Developers, beware the new product liability rules

The current product liability framework was adopted in 1985. It was only revised once, in 1999, with a new definition of what constitutes a ‘product’. 

Simply put, a ‘product’ includes all movables, even if incorporated into another movable or into an immovable, and also includes electricity. A producer is liable for damage caused by a defect in his product. A producer is the manufacturer of the product. However, whoever imports the product into the EU will be responsible as a producer as well. When several persons are liable for the same damage, they can be held jointly and severally liable.

The injured person must prove the damage, the defect and the causal relationship between defect and damage. 

A product is considered as defective when it does not provide the safety which a person is entitled to expect, taking into account the circumstances, such as the presentation of the product, the reasonable expected use of the product, and the time when the product was put into circulation. The fact that a better product has been put into circulation, does not make the older product defective. The producer can dispute a defect, for instance by making it probable that the defect did not exist when the product was put into circulation. 

Damage under this framework is limited to physical injury or death, and damage to private property valued above EUR 500. 

Proceedings have to be brought within three years of when the plaintiff became aware, or should reasonably have become aware, of the damage, the defect and the identity of the producer. Liability under this framework may not be excluded or limited.

The biggest hurdle under the current framework is that the definition of a ‘product’ does not include software. Faulty software that causes damages can, therefore, not lead to a claim under this framework. Only when that software is incorporated into a physical product can a claim be filed against the producer of that physical product. 

This gave a very broad waiver of liability to software developers, who could as a result only be held liable contractually or via tort. Given the dependence of today’s society on software, this became an increasingly painful blind spot in the product liability framework. 

The new framework also recognized the importance of cybersecurity, through software updates and upgrades. If damages are caused by cybersecurity weaknesses caused by a lack of upgrades or updates by the manufacturer, this can give cause for liability. 

Another development is that of the circular economy, whereby products are modified or refurbished before being placed back on the market. Also this posed a blind spot, as the person modifying or refurbishing the product is usually not the producer or importer. Conversely, since those modifications or refurbishments were made outside of the control of the producer, it would be counterproductive to hold the producer liable for those acts. 

A ‘product’ will now be defined as all movables, even if integrated into, or inter-connected with, another movable or an immovable, and including electricity, digital manufacturing files, raw materials and software. The new framework will not apply to free and open-source software developed or supplied outside a commercial activity. 

The basis of this framework remains that any natural person suffering damage caused by a defective product is entitled to compensation. 

In terms of damage, the new framework expands injuries to include medically recognized damage to psychological health. In terms of property damage, the EUR 500 threshold has been removed, and damage resulting from the destruction or corruption of data that are not used for professional purposes is included. A data breach may, therefore, lead to liability. Also non-material losses may be covered, insofar as they can be compensated under national law.

In terms of defects, the list of elements to be taken into account is expanded. It now also includes elements such as the specific needs of the group of users for whose use the product is intended, relevant product safety requirements, and the reasonably foreseeable effect on the product of other products that can be expected to be used together with the product, including by means of inter-connection. 

The new framework expands the list of entities that can be held liable. 

•    In the first place, the manufacturer of the product will be held liable. This can also include the manufacturer of a defective component integrated into the product. When a person substantially modifies a product outside of the control of the manufacturer and subsequently places that modified product on the market, this person can be held liable as manufacturer. This last point was added to include rules for circular economy business models. 
•    In second order, if the manufacturer is located outside of the EU, the importer, the manufacturer’s authorized representative, or the fulfilment service provider can be held liable. 
•    In third order, if none of these can be identified, any distributor of the product can – under some circumstances – be held liable. Important to note is that this also includes any provider of an online platform that allows consumers to conclude distance contracts with traders and that is not an economic operator. The online platform can, however, avoid liability by informing the consumer of manufacturer’s EU representative.

Another important change is that the person held liable will need to disclose any relevant evidence that they may have at their disposal – taking into account proportionality and legitimate interests such as protecting confidential information and trade secrets. This is a substantial benefit to consumers, as proving a defect often turned out to be a very high burden of proof for the victim. Moreso, if the defendant refuses to disclose evidence, the defect will be presumed by default. The new framework implements a few more presumptions that will lower the burden of proof for consumers, although the defendant can try to refute those presumptions.

As before, there a few cases in which the defect can be disputed. However, no exemption from liability is granted if the defect was caused by a related service, software – including upgrades and updates – a lack of software updates necessary to maintain safety, or a substantial modification of the product. 

As before, joint and several liability is possible. A manufacturer integrating software components can have recourse against the developer of those software components, unless that developer is a small or micro-enterprise, or when the right to recourse was contractually waived. Liability under this framework may not be excluded or reduced. The period of three years within which to file a claim has been retained. 

The new product liability framework will need to be transposed by the Member States by 9 December 2026. Products put onto the market from that date will fall under the new rules. However, the products placed on the market before that date will continue to resort under the old framework. 

Do you need further guidance on how to prepare for this framework? Please contact Niels Vandezande.