Data & Privacy
AI & Trust
Cybersecurity
Digital Services & Media
CHAPTER I
GENERAL PROVISIONSArticles 1 — 4
CHAPTER II
SPECIFIC PROVISIONS ON LIABILITY FOR DEFECTIVE PRODUCTSArticles 5 — 11
CHAPTER III
GENERAL PROVISIONS ON LIABILITYArticles 12 — 17
CHAPTER IV
FINAL PROVISIONSArticles 18 — 24
ANNEXES
In the transition from a linear to a circular economy, products are designed to be more durable, reusable, repairable and upgradable. The Union is also promoting innovative and sustainable forms of production and consumption that prolong the functionality of products and components, such as remanufacturing, refurbishment and repair, as set out in the communication of the Commission of 11 March 2020 entitled ‘A new Circular Economy Action Plan – For a cleaner and more competitive Europe’. When a product is substantially modified and is thereafter made available on the market or put into service, it is considered to be a new product. Where the modification is made outside the control of the original manufacturer, it should be possible to hold the person that made the substantial modification liable as a manufacturer of the modified product, since under relevant Union law that person is responsible for the product’s compliance with safety requirements. Whether a modification is substantial should be determined on the basis of criteria laid down in relevant Union and national product safety law, including Regulation (EU) 2023/988. Where no such criteria are laid down in respect of the product in question, modifications that change the original intended functions of the product or affect its compliance with applicable safety requirements or change its risk profile should be considered to be substantial modifications. Where a substantial modification is carried out by the original manufacturer, or within its control, and where such a substantial modification makes the product defective, that manufacturer should not be able to avoid liability by arguing that the defectiveness came into being after it placed the product on the market or put it into service. In the interests of a fair apportionment of risk in the circular economy, an economic operator that makes a substantial modification, other than the original manufacturer, should be exempted from liability if that economic operator can prove that the damage is related to a part of the product not affected by the modification. Economic operators that carry out repairs or other operations that do not involve substantial modifications should not be subject to liability under this Directive.
Since products can be designed in a manner that allows modifications to be made through changes to software, including upgrades, the same principles should apply to modifications made by way of a software update or upgrade as apply to modifications made in other ways. Where a substantial modification is made through a software update or upgrade, or due to the continuous learning of an AI system, the substantially modified product should be considered to be made available on the market or put into service at the time that modification is actually made.
In the interest of a fair apportionment of risk, economic operators should be exempted from liability if they can prove the existence of specific exonerating circumstances. They should not be liable where they can prove that a person other than themselves caused the product to leave the manufacturing process against their will or that compliance with legal requirements was precisely the reason for the product’s defectiveness.
The moment of placing on the market or putting into service is normally the moment when a product leaves the control of the manufacturer, while for distributors it is the moment when they make the product available on the market. Manufacturers should therefore be exempted from liability where they prove that it is probable that the defectiveness that caused the damage did not exist when they placed the product on the market or put it into service or that the defectiveness came into being after that moment. However, since digital technologies allow manufacturers to exercise control beyond the moment of placing the product on the market or putting into service, manufacturers should remain liable for defectiveness that comes into being after that moment as a result of software or related services within their control, be it in the form of updates or upgrades or machine-learning algorithms. Such software or related services should be considered to be within the manufacturer’s control where they are supplied by that manufacturer or where that manufacturer authorises them or otherwise consents to their supply by a third party. For example, if a smart television is presented as including a video application, but the user is required to download the application from a third party’s website after the purchase of the television, the television manufacturer should remain liable, alongside the manufacturer of the video application, for damage caused by any defectiveness of the video application, even though the defectiveness came into being only after the television was placed on the market.
The possibility for economic operators to avoid liability by proving that the defectiveness came into being after they placed the product on the market or put it into service should be restricted when a product’s defectiveness consists in the lack of software updates or upgrades necessary to address cybersecurity vulnerabilities and maintain the safety of the product. Such vulnerabilities can affect the product in such a way that it causes damage within the meaning of this Directive. In recognition of manufacturers’ responsibilities under Union law for the safety of products throughout their lifecycle, such as under Regulation (EU) 2017/745 of the European Parliament and of the Council , manufacturers should also not be exempted from liability for damage caused by their defective products when the defectiveness results from their failure to supply the software security updates or upgrades that are necessary to address those products’ vulnerabilities in response to evolving cybersecurity risks. Such liability should not apply where the supply or installation of such software is beyond the manufacturer’s control, for example where the owner of the product does not install an update or upgrade supplied for the purpose of ensuring or maintaining the level of safety of the product. This Directive does not impose any obligation to provide updates or upgrades for a product.
In the interests of a fair apportionment of risk, economic operators should be exempted from liability if they prove that the state of scientific and technical knowledge, determined with reference to the most advanced level of objective knowledge accessible and not to the actual knowledge of the economic operator in question, during the period in which the product was within the manufacturer’s control, was such that the existence of the defectiveness could not be discovered.