European Commission Proposes AI-Related Revisions to EU Product Liability Directive

On September 28, 2022, the European Commission published its proposal for a directive to amend the existing European Union (EU) Product Liability Directive that provides a system for compensating people who suffer physical injury or damage to property due to defective products. (85/374/EEC, the "PLD"). See European Commission, Proposal for a Directive of the European Parliament and of the Council on liability for defective products, COM (2022) 495 (the "Proposed Directive"). The Proposed Directive would replace the current fault-based system and instead impose no-fault strict liability on manufacturers for damages resulting from defective products. The Proposed Directive would expand the scope of the PLD to encompass emerging technologies, including artificial intelligence (AI). Key changes would include: (1) refining the scope of covered products and compensable damages; (2) defining the factors for considering whether a product is defective; (3) identifying which actors are subject to liability; and (4) new obligations imposed on those actors.

First, the Proposed Directive would expand the definitions of a covered "product" and compensable "damage" specifically to include AI components in the expanded definitions[1]:

• "Product" includes "electricity, digital manufacturing files and software," and encompasses AI-enabled products and AI systems, as well as digital manufacturing files "enabling the automated control of machinery or tools" that produce a tangible item.
• "Damage" includes "loss or corruption of data that is not used exclusively for professional purposes." Additionally, the Proposed Directive removes the €500 damage threshold and lengthens the period of liability under the PLD, without imposing a ceiling on potential damages.

Second, regarding when a product is determined "defective," the Proposed Directive modifies the safety standard and includes additional factors courts may consider. Under the PLD, a product is "defective" if it "does not provide the safety which a person is entitled to expect." Specifically, the Proposed Directive explains that this objective standard does not apply to "a person" and is instead that level of safety "which the public at large is entitled to expect" from a product, considering the "intended purpose, the objective characteristics and the properties of the product in question, [and] the specific requirements of the group of users for whom the product is intended."

Other factors for courts to consider when determining fault related specifically to digital products, include:

• "effect on the product of any ability to continue to learn after deployment" (e.g., machine learning capabilities of the product)
• "moment in time" when the product left the control of the manufacturer, which could impact wholesale/retail relationship considerations (e.g., cessation of remote software updates by the developer after selling the product to the distributor/provider, but before the product reaches the end user)
• "effect on the product of other products that can reasonably be expected to be used together with the product"
• "any intervention by a regulatory authority or by an economic operator … relating to product safety" (e.g., product recall); and
• "product safety requirements, including safety-relevant cybersecurity requirements" (e.g., cybersecurity vulnerabilities).

Third, the Proposed Directive expands the definition of "economic operator" to three additional categories of actors along the supply chain: fulfillment service providers, remanufactured product makers, and distributors.

• An "economic operator" would include a "fulfillment service provider" if a defective product's manufacturer, importer, and the manufacturer's authorized representative are based outside the EU (e.g., "warehousing, packing, addressing and dispatching of a product"). However, "fulfillment service provider" would not include postal services, parcel delivery service providers, or freight transport service providers.
• An "economic operator" also includes one who "modifies a product that has already been placed on the market or put into service" if the modification is outside the original manufacturer's control and "considered substantial under relevant [EU] or national rules on product safety."
• Further, the Proposed Directive would expand liability to reach a "distributor" in the supply chain of a defective product in the event economic operators cannot be identified, which includes providers of certain online platforms or "intermediary services" that transmit or store content for EU-based users across a broad range of digital activities, as described in the Digital Services Act (DSA). The DSA is expected to become law in the coming months and will apply to social media platforms and online marketplaces, making them liable if they "present the relevant information relating to the transactions at issue in such a way as to lead consumers to believe that that information was provided by those online platforms themselves or by traders acting under their authority or control…" On the other hand, online platforms that provide ancillary features of another service merely for integration or minor functionality (not as a standalone service) and not to circumvent the DSA, would not be considered one of the "intermediary services" to which the DSA applies and thus, by extension, the Proposed Directive would also not apply.

Finally, the Proposed Directive would impose new obligations through rebuttable presumptions in redress proceedings, as well as disclosure obligations on providers of high-risk AI systems as defined under the Draft EU AI Act.

Three rebuttable presumptions are set forth under the Proposed Directive.

• The product will be presumed defective based on a provider's failure to comply with a disclosure order (as discussed below), the product does not comply with safety requirements under EU or national law, or the claimant establishes damage was caused by an "obvious malfunction" in "normal use or under ordinary circumstances" such that defectiveness "is undisputed."
• The causal link between the defectiveness of the product and the alleged damage will be presumed if "it has been established that the product is defective and the damage caused is of a kind typically consistent with the defect in question."
• Either or both the defectiveness of the product and/or the causal link will be presumed where courts "face excessive difficulties, due to technical or scientific complexity" as to either or both elements if there is "sufficiently relevant evidence" that the product contributed to the damage and the product was defective, or its defectiveness was a likely cause of the damage, or both.

Under the Proposed Directive, courts could require providers of high-risk AI systems to disclose or preserve information about their AI systems to persons seeking to initiate redress proceedings against that provider. Requests must be supported by facts that sufficiently demonstrate a causal connection between the high-risk AI system and alleged damages. Orders could be issued for persons who initiated redress proceedings and those who requested but did not receive information from a provider while considering initiation of redress proceedings.

In issuing disclosure orders, courts must consider the legitimate interests of the parties and disclose information as is "necessary and proportionate" to support a potential claim for damages. If a disclosure order covers trade secrets, the court may take measures to preserve confidentiality during redress proceedings. As discussed above, if the provider does not comply with the disclosure order, courts may impose a rebuttable presumption that the provider failed to comply with provisions of the Draft AI Act as alleged by the claimant or potential claimant.

Next Steps

For the Proposed Directive to enter into force, it must be formally adopted by the European Parliament and European Council. If adopted, the Proposed Directive would apply to products placed on the market one year after its entry into force, and Member States would have one year from its entry into force for implementation in national laws.

The Proposed Directive is meant to complement the separate but related proposal for an AI Liability Directive, which covers fault-based liability claims. The Proposed Directive also builds upon liability provisions specific to online platforms under the proposed Digital Services Act. Together, these proposals would create a new civil liability system in the EU.

The Davis Wright Tremaine AI team will continue to monitor developments and implications of these proposals for our clients in the AI industry.

* On the date of this publication, Edlira Kuka was a law student at Seattle University School of Law and worked as a communications law, regulation & policy manager at DWT. On November 7, 2023, Edlira was admitted to practice law in the District of Columbia and became an attorney with DWT’s Communications Practice.