Introduction to Resource Center
This page provides an overview of the IAPP's Resource Center offerings.

Contact Resource Center
For any Resource Center related inquiries, please reach out to resourcecenter@iapp.org.



Resource Center / Tools and Trackers / EU Product Liability Directive Reform: 101

EU Product Liability Directive Reform: 101

This chart is part of a series providing an overview of new EU legislation adopted under the European Union's Strategy for Data. The full series can be accessed here.

Published: December 2024

Contributor:

Laura Pliauškaitė

Click to View (PDF)

This chart explores the EU Product Liability Directive reform, which sets rules that govern compensation for damage suffered due to a product defect by establishing a strict liability regime. The revised directive brings four-decades old rules on product liability in line with the digital age, circular economy and global value chains. It aims to ensure consumer protection while providing legal certainty to economic operators and protecting innovation.

This resource is additionally part of a series covering the European Union’s Strategy for Data, which provides an overview of EU legislation adopted within the strategy.

Overview

EU Product Liability Directive reform

This section provides an overview of the EU Product Liability Directive reform. This resource is also available as a chart in PDF format here.

  • expand_more

    Purpose

    • The EU Product Liability Directive sets rules that govern compensation for damage suffered due to a product defect by establishing a strict liability regime. The revised directive brings four-decadesold rules on product liability in line with the digital age, circular economy and global value chains. It aims to ensure consumer protection while providing legal certainty to economic operators and protecting innovation.
  • expand_more

    Key changes

    • Expanding the definition of product to include digital manufacturing files and software, including artificial intelligence systems.
    • Expanding the definition of damage to include certain nonmaterial damages, loss and corruption of data, and removing a minimum 500 euro threshold and financial ceiling for liability.
    • Expanding the scope of potentially liable parties.
    • Introducing the presumption of defectiveness in technologically or scientifically complex cases.
    • Introducing more protection for micro and small producers of software component.
    • Extending the liability period to 25 years in exceptional cases.
  • expand_more

    Key challenges

    • Potential fragmentation across the EU member states due to transposition in national law, including regarding the exact scope and calculation of compensation.
    • Ensuring consistency with the liability rules in other instruments, such as the proposed AI Liability Directive.
    • Understanding the interplay with other instruments, such as the EU General Data Protection Regulation, Cyber Resilience Act and the AI Act.
  • expand_more

    Important dates

    • The revised directive enters into force 8 Dec. 2024.
    • Member states must incorporate the revised directive's provisions into national law by 9 Dec. 2026.
      • The revised directive applies to products placed on the EU market or put into service after 9 Dec. 2026.
    • Member states must inform the European Commission if they wish to preserve national measures derogating from the development risk defense, which limits liability of the manufacturer due to the state of the art when the product was put into circulation, by 9 Dec. 2026.
    • The Commission must evaluate the revised directive by 9 Dec. 2030 and every 5 years from then.
  • expand_more

    Relevant resources

Focus Areas

EU Product Liability Directive reform

This section dives into the focus areas of EU Product Liability Directive reform. This resource is also available as a chart in PDF format here.

  • expand_more

    Liability within the scope

    • Liability for damage suffered by consumers that is caused by defective products.
  • expand_more

    Products within the scope

    • Movables, also when integrated or interconnected with other movables or immovables, including:
      • Embedded or stand-alone software, including software as a service and AI systems. Free and open-source software developed or supplied on a noncommercial basis is excluded. Supplying software in exchange for personal data counts as commercial activity in certain instances.
      • Digital manufacturing files, such as those used for making 3D-printed goods, supplied for commercial purposes.
    • A tangible or an intangible component integrated or interconnected with the product. This includes related services, which cover integrated or interconnected digital services without which the product could not fully function. This also covers software updates and upgrades. Internet access service is not within its scope.
  • expand_more

    Damage within the scope

    • Death or personal injury, including psychological damage.
    • Damage to property used for personal purposes, excluding to the defective product itself or to a product, where damage is caused by its defective component that is incorporated into the product within the product manufacturer's control.
    • Loss and corruption of data used exclusively for personal purposes. Personal data breaches covered by the GDPR are excluded.
    • Nonmaterial damage may be covered depending on applicable national law.
  • expand_more

    Compensation within the scope

    • While material losses should be fully and properly compensated, the rules on the exact scope and calculation of compensation must be determined at a national level.
    • In case of loss and corruption of data, there may be no material loss suffered if the data can be recovered at no cost.
  • expand_more

    Manufacturer's control

    • The manufacturer is in control not only when it modifies the product or adds a component to it, but also when that is done by an approved third party. Such control includes having the ability to supply software updates or upgrades itself or via a third party.
  • expand_more

    Burden of liability

    • The manufacturers of the defective product placed on the market or put into service and of the defective component bear liability. In case such manufacturers are established outside the EU, liability falls on the importer, an authorized representative and, in their absence, the fulfilment service provider. If none of these economic operators established in the EU can be identified, liability falls on the distributors that offer the product on the market, including online platform providers in some cases.
    • When a product is substantially altered outside of the manufacturer's control and placed on the market or into service, the liability falls on the entity that modified it and introduced it into the market, unless the damage stems from the part of the product unaffected by the alteration. → When a defective component is integrated or interconnected with the product outside of the product manufacturer's control, component manufacturer bears the liability if the component itself is a product under the revised directive.
    • Multiple economic operators can be jointly and severally liable for the same damage. The right of recourse against a micro or small manufacturer of a software component may be restricted through its contractual agreement with the final product's manufacturer.
    • Entities may be exempt from liability under certain circumstances, including when:
      • The defectiveness materialized after placing the product on the market or putting it into service, except when it was caused by one of the following, as long as that is within the manufacturer's control: a substantial modification, a related service or software, including its updates, or a lack thereof.
      • The defectiveness could not be found due to the state of scientific and technical knowledge at the time the product was placed on the market or put into service, or was within the manufacturer's control, unless such liability is allowed by member state law under a derogation from development risk defense. When such law is introduced or amended, it must be specific, justified and proportionate, the Commission must be notified, and its applicability must be suspended for up to six months after such notification.
    • Liability may be reduced or dismissed when the injured party or its dependent is partially responsible for the damage caused.
    • The liability expiry period is 10 years from when the product or the modified product is placed on the market. In exceptional cases, the liability expiry period is 25 years.
    • In case none of the entities can be held liable, member states' national compensation schemes must cover the compensation.
  • expand_more

    Defectiveness

    • All factors must be considered when determining the defectiveness of a product, including:
      • The impact on the product of other products used with it, including interconnected products.
      • The impact on the product of its ability to continuously learn or obtain new features after placing on the market or putting into service.
      • Relevant product safety requirements, including safety-related cybersecurity.
  • expand_more

    Burden of proof

    • The claimant must prove the defectiveness of the product, the damage suffered and a causal link between the two.
    • The court may order the defendant to disclose the evidence at its disposal supporting the claimant's claim and vice versa, only if necessary and proportionate and if confidentiality is ensured.
    • The defectiveness, the causal link or both may be presumed in certain cases, including when it is unduly difficult to prove them due to technical or scientific complexity but their likelihood is proven, when the defectiveness is proven and the damage is typical for such defect, or when the defendant does not disclose the evidence ordered to support the claim.
  • expand_more

    Transparency

    • Member states must provide electronic access to the final judgments of the appeals or the highest courts concerning the cases related to the revised directive. The Commission must establish a public database of such judgments.
View as PDF

European Strategy for Data – Overview of New Regulations
This is a multipart series intended to provide privacy professionals with an overview of new EU legislation adopted since May 2022 under the European Union’s Strategy for Data. Each brief will depict a legislation’s objective, material and territorial scope, main requirements, enforcement, and oversight structure.
View here

Tags: Europe, Privacy Law, Privacy Operations Management, Privacy Research, Westin Research Center
Related Stories
EU Data Act: 101
This chart provides an overview of the EU Data Act. The Data Act creates new rules on who can access and use data generated in the EU across all economic sectors....
Read More
EU AI Act: 101
This chart provides an overview of the EU AI Act, which lays down a comprehensive legal framework for the development, marketing and use of AI in the EU in conformity with EU values....
Read More