Data & Privacy
AI & Trust
Cybersecurity
Digital Services & Media
CHAPTER I
GENERAL PROVISIONSArticles 1 — 4
CHAPTER II
SPECIFIC PROVISIONS ON LIABILITY FOR DEFECTIVE PRODUCTSArticles 5 — 11
CHAPTER III
GENERAL PROVISIONS ON LIABILITYArticles 12 — 17
CHAPTER IV
FINAL PROVISIONSArticles 18 — 24
ANNEXES
Data & Privacy
AI & Trust
Cybersecurity
Digital Services & Media
1
In order to improve the proper functioning of the internal market, it is necessary to ensure that competition is not distorted and that the movement of goods is not obstructed. Council Directive 85/374/EEC lays down common rules on liability for defective products with the aim of removing divergences between the legal systems of Member States that may distort competition and affect the movement of goods within the internal market. Greater harmonisation of the common rules on liability for defective products laid down in that Directive would further contribute to the achievement of those objectives, while entailing an increased degree of protection of consumers’ and other natural persons’ health or property.
2
Liability without fault on the part of economic operators remains the sole means of adequately addressing the problem of fair apportionment of risk inherent in modern technological production.
3
Directive 85/374/EEC has been an effective and important instrument, but it would need to be revised in light of developments related to new technologies, including artificial intelligence (AI), new circular economy business models and new global supply chains, which have led to inconsistencies and legal uncertainty, in particular as regards the meaning of the term ‘product’. Experience gained from applying that Directive has also shown that injured persons face difficulties obtaining compensation due to restrictions on making compensation claims and due to challenges in gathering evidence to prove liability, especially in light of increasing technical and scientific complexity. That includes compensation claims in respect of damage related to new technologies. The revision of that Directive would therefore encourage the roll-out and uptake of such new technologies, including AI, while ensuring that claimants enjoy the same level of protection irrespective of the technology involved and that all businesses benefit from more legal certainty and a level playing field.
4
A revision of Directive 85/374/EEC would be needed in order to ensure coherence and consistency with product safety and market surveillance legislation at Union and national level. In addition, there is a need to clarify basic notions and concepts to ensure coherence and legal certainty and a level playing field in the internal market, and to reflect the recent case law of the Court of Justice of the European Union.
5
Considering the extensive nature of the amendments that would be required in order for Directive 85/374/EEC to remain effective and in order to ensure clarity and legal certainty, that Directive should be repealed and replaced with this Directive.
6
In order to ensure that the Union’s product liability regime is comprehensive, no-fault liability for defective products should apply to all movables, including software, including when they are integrated into other movables or installed in immovables.
7
Liability for defective products should not apply to damage arising from nuclear accidents, in so far as liability for such damage is covered by international conventions ratified by Member States.
8
In order to create a genuine internal market with a high and uniform level of protection of consumers and other natural persons, and to reflect the case law of the Court of Justice of the European Union, Member States should not, in respect of matters within the scope of this Directive, maintain or introduce provisions that are more stringent or less stringent than those laid down in this Directive.
9
Under the national law of Member States, an injured person could have a claim for damages on the basis of contractual liability or on grounds of non-contractual liability that does not involve the manufacturer’s liability for the defectiveness of a product as established in this Directive. This concerns for example liability based on a warranty or on fault or strict liability of operators for damage caused by the properties of an organism resulting from genetic engineering. Such national law provisions, which serve to attain, inter alia, the objective of effective protection of consumers and other natural persons, should remain unaffected by this Directive.
10
In certain Member States, injured persons are entitled to make claims for damage caused by pharmaceutical products under a special national liability system, with the result that effective protection of natural persons in the pharmaceutical sector is already achieved. The right to make such claims should remain unaffected by this Directive. Furthermore, amendments to such special liability systems should not be precluded as long as they do not undermine the effectiveness of the system of liability provided for in this Directive or its objectives.
11
Compensation schemes outside the context of liability regimes, such as national health systems, social security schemes or insurance schemes, fall outside the scope of this Directive and should therefore not be precluded. For example, some Member States have schemes in place to provide compensation in respect of pharmaceutical products that cause harm without being defective.
12
Decision No 768/2008/EC of the European Parliament and of the Council lays down common principles and reference provisions intended to apply in all sectoral product legislation. In order to ensure consistency with that Decision, certain provisions of this Directive, in particular the definitions, should be aligned therewith.
13
Products in the digital age can be tangible or intangible. Software, such as operating systems, firmware, computer programs, applications or AI systems, is increasingly common on the market and plays an increasingly important role for product safety. Software is capable of being placed on the market as a standalone product or can subsequently be integrated into other products as a component, and it is capable of causing damage through its execution. In the interest of legal certainty, it should be clarified in this Directive that software is a product for the purposes of applying no-fault liability, irrespective of the mode of its supply or usage, and therefore irrespective of whether the software is stored on a device, accessed through a communication network or cloud technologies, or supplied through a software-as-a-service model. Information is not, however, to be considered a product, and product liability rules should therefore not apply to the content of digital files, such as media files or e-books or the mere source code of software. A developer or producer of software, including AI system providers within the meaning of Regulation (EU) 2024/1689 of the European Parliament and of the Council , should be treated as a manufacturer.
14
Free and open-source software, whereby the source code is openly shared and users can freely access, use, modify and redistribute the software or modified versions thereof, can contribute to research and innovation on the market. Such software is subject to licences that allow anyone the freedom to run, copy, distribute, study, change and improve the software. In order not to hamper innovation or research, this Directive should not apply to free and open-source software developed or supplied outside the course of a commercial activity, since products so developed or supplied are by definition not placed on the market. Developing or contributing to such software should not be understood as making it available on the market. Providing such software on open repositories should not be considered as making it available on the market, unless that occurs in the course of a commercial activity. In principle, the supply of free and open-source software by non-profit organisations should not be considered as taking place in a business-related context, unless such supply occurs in the course of a commercial activity. However, where software is supplied in exchange for a price, or for personal data used other than exclusively for improving the security, compatibility or interoperability of the software, and is therefore supplied in the course of a commercial activity, this Directive should apply.
15
Where free and open-source software supplied outside the course of a commercial activity is subsequently integrated by a manufacturer as a component into a product in the course of a commercial activity and is thereby placed on the market, it should be possible to hold that manufacturer liable for damage caused by the defectiveness of such software but not the manufacturer of the software because the manufacturer of the software would not have fulfilled the conditions of placing a product or component on the market.
16
Whereas digital files as such are not products within the scope of this Directive, digital manufacturing files, which contain the functional information necessary to produce a tangible item by enabling the automated control of machinery or tools, such as drills, lathes, mills and 3D printers, should be considered to be products in order to ensure the protection of natural persons in cases where such files are defective. For example, a defective computer-assisted-design file used to create a 3D-printed good that causes harm should give rise to liability under this Directive, where such a file is developed or supplied in the course of a commercial activity. For the avoidance of doubt, it should be clarified that raw materials, such as gas and water, and electricity are products.
17
It is becoming increasingly common for digital services to be integrated into, or inter-connected with, a product in such a way that the absence of the service would prevent the product from performing one of its functions. While this Directive should not apply to services as such, it is necessary to extend no-fault liability to such integrated or inter-connected digital services as they determine the safety of the product just as much as physical or digital components. Those related services should be considered components of the product into which they are integrated or with which they are inter-connected where they are within the control of the manufacturer of that product. Examples of related services include the continuous supply of traffic data in a navigation system, a health monitoring service that relies on a physical product’s sensors to track the user’s physical activity or health metrics, a temperature control service that monitors and regulates the temperature of a smart fridge, or a voice-assistant service that allows one or more products to be controlled by using voice commands. Internet access services should not be treated as related services, since they cannot be considered as part of a product within a manufacturer’s control and it would be unreasonable to make manufacturers liable for damage caused by shortcomings in internet access services. Nevertheless, a product that relies on internet access services and fails to maintain safety in the event of a loss of connectivity could be found to be defective under this Directive.
18
Related services and other components, including software updates and upgrades, should be considered to be within the manufacturer’s control where they are integrated into, or inter-connected with, a product, or supplied, by the manufacturer or where the manufacturer authorises or consents to their integration, inter-connection or supply by a third party, for example where the manufacturer of a smart home appliance consents to the provision by a third party of software updates for the manufacturer’s appliance or where a manufacturer presents a related service or component as part of the product even though it is supplied by a third party. A manufacturer should not be considered to have consented to integration or inter-connection merely by providing for the technical possibility of integration or inter-connection or by recommending certain brands or by not prohibiting potential related services or components.
19
Once a product has been placed on the market, it should be considered to remain within the manufacturer’s control where the manufacturer retains the ability to supply software updates or upgrades itself or via a third party.
20
In recognition of the growing relevance and value of intangible assets, the destruction or corruption of data, such as digital files deleted from a hard drive, should also be compensated for, including the cost of recovering or restoring those data. The protection of natural persons necessitates compensation being available for material losses resulting not only from death or personal injury, such as funeral or medical expenses or lost income, and from damage to property, but also for destruction or corruption of data. Destruction or corruption of data does not automatically result in a material loss if the victim is able to retrieve the data at no cost, such as where a back-up of the data exists or the data can be downloaded again, or an economic operator restores or recreates temporarily unavailable data, for example in a virtual environment. Destruction or corruption of data is distinct from data leaks or breaches of data protection rules, and, consequently, compensation for infringements of Regulation (EU) 2016/679 or (EU) 2018/1725 of the European Parliament and of the Council or Directive 2002/58/EC or (EU) 2016/680 of the European Parliament and of the Council is not affected by this Directive.
21
In the interest of legal certainty, this Directive should clarify that personal injury includes medically recognised and medically certified damage to psychological health that affects the victim’s general state of health and could require therapy or medical treatment, taking into account, inter alia, the International Classification of Diseases of the World Health Organization.
22
In line with this Directive’s objective of making compensation available only to natural persons, damage to property used exclusively for professional purposes should not be compensated under this Directive. In order to address a potential risk of litigation in an excessive number of cases, the destruction or corruption of data that are used for professional purposes, even if not exclusively so, should not be compensated for under this Directive.
23
While Member States should provide for full and proper compensation for all material losses resulting from death or personal injury, or from damage to or destruction of property, and destruction or corruption of data, the rules on calculating compensation should be laid down by Member States. Furthermore, compensation for non-material losses resulting from damage covered by this Directive, such as pain and suffering, should be provided in so far as such losses can be compensated for under national law.
24
Types of damage other than those provided for in this Directive, such as pure economic loss, privacy infringements or discrimination, should not by themselves trigger liability under this Directive. However, this Directive should not affect the right to compensation for any damage, including non-material, under other liability regimes.
25
In order to protect natural persons, damage to any property owned by a natural person should be compensated for. Since property is increasingly used for both private and professional purposes, it is appropriate to provide for compensation for damage to such mixed-use property. In light of this Directive’s objective of protecting natural persons, property used exclusively for professional purposes should be excluded from its scope.
26
This Directive should apply to products placed on the market or, where relevant, put into service in the course of a commercial activity, whether in return for payment or free of charge, for example products supplied in the context of a sponsoring campaign or products manufactured for the provision of a service financed by public funds, since that mode of supply nonetheless has an economic or business character. The concept of ‘putting into service’ is relevant for products that are not placed on the market prior to their first use, as can be the case for lifts, machinery or medical devices.
28
Taking into account the increased complexity of products, of business models and of supply chains, and considering that the aim of this Directive is to ensure that consumers and other natural persons can easily exercise their right to obtain compensation in the event of damage caused by defective products, it is important that Member States ensure that competent consumer protection authorities or bodies provide all relevant information to affected consumers to enable them to effectively exercise their right to compensation in accordance with this Directive. In doing so, it is appropriate that Member States have regard to existing obligations concerning cooperation between national authorities responsible for enforcing consumer protection law, in particular the obligations under Regulation (EU) 2017/2394 of the European Parliament and of the Council . It is important that national consumer protection authorities or bodies regularly exchange any relevant information that they become aware of and closely cooperate with market surveillance authorities. Member States can also encourage the competent consumer protection authorities or bodies to provide information to consumers to enable them better to exercise their right to compensation in accordance with this Directive effectively.
29
This Directive does not affect the various means of seeking redress at national level, whether through court proceedings, non-court solutions, alternative dispute resolution or representative actions under Directive (EU) 2020/1828 of the European Parliament and of the Council or under national collective redress schemes.
30
In order to protect the health and property of natural persons, the defectiveness of a product should be determined by reference not to its fitness for use but to the lack of the safety that a person is entitled to expect or that is required under Union or national law. The assessment of defectiveness should involve an objective analysis of the safety that the public at large is entitled to expect and not refer to the safety that any particular person is entitled to expect. The safety that the public at large is entitled to expect should be assessed by taking into account, inter alia, the intended purpose, reasonably foreseeable use, presentation, objective characteristics and properties of the product in question, including its expected lifespan, as well as the specific requirements of the group of users for whom the product is intended. Some products, such as life-sustaining medical devices, entail an especially high risk of causing damage to people and therefore give rise to particularly high safety expectations. In order to take such expectations into account, it should be possible for a court to find that a product is defective without establishing its actual defectiveness, where it belongs to the same production series as a product already proven to be defective.
31
The assessment of defectiveness should take into account the presentation of the product. However, warnings or other information provided with a product cannot be considered sufficient to make an otherwise defective product safe, since defectiveness should be determined by reference to the safety that the public at large is entitled to expect. Therefore, liability under this Directive cannot be avoided simply by listing all conceivable side effects of a product. When determining the defectiveness of a product, reasonably foreseeable use also encompasses misuse that is not unreasonable under the circumstances, such as the foreseeable behaviour of a user of machinery resulting from a lack of concentration or the foreseeable behaviour of certain user groups such as children.
32
In order to reflect the increasing prevalence of inter-connected products, the assessment of a product’s safety should take into account the reasonably foreseeable effects of other products on the product in question, for example within a smart home system. The effect on a product’s safety of any ability to learn or acquire new features after it is placed on the market or put into service should also be taken into account to reflect the legitimate expectation that a product’s software and underlying algorithms are designed in such a way as to prevent hazardous product behaviour. Consequently, a manufacturer that designs a product with the ability to develop unexpected behaviour should remain liable for behaviour that causes harm. In order to reflect the fact that in the digital age many products remain within the manufacturer’s control after being placed on the market, the moment in time a product leaves the manufacturer’s control should also be taken into account in the assessment of a product’s safety. A product can also be found to be defective on account of its cybersecurity vulnerability, for example where the product does not fulfil safety-relevant cybersecurity requirements.
33
In order to reflect the nature of products whose very purpose is to prevent damage, such as a warning mechanism like a smoke alarm, the assessment of the defectiveness of such a product should take into account its failure to fulfil that purpose.
34
In order to reflect the relevance of product safety and market surveillance legislation for determining the level of safety that a person is entitled to expect, it should be clarified that relevant product safety requirements, including safety-relevant cybersecurity requirements, and interventions by competent authorities, such as issuing product recalls, or by economic operators themselves, should be taken into account in the assessment of defectiveness. Such interventions should, however, not in themselves create a presumption of defectiveness.
35
In the interests of consumer choice and in order to encourage innovation, research and easy access to new technologies, the existence or subsequent placing on the market of a better product should not in itself lead to the conclusion that a product is defective. Similarly, the supply of updates or upgrades for a product should not in itself lead to the conclusion that a previous version of the product is defective.
36
The protection of natural persons requires that any manufacturer involved in the production process can be held liable, in so far as a product or a component supplied by that manufacturer is defective. This includes any person who presents themselves as the manufacturer by putting, or authorising a third party to put, their name, trademark or other distinguishing feature on a product, since by doing so that person gives the impression of being involved in the production process or of assuming responsibility for it. Where a manufacturer integrates a defective component from another manufacturer into a product, an injured person should be able to seek compensation for the same damage both from the manufacturer of the product and from the manufacturer of the component. Where a component is integrated into a product outside the control of the manufacturer of that product, an injured person should be able to seek compensation from the component manufacturer where the component itself is a product under this Directive.
37
In order to ensure that injured persons have an enforceable claim for compensation where a manufacturer of a product is established outside the Union, it should be possible to hold the importer of that product and the authorised representative of the manufacturer, appointed in relation to specified tasks under Union legislation, for example under product safety and market surveillance legislation, liable. Market surveillance has shown that supply chains sometimes involve economic operators whose novel form means that they do not fit easily into traditional supply chains under the existing legal framework. Such is the case, in particular, with fulfilment service providers, which perform many of the same functions as importers but which might not always correspond to the traditional definition of importer in Union law. Fulfilment service providers play an increasingly significant role as economic operators, enabling and facilitating access to the Union market for products from third countries. That shift in relevance is already reflected in the product safety and market surveillance framework, in particular Regulations (EU) 2019/1020 and (EU) 2023/988 of the European Parliament and of the Council. Therefore, it should be possible to hold fulfilment service providers liable, but given the subsidiary nature of their role, they should be liable only where no importer or authorised representative is established in the Union. In the interests of channelling liability in an effective manner towards manufacturers, importers, authorised representatives and fulfilment service providers, it should be possible to hold distributors liable only where they fail to promptly identify a relevant economic operator established in the Union.
38
Online selling has grown consistently and steadily, creating new business models and new actors in the market, such as online platforms. Regulation (EU) 2022/2065 of the European Parliament and of the Council and Regulation (EU) 2023/988 regulate, inter alia, the responsibility and accountability of online platforms with regard to illegal content, including in relation to the sale of products. When online platforms perform the role of manufacturer, importer, authorised representative, fulfilment service provider or distributor in respect of a defective product, they should be subject to the same liability as such economic operators. Where online platforms play a mere intermediary role in the sale of products between traders and consumers, they are covered by a conditional liability exemption under Regulation (EU) 2022/2065. However, Regulation (EU) 2022/2065 provides that online platforms that allow consumers to conclude distance contracts with traders are not exempt from liability under consumer protection law where they present the product or otherwise enable the specific transaction in question in a way that would lead an average consumer to believe that the product is provided either by the online platform itself or by a trader acting under its authority or control. In keeping with that principle, where online platforms so present the product or otherwise enable the specific transaction, it should be possible to hold them liable in the same way as distributors under this Directive. Therefore, provisions of this Directive relating to distributors should apply analogously to such online platforms. That means that such online platforms should be liable only where they present the product or otherwise enable the specific transaction in a way that would lead an average consumer to believe that the product is provided either by the online platform itself or by a trader acting under its authority or control, and only where the online platform fails to promptly identify a relevant economic operator established in the Union.
39
In the transition from a linear to a circular economy, products are designed to be more durable, reusable, repairable and upgradable. The Union is also promoting innovative and sustainable forms of production and consumption that prolong the functionality of products and components, such as remanufacturing, refurbishment and repair, as set out in the communication of the Commission of 11 March 2020 entitled ‘A new Circular Economy Action Plan – For a cleaner and more competitive Europe’. When a product is substantially modified and is thereafter made available on the market or put into service, it is considered to be a new product. Where the modification is made outside the control of the original manufacturer, it should be possible to hold the person that made the substantial modification liable as a manufacturer of the modified product, since under relevant Union law that person is responsible for the product’s compliance with safety requirements. Whether a modification is substantial should be determined on the basis of criteria laid down in relevant Union and national product safety law, including Regulation (EU) 2023/988. Where no such criteria are laid down in respect of the product in question, modifications that change the original intended functions of the product or affect its compliance with applicable safety requirements or change its risk profile should be considered to be substantial modifications. Where a substantial modification is carried out by the original manufacturer, or within its control, and where such a substantial modification makes the product defective, that manufacturer should not be able to avoid liability by arguing that the defectiveness came into being after it placed the product on the market or put it into service. In the interests of a fair apportionment of risk in the circular economy, an economic operator that makes a substantial modification, other than the original manufacturer, should be exempted from liability if that economic operator can prove that the damage is related to a part of the product not affected by the modification. Economic operators that carry out repairs or other operations that do not involve substantial modifications should not be subject to liability under this Directive.
40
Since products can be designed in a manner that allows modifications to be made through changes to software, including upgrades, the same principles should apply to modifications made by way of a software update or upgrade as apply to modifications made in other ways. Where a substantial modification is made through a software update or upgrade, or due to the continuous learning of an AI system, the substantially modified product should be considered to be made available on the market or put into service at the time that modification is actually made.
41
Where victims fail to obtain compensation because no person is held liable under this Directive or because the liable persons are insolvent or have ceased to exist, Member States can use existing national sectoral compensation schemes or establish new ones under national law to appropriately compensate injured persons who suffered damage caused by defective products. It is for Member States to decide whether such compensation schemes are funded in whole or in part from public or private revenue.
42
In light of the imposition on economic operators of liability irrespective of fault, and with a view to achieving a fair apportionment of risk, a person that claims compensation for damage caused by a defective product should bear the burden of proving the damage, the defectiveness of a product and the causal link between the two, in accordance with the standard of proof applicable under national law. Persons claiming compensation for damage are, however, often at a significant disadvantage compared to manufacturers in terms of access to, and understanding of, information on how a product was produced and how it operates. That asymmetry of information can undermine the fair apportionment of risk, in particular in cases involving technical or scientific complexity. It is therefore necessary to facilitate claimants’ access to evidence to be used in legal proceedings. Such evidence includes documents that have to be created by the defendant by compiling or classifying the available evidence. In assessing the request for disclosure of evidence, national courts should ensure that such access is limited to that which is necessary and proportionate, inter alia, to avoid non-specific searches for information that is not relevant to the proceedings and to protect confidential information, such as information falling within the scope of legal professional privilege and trade secrets in accordance with Union and national law, in particular Directive (EU) 2016/943 of the European Parliament and of the Council . Taking into consideration the complexity of certain types of evidence, for example evidence relating to digital products, it should be possible for national courts to require such evidence to be presented in an easily accessible and easily understandable manner, subject to certain conditions.
43
This Directive harmonises rules on disclosure of evidence only in so far as such matters are regulated by it. Matters not regulated by this Directive include rules on disclosure of evidence with regard to: pre-trial procedures; how specific a request for evidence must be; third parties; cases of declaratory actions; and sanctions for non-compliance with the obligation to disclose evidence.
44
In light of the fact that defendants might need access to evidence at the disposal of the claimant in order to counter a claim for compensation under this Directive, defendants should also have the possibility of accessing evidence. Similar to a disclosure request made by the claimant, when assessing the request of the defendant for disclosure of evidence, national courts should ensure that such access is limited to that which is necessary and proportionate, inter alia, to avoid non-specific searches for information that is not relevant to the proceedings and to protect confidential information.
45
In respect of trade secrets as defined in Directive (EU) 2016/943, national courts should be empowered to take specific measures to ensure the confidentiality of trade secrets during and after the proceedings, while achieving a fair and proportionate balance between the interests of the trade secret holder with regard to secrecy and the interests of the injured person. Such measures should include at least measures to restrict access to documents containing trade secrets or alleged trade secrets and to restrict access to hearings to a limited number of people, or allowing access only to redacted documents or transcripts of hearings. When deciding on such measures, it is appropriate that national courts take into account the need to ensure the right to an effective remedy and to a fair trial, the legitimate interests of the parties and, where appropriate, of third parties, and potential harm for either of the parties to a dispute, and, where appropriate, for third parties, which results from the granting or rejection of such measures.
46
It is necessary to alleviate the claimant’s burden of proof provided that certain conditions are fulfilled. Rebuttable presumptions of fact are a common mechanism for alleviating a claimant’s evidential difficulties and allowing a court to base the existence of defectiveness or of a causal link on the presence of another fact that has been proven while preserving the rights of the defendant. In order to provide an incentive to comply with the obligation to disclose information, national courts should presume the defectiveness of a product where a defendant fails to comply with such an obligation. Many mandatory safety requirements have been adopted in order to protect consumers and other natural persons from the risk of harm, including under Regulation (EU) 2023/988. In order to reinforce the close relationship between product safety rules and liability rules, non-compliance with such requirements should also result in a presumption of defectiveness. That includes cases in which a product is not equipped with the means to log information about the operation of the product as required under Union or national law. The same should apply in the case of obvious malfunction, such as a glass bottle that explodes in the course of reasonably foreseeable use, since it is unnecessarily burdensome to require a claimant to prove defectiveness when the circumstances are such that its existence is undisputed. Reasonably foreseeable use covers the use for which a product is intended in accordance with the information provided by the manufacturer or economic operator placing it on the market, the ordinary use as determined by the design and construction of the product, and use which can be reasonably foreseen where such use could result from lawful and readily predictable human behaviour.
47
Where it has been established that a product is defective and the kind of damage that occurred is, based primarily on similar cases, typically caused by the defectiveness in question, the claimant should not be required to prove the causal link and its existence should be presumed.
48
National courts should presume the defectiveness of a product or the causal link between the damage and the defectiveness, or both, where, notwithstanding the defendant’s disclosure of information, it would be excessively difficult for the claimant, in particular due to the technical or scientific complexity of the case, to prove the defectiveness or the causal link, or both. They should do so taking into account all the circumstances of the case. In such cases, imposing the usual standard of proof as required under national law, which often calls for a high degree of probability, would undermine the effectiveness of the right to compensation. Therefore, given that manufacturers have expert knowledge and are better informed than the injured person, and in order to maintain a fair apportionment of risk while avoiding a reversal of the burden of proof, that claimant should be required to demonstrate, where the claimant’s difficulties relate to proving defectiveness, only that it is likely that the product was defective, or, where the claimant’s difficulties relate to proving the causal link, only that the defectiveness of the product is a likely cause of the damage. Technical or scientific complexity should be determined by national courts on a case-by-case basis, taking into account various factors. Those factors should include the complex nature of the product, such as an innovative medical device; the complex nature of the technology used, such as machine learning; the complex nature of the information and data to be analysed by the claimant; and the complex nature of the causal link, such as a link between a pharmaceutical or food product and the onset of a health condition or a link that, in order to be proven, would require the claimant to explain the inner workings of an AI system. The assessment of excessive difficulties should also be made by national courts on a case-by-case basis. While a claimant should provide arguments to demonstrate excessive difficulties, proof of such difficulties should not be required. For example, in a claim concerning an AI system, the claimant should, for the court to decide that excessive difficulties exist, neither be required to explain the AI system’s specific characteristics nor how those characteristics make it harder to establish the causal link. The defendant should have the possibility of contesting all elements of the claim, including the existence of excessive difficulties.
49
In the interest of a fair apportionment of risk, economic operators should be exempted from liability if they can prove the existence of specific exonerating circumstances. They should not be liable where they can prove that a person other than themselves caused the product to leave the manufacturing process against their will or that compliance with legal requirements was precisely the reason for the product’s defectiveness.
50
The moment of placing on the market or putting into service is normally the moment when a product leaves the control of the manufacturer, while for distributors it is the moment when they make the product available on the market. Manufacturers should therefore be exempted from liability where they prove that it is probable that the defectiveness that caused the damage did not exist when they placed the product on the market or put it into service or that the defectiveness came into being after that moment. However, since digital technologies allow manufacturers to exercise control beyond the moment of placing the product on the market or putting into service, manufacturers should remain liable for defectiveness that comes into being after that moment as a result of software or related services within their control, be it in the form of updates or upgrades or machine-learning algorithms. Such software or related services should be considered to be within the manufacturer’s control where they are supplied by that manufacturer or where that manufacturer authorises them or otherwise consents to their supply by a third party. For example, if a smart television is presented as including a video application, but the user is required to download the application from a third party’s website after the purchase of the television, the television manufacturer should remain liable, alongside the manufacturer of the video application, for damage caused by any defectiveness of the video application, even though the defectiveness came into being only after the television was placed on the market.
51
The possibility for economic operators to avoid liability by proving that the defectiveness came into being after they placed the product on the market or put it into service should be restricted when a product’s defectiveness consists in the lack of software updates or upgrades necessary to address cybersecurity vulnerabilities and maintain the safety of the product. Such vulnerabilities can affect the product in such a way that it causes damage within the meaning of this Directive. In recognition of manufacturers’ responsibilities under Union law for the safety of products throughout their lifecycle, such as under Regulation (EU) 2017/745 of the European Parliament and of the Council , manufacturers should also not be exempted from liability for damage caused by their defective products when the defectiveness results from their failure to supply the software security updates or upgrades that are necessary to address those products’ vulnerabilities in response to evolving cybersecurity risks. Such liability should not apply where the supply or installation of such software is beyond the manufacturer’s control, for example where the owner of the product does not install an update or upgrade supplied for the purpose of ensuring or maintaining the level of safety of the product. This Directive does not impose any obligation to provide updates or upgrades for a product.
52
In the interests of a fair apportionment of risk, economic operators should be exempted from liability if they prove that the state of scientific and technical knowledge, determined with reference to the most advanced level of objective knowledge accessible and not to the actual knowledge of the economic operator in question, during the period in which the product was within the manufacturer’s control, was such that the existence of the defectiveness could not be discovered.
53
Situations can arise in which two or more parties are liable for the same damage, in particular where a defective component is integrated into a product that causes damage. In such a case, the injured person should be able to seek compensation both from the manufacturer that integrated the defective component into its product and from the manufacturer of the defective component itself. In order to ensure the protection of natural persons, all parties should be held liable jointly and severally in such situations.
54
A high degree of innovation is particularly necessary in the software sector. With a view to supporting the innovative capacity of microenterprises and small enterprises that manufacture software, it should be possible for such enterprises to contractually agree with manufacturers that integrate their software into a product that the latter will not seek recourse from the software manufacturer in the event of a defective software component causing harm. Such contractual agreements, already used in some Member States, should be allowed, since the manufacturer of the product as a whole is in any event liable for any defectiveness in the product, including in components. However, liability towards an injured person should never be limited or excluded by such a contractual agreement.
55
Situations can arise in which the acts and omissions of a person other than a potentially liable economic operator contribute, in addition to the defectiveness of the product, to the cause of the damage suffered, such as a third party exploiting a cybersecurity vulnerability of a product. In the interests of consumer protection, where a product is defective, for example due to a vulnerability that makes the product less safe than the public at large is entitled to expect, the liability of the economic operator should not be reduced or disallowed as a result of such acts or omissions by a third party. However, it should be possible to reduce or disallow the economic operator’s liability where injured persons themselves have negligently contributed to the cause of the damage, for example where the injured person negligently failed to install updates or upgrades provided by the economic operator that would have mitigated or avoided the damage.
56
The objective of protecting natural persons would be undermined if it were possible to limit or exclude an economic operator’s liability through contractual provisions. Therefore no contractual derogations should be permitted. For the same reason, it should not be possible for provisions of national law to limit or exclude liability, such as by setting financial ceilings on an economic operator’s liability.
57
Given that products age over time and that higher safety standards are developed as the state of science and technology progresses, it would not be reasonable to make manufacturers liable for an unlimited period of time for the defectiveness of their products. Therefore, liability should be subject to a reasonable length of time, namely 10 years from the placing on the market or putting into service of a product (the ‘expiry period’), without prejudice to claims pending in legal proceedings. In order to avoid unreasonably restricting the possibility of compensation for damage caused by a defective product, the expiry period should be extended to 25 years in cases where the symptoms of a personal injury are, according to medical evidence, slow to emerge.
58
Since substantially modified products are essentially new products, a new expiry period should start to run after a product has been substantially modified and has subsequently been made available on the market or put into service, for example as a result of remanufacturing. Updates or upgrades that do not amount to a substantial modification of the product should not affect the expiry period that applies to the original product.
59
The possibility provided for in this Directive whereby an economic operator that proves that the state of scientific and technical knowledge at the time when a product was placed on the market or put into service or during the period in which the product was within the manufacturer’s control was not such as to enable the existence of a defect to be discovered can avoid liability, the so-called ‘development risk defence’, could be deemed in certain Member States to limit unduly the protection of natural persons. It should therefore be possible for a Member State to derogate from that possibility by introducing new measures, or amending existing measures, to extend liability in such situations to specific types of products if it is deemed necessary, proportionate and justified by public interest objectives, such as those set out in the Treaty on the Functioning of the European Union, namely public policy, public security and public health. To ensure transparency and legal certainty for economic operators operating across the Union, the use of such a derogation from the development risk defence should be notified to the Commission, which should then inform the other Member States. In order to facilitate a coherent approach across Member States and consistency with the objectives of this Directive, the Commission should be able to issue non-binding opinions on the proposed measures or amendments. In order to allow time for the issuing of an opinion, a Member State proposing such measures or amendments should hold the proposed measures or amendments in abeyance for six months following their notification to the Commission, unless the Commission issues an opinion earlier. Such an opinion should be issued after close cooperation between the Member State concerned and the Commission, taking into account the views of other Member States, if any. In the interest of legal certainty and to facilitate continuity of arrangements established under Directive 85/374/EEC, it should also be possible for a Member State to maintain existing derogations from the development risk defence in its legal system.
60
In order to facilitate the harmonised interpretation of this Directive by national courts, Member States should be required to publish final court judgments on product liability under this Directive, meaning those judgments that cannot be, or can no longer be, appealed. In order to limit the administrative burden, Member States should be required only to publish judgments of national courts of appeal or of the highest instance.
61
To increase the understanding of how this Directive is applied at national level, for the benefit of, inter alia, the public, legal practitioners, academics and Member States, the Commission should set up and maintain an easily accessible and publicly available database containing the relevant judgments as well as references to relevant judgments delivered by the Court of Justice of the European Union.
62
The Commission should carry out an evaluation of this Directive. Pursuant to paragraph 22 of the Interinstitutional Agreement of 13 April 2016 on Better Law-Making , that evaluation should be based on the five criteria of efficiency, effectiveness, relevance, coherence and value added and should provide the basis for impact assessments of possible further measures. In its evaluation report, the Commission should provide the methodology for the calculations used in its evaluation. It is important that the Commission gather all relevant information in a way that avoids overregulation and an administrative burden for Member States and economic operators, using information from all relevant and reliable sources, including Union institutions, bodies, offices and agencies, national competent authorities and internationally recognised bodies and organisations.
63
For reasons of legal certainty, this Directive does not apply to products placed on the market or put into service before 9 December 2026. It is therefore necessary to provide for transitional arrangements in order to ensure continued liability under Directive 85/374/EEC for damage caused by defective products which have been placed on the market or put into service before that date.
64
Since the objectives of this Directive, namely to ensure the functioning of the internal market, undistorted competition and a high level of protection for natural persons, cannot be sufficiently achieved by the Member States due to the Union-wide nature of the market in goods but can rather, by reason of the harmonising effect of common rules on liability, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality, as set out in that Article, this Directive does not go beyond what is necessary in order to achieve those objectives,