14 December 2023
A political agreement between the European Parliament and the Council of the EU on the Product Liability Directive was reached today. The European Commission had proposed the updated Product Liability Directive (PLD) and a new AI Liability Directive (AILD) on 28 September 2022. These two Directives together were supposed to complement the EU AI Act. However, in the year since the Commission's proposal, only the PLD progressed through the legislative process.
The PLD is intended to enable people to hold companies liable, but it fails to protect people from harms.
Positives
The PLD makes it clear that software is a product and companies providing software can be held liable for damage. They can be held liable for damages including psychological harm and corruption of data.
Manufacturers of products will also be liable as long as they have control over the product. As we had previously written, software and AI models are updateable, and remain in control of the manufacturer after the product is placed on the market.
Furthermore, the PLD clarifies that this liability regime does not apply to free and open-source software (FOSS). This will allow FOSS to continue to flourish and developers of FOSS projects to contribute without worrying about liability.
Disappointments
The updated PLD continues to place the burden on victims instead of the manufacturer. The victims have to prove the defectiveness of the product, the damage suffered due to the product (such as AI systems) and the causal link between the two. This is challenging and will limit claims when people are harmed.
National courts could presume defectiveness and/or the causal link where the victim has difficulties to prove due to technical complexity. The AILD was supposed to alleviate a victim's difficulty in accessing evidence when they are harmed by AI systems. However, as it is unclear if the AILD will become a law, people harmed by AI systems would be entirely dependent on this possibility of presumption in the PLD being upheld by national courts. It remains to be seen how this provision will be implemented.
Development risk defence is not removed in the updated PLD. This defence allows companies to be exempt from liability if they can prove that the defect was not known according to the state of the art when the product was placed on the market. This could result in a perverse incentive in an industry like AI where the data and computing infrastructure for safety research is concentrated in industry, not in academia. Safety research could take a backseat as a result.
However, member states can choose to remove development risk defence for certain sectors and if “justified by public interest objectives”. We hope that many members states will include this provision in the national legislation.
Dr Kris Shrishak, ICCL Enforce Senior Fellow said:
"The updated Product Liability Directive is a lost opportunity for the EU. Legal clarity around software as a product and exemption for FOSS are positives. However, the failure to reverse the burden of proof for products such as AI systems is deeply concerning. And the lack of progress made by lawmakers on the AI Liability Directive means that people harmed by AI systems could be left in a limbo."