital lock

US Rejects UN’s Call for Global AI Governance Framework

November 23, 2025 AI,Artificial Intelligence Governance,Global Collaboration,International Policy
U.S. officials rejected the establishment of a global AI governance framework at the United Nations General Assembly, despite broad support from many nations, including China. Michael Kratsios of the...
Read More
A digital lock

Agentic AI: Managing the Risks of Autonomous Systems

November 23, 2025 AI,AI Governance,Artificial Intelligence Governance,Regulatory Compliance
As companies increasingly adopt agentic AI systems for autonomous decision-making, they face the emerging challenge of agentic AI sprawl, which can lead to security vulnerabilities and operational...
Read More
A puppet

AI as a New Opinion Gatekeeper: Addressing Hidden Biases

November 23, 2025 AI,AI Ethics,AI Governance,AI Regulation Awareness
As large language models (LLMs) become increasingly integrated into sectors like healthcare and finance, a new study highlights the potential for subtle biases in AI systems to distort public...
Read More
A blueprint to illustrate the structured approach to creating regulatory frameworks.

AI Accountability: A New Era of Regulation and Compliance

November 23, 2025 AI,AI Accountability,AI Regulation,Regulatory Compliance
The burgeoning world of Artificial Intelligence (AI) is at a critical juncture as regulatory actions signal a new era of accountability and ethical deployment. Recent events highlight the shift...
Read More
A blueprint

Choosing Effective AI Governance Tools for Safer Adoption

November 23, 2025 AI,AI Governance,AI Regulation Awareness,Regulatory Compliance
As generative AI continues to evolve, so do the associated risks, making AI governance tools essential for managing these challenges. This initiative, in collaboration with Tokio Marine Group, aims to...
Read More
A network globe illustrating global consensus and collaboration on AI governance.

UN Initiatives for Trustworthy AI Governance

November 23, 2025 AI,AI Governance,AI Regulation,Global AI Policy
The United Nations is working to influence global policy on artificial intelligence by establishing an expert panel to develop standards for "safe, secure and trustworthy" AI. This initiative aims to...
Read More
A compass

Data-Driven Governance: Shaping AI Regulation in Singapore

November 23, 2025 AI,AI Ethics,AI Governance,Technology Policy
The conversation between Thomas Roehm from SAS and Frankie Phua from United Overseas Bank at the SAS Innovate On Tour in Singapore explores how data-driven regulation can effectively govern rapidly...
Read More
A roadmap

Preparing SMEs for EU AI Compliance Challenges

November 23, 2025 AI,AI Governance,AI Regulation Awareness,EU Compliance
Small and medium-sized enterprises (SMEs) must navigate the complexities of the EU AI Act, which categorizes many AI applications as "high-risk" and imposes strict compliance requirements. To adapt...
Read More
A digital lock – representing security and control over AI systems.

Draft Guidance on Reporting Serious Incidents Under the EU AI Act

November 23, 2025 AI,AI Regulation,EU Compliance,Regulatory Frameworks
On September 26, 2025, the European Commission published draft guidance on serious incident reporting requirements for high-risk AI systems under the EU AI Act. Organizations developing or deploying...
Read More