Product Liability Directive

Purpose: The new Product Liability Directive modernizes the EU liability framework, replacing the Product Liability Directive from 1985. The new Directive addresses the challenges posed by digitalization and artificial intelligence. It further enhances consumer protection and expands the responsibilities of companies placing products on the EU market. The primary objective of the Product Liability Directive is to adapt liability rules to the digital era, explicitly covering software, AI systems and digital services. It also aims to ensure the proper functioning of the internal market while ensuring a high level of protection of consumers and improved legal certainty for businesses.

Impact for Norway: As a member of the EEA, Norway must implement the Directive into national law, which will significantly affect Norwegian companies. The Directive broadens the scope of companies subject to liability, and what constitutes a “product”. Norwegian companies must therefore assess whether they fall under the new rules and adjust their product liability and compliance strategies accordingly.

Scope: The Directive applies to all products placed on the EU market or put into service as of 9 December 2026. The definition of a “product” has been widened and now includes:

• Embedded and standalone software, excluding non-commercial open-source software
• Digital manufacturing files (e.g. files for 3D printers)
• Digital services integrated in or connected to a product, necessary for its functionality (e.g. the navigation services in an autonomous vehicle)
• Components of a product
• AI systems and AI integrated products
• Extensively modified products, (e.g. through remanufacturing)

As per the previous Product Liability Directive, the manufacturer of a defective product is liable for damage caused by the defective product. This Directive further widens the scope of economic operators that can be liable for damage, and includes the following operators:

• Manufacturers of a defective component
• Manufacturers of a substantially modified product outside of the control of the original manufacturer
• Importers and authorized representatives of the manufacturer established outside of the EU
• Online platforms acting as economic operators

Compensation under the Directive only applies to individuals seeking compensation.

Core obligations: As with the previous Product Liability Directive a company is liable when:

• The product is defective,
• The claimant has suffered damage, and
• There is a causal link between the defect and the damage

The damage does not have to arise from negligence or fault of the company. In the updated Directive, psychological harm is included as a type of damage liability can arise from, as well as damage resulting from the destruction or loss of data that are not used for professional purposes. The Directive has further removed any liability cap for individuals seeking compensation.

Another new feature of the updated Directive is that manufacturers can now be liable for any defect that existed at the moment the software or AI system was released, but became apparent after their release, as a result of software updates, weak cybersecurity or machine learning features.

In assessing whether a product is defective, the relevant product safety requirements must be considered. This entails that companies must ensure that their products comply with the safety requirements set out in regulations such as the AI Act.

While the burden of proof still lies with the individual seeking compensation, the Directive introduces a presumption of defectiveness in cases where:

• The company fails to disclose relevant evidence
• The individual demonstrates that the product does not comply with mandatory product safety rules laid down in Union or national law, such as the AI Act
• The damage was caused by an obvious malfunction of the product under ordinary use and circumstances
• The individual has excessive difficulties, due to the technical complexity of the product, in proving the defectiveness of the product

This presumption is highly relevant for manufacturers of products that use AI, as these products are often technically and scientifically complex, which causes a so called “Black Box” effect, where the complexity and lack of transparency of such products makes it difficult to assess how the AI system makes its decisions, and whether the product defect is linked to the AI system.

Additionally, the companies that risk liability are obliged to disclose relevant evidence, if the injured party has made a relevant claim for damages, in an easily accessible and easily understandable manner. Businesses should therefore establish routines to comply with these obligations.

Finally, economic operators are liable for their defective products for a 10-year period after the product was placed on the market.  In the case of a substantially modified product, the period of liability will run for 10 years after the substantially modified product was put on the market again. For certain latent injuries, the liability period has been extended to a period of 25 years.