Digitization of products raises new liability issues. The Product Liability Directive 85/374/EEC, in force since 1985, does not fully take into account the specific risks of digital products. Among other things, there was a lack of sufficiently clear rules on liability for products containing software or software components. The European Commission therefore presented a draft for a new version of the Product Liability Directive (ProdHaftRL) on September 28, 2022, to be adopted by the Council on October 10, 2024. ProdHaftRL will completely replace the current directive.
Advertisement
The core of the Product Liability Directive is claims for damages caused by defective products. The legal situation is becoming more difficult, especially for software manufacturers: Whereas previously it was controversial whether software constituted a product in the sense of product liability, ProdHaftRL now explicitly extends liability even for stand-alone software. Provides. Other innovations relate, inter alia, to the definition of fault, compensable damages and the distribution of the burden of proof.
PS5 Pro, the most powerful PlayStation console, is now on sale
Christina Kiefer is a lawyer and associate in the Digital Business Unit at Reuschlaw.
Expanding the field of application
ProdHaftRL expands the scope of application compared to its predecessor regulation. Apart from movable assets and raw material power, it now also records digital construction documents and software. It is irrelevant whether the Software is installed on a device or provided as Software-as-a-Service. In the event of errors in integrated software, not only the final manufacturer of the final product, but also the software manufacturer as the manufacturer of the so-called component is liable. Connected services such as voice assistants are also considered components if their integration into the product is under the control of the manufacturer.
Among other things, a sector exception exists for open source software: in order not to hinder innovation and research, free and open source software developed and offered outside commercial activity is exempted from liability, although The scope of this exception is similar to that exception currently being discussed in the Cyber Resilience Act (CRA). As a result, the Product Liability Directive leads to broad liability of the (software) manufacturer for defective products – even if they have a direct contractual relationship with the injured party.
If a product does not meet legitimate safety requirements it is defective. ProdLiftRL provides new criteria for assessing defects. The learnability of the product or its potential use with other products should be taken into account. Lack of cybersecurity and hence, among other things, violations of the new CRA can now lead to product defects. Liability for defective products is also extended in terms of time. According to the Product Liability Directive, the manufacturer is no longer liable only until the product reaches the user. What matters is when the product leaves “the control of the manufacturer.” However, as long as the manufacturer is able to provide software updates, it retains control and can be held liable for any errors that occur.
Expansion of responsible economic actors
As before, the manufacturer and semi-manufacturer of the product or component are the primary recipients of the liability. If the manufacturer is not located within the EU, the importer and the manufacturer’s authorized representative and, if there is neither an importer nor an authorized representative, the fulfillment service provider are liable. If these are also not available, suppliers and providers of online platforms can be used.
Claims for damages obviously include all financial losses and also include non-physical damages, insofar as these are compensable under national law. Destroying or damaging data that is no longer used for business purposes is also now recognized as loss. Medically recognized impairment of mental health is now also considered a personal injury. For damage to items other than the defective product, the previous deduction of 500 euros does not apply. The previous maximum liability limit of EUR 85 million for damages arising from death or personal injury has also been removed, meaning greater relief for the injured and strictures on liable economic actors.
Taking into account the difficulties in proving product defects or the cause of their damage, ProdLiftRL offers procedural simplifications. If the plaintiff has presented facts and evidence that make the claim credible, the court may order the defendant to disclose the evidence. The product is considered defective if the injured party proves that the product does not meet statutory product safety requirements. The same applies if the defendant has not fulfilled his obligation to disclose relevant evidence.
conclusion
Once the Product Liability Directive comes into force, Member States are obliged to implement it within two years. Since non-compliance with legal safety requirements will result in product malfunction, manufacturers should use time to implement new legal safety requirements such as CRA to avoid liability risks. Particularly in the case of products containing digital elements and software, it should be noted that bringing them to the market is not a turning point after which responsibility ends. Rather, manufacturers must use measures such as security updates to ensure that products remain error-free. But other market participants such as importers should also check whether they can be claimed.
(For)
AI in software development: A look at a future without program code
