Product Liability in the Era of New and Emerging Technology: Changes on the Horizon
Changes to the Product Liability Directive are on the horizon in response to AI and emerging technologies.

 

Liability for defective products is governed in Ireland by the Liability for Defective Products Act 1991 (1991 Act), which transposed the EU legal framework laid down in the Product Liability Directive 85/374/EEC (Directive). 

The Directive and the 1991 Act establish that where a consumer can prove, in the absence of limited exonerating circumstances, the existence of a defect, resulting damage and a causal link between their damage and the defect, strict liability will be imposed on the manufacturer (or in certain circumstances the importer of the defective product). 

While it is broadly accepted that the Directive applies in principle to products incorporating Artificial Intelligence (AI), it falls short of adequately dealing with the complexities of these products due to advancements in digital technologies and how AI affects the operation of products. 

For several years the Commission has been working on an initiative to adapt product liability rules to the digital age and AI.  A public consultation on the topic was open from October 2021 until January 2022. On 28 September 2022 the Commission adopted two proposals for Directives; on Liability for Defective Products (Revised Directive) and on AI Liability. 

How might the existing framework change?

The Revised Directive seeks to:

  • Modernise liability rules for circular economy businesses so that economic operators who make substantial modifications to a product can be liable when those modified products are defective and cause damage. However, they may also be exempted from liability if they can prove the damage is related to a part of the product not affected by the modification.
  • Compensate for damage where products incorporating AI are made unsafe by software updates or services needed to operate the product, as well as failure of the manufacturer to address cybersecurity vulnerabilities.
  • Ensure there will always be a business in the EU that will be liable for harm caused by unsafe products even when the product is imported from outside the EU. Where there are no EU-importers or authorised representatives to sue, the Revised Directive allows for claims to be brought against "fulfilment service providers", which involves warehousing, packaging, addressing and dispatch services.
  • Provide a level playing field for consumers and manufacturers by requiring manufacturers to disclose evidence, introducing more flexibility to the time restrictions to introduce claims, and by alleviating the burden of proof for victims in complex cases.  

A closer look at the Revised Directive

The proposed Revised Directive, of which key aspects are discussed in more detail below, seeks to encourage the roll-out and uptake of new technologies, including AI, and ensure that consumers can enjoy the same level of protection irrespective of the technology involved. 

  • Definition of "Damage"
    The definition of damage under the Directive already includes damage caused by death, personal injury, and damage to property. This definition has now been extended to include "medically recognised harm to psychological health" and "loss or corruption of data that is not used for professional purposes". 
  • Definition of "Product"
    The Revised Directive confirms that software is a "product" for the purposes of applying no-fault liability, irrespective of its supply or usage, even where it is stored on a device or accessed through cloud technologies. It also expressly provides that developers or producers of software, including AI system providers, should be treated as manufacturers, thereby bringing both software and software developers unequivocally within the scope of the Revised Directive. 
  • Manufacturer liability for software updates 
    The Revised Directive maintains the position regarding liability exemption for manufacturers where they prove that it is probable that the defect that caused the damage did not exist when they placed the product on the market or put it into service.  However, the Revised Directive also provides that manufacturers will be liable for defects that occur after the product is placed on the market or put it into service because of software or related services within their control, in the form of upgrades or updates or machine-learning algorithms. Liability also extends to manufacturers where a defect consists of the lack of software updates or upgrades necessary to address cybersecurity vulnerabilities and maintain the product's safety.  
  • Burden of proof
    Injured persons must prove damage, defectiveness and establish a causal link between the defect and the damage.  In order to facilitate an injured parties access to evidence which is required to investigate/prove their claim the Revised Directive requires manufacturers to disclose how a product was produced and how it operates (with appropriate protections put in place where trade secrets are involved). If this obligation has not been complied with, the national court should presume the defectiveness of a product. 

    Furthermore, the Revised Directive introduces rebuttable presumptions of fact to alleviate the consumer's evidential difficulties. In cases where it would be excessively difficult for the consumer to prove defectiveness and/or the causal link, and where requiring such proof would undermine the effectiveness of the right to compensation, national courts should presume the defectiveness of the product and/or the causal link, irrespective of the defendant’s disclosure of information. As such, given that manufacturers have expert knowledge and are better informed than the injured person, it should be for them to rebut the presumption. The factors to be considered include the complex nature of the product, such as an innovative medical device.
  • Assessment of defectiveness – subjective or objective?
    The recitals to the Revised Directive require assessment of the product's defectiveness by reference to the safety which the public at large is entitled to expect, rather than its fitness for use. However, this appears at odds with Article 6(1)(h) which states that "the specific expectations of the end-users for whom the product is intended" should be taken into account.
  • Limitation periods 
    The Revised Directive maintains the ten-year liability period, post placing on the market, for producers of defective products. On expiry of the ten-year period, the producer is no longer liable for the defective product.  However, consumers will enjoy an additional five-year period of cover in cases where symptoms of personal injury are slow to emerge e.g., on ingestion of a defective chemical. This effectively increases the 10-year limit to 15-years. Further, the point where the clock starts to run may differ in cases where a product has been modified substantially outside the control of the original manufacturer and is considered a new product. In such cases, the ten-year limit is triggered at the date of the substantial modification rather than the date it was originally placed on the market. 

The proposed reforms will be significant for customers and producers or importers of health and digital health products. The Commission's proposal will now need to be adopted by the European Parliament and the Council before coming into force. 

For more information on any of the matters discussed in this article, please contact Mary Cooney, or your usual William Fry contact. 

 

Contributed by Grainne Carr

 

 

Key Contacts

Mary Cooney Partner

Margaret Muldowney Consultant

Related Practice Areas