AI as product vs. AI as service: Unpacking the liability divide in EU safety legislation

The European Union has responded to the disruptive potential of widespread AI integration into everything from health care to finance with a robust wave of legal and regulatory reforms. 

At the heart of this evolving legal landscape lies a pivotal question: Should AI systems be classified as products or services? This is not a matter of semantics. The answer carries significant consequences for how liability is assigned, how consumers are protected, and how safety standards are enforced throughout the AI lifecycle.

The now-withdrawn AI Liability Directive, originally proposed in 2022, sought to harmonize fault-based liability rules across member states, addressing the fragmented landscape of national tort laws. Its aim was to adapt non-contractual civil liability frameworks to the unique characteristics of AI systems — especially those deemed high-risk under the EU AI Act. By introducing mechanisms such as a rebuttable presumption of causality and enhanced access to evidence, the directive attempted to ease the burden of proof for claimants harmed by AI-driven decisions. 

However, with its formal withdrawal in early 2025, the EU has left a regulatory vacuum in fault-based liability for AI. The revised Product Liability Directive now extends strict liability for defective products to include software and AI systems, but it does not address negligence or unlawful conduct. This raises critical questions about how courts and regulators will navigate the dichotomy between product-based and service-based AI and how liability will be assigned in the absence of harmonized fault-based rules.

AI as product under EU Law: The rise of strict liability and the role of the Product Liability Directive