European Union member states have two years to adopt a new law expanding product liability rules to include digital products such as software, firmware, or online platforms. This will expand users' rights to compensation and make it easier for them to claim damages in court.
On October 10th, 2024, the EU Council (EC) adopted a directive on liability for defective products. This directive expands the definition of ‘product’ to include digital ones. The only exception is open-source software.
Until now, there were no clear rules on liability for damages caused by software products or components, according to Heise.de.The directive previously only covered movable property and electricity.
“The new law extends the definition of “product” to digital manufacturing files and software. Also online platforms can be held liable for a defective product sold on their platform just like any other economic operators if they act like one,” states the EC press release.
What are the changes?
Under the new rules, if the damages are caused by vendors outside the EU, the company importing the product or the EU-based representative of the foreign manufacturer is liable for them.
The directive covers operating systems, firmware, computer programs, applications, or AI systems, and any software or components that can be integrated into other products that are “capable of causing damage” through their execution. There is no difference in whether the
software is stored on a device, accessed through a communication network or cloud
technologies, or supplied through a software-as-a-service model.
The law enables injured parties to claim compensation more easily and to support their case in court by requesting access to relevant evidence held by the manufacturer.
If it’s too difficult for a consumer to prove that a product is defective or that its defect caused damage, “a court may decide that the claimant is only required to prove the likelihood that the product was defective or that its defectiveness is a likely cause of the damage.”
In cases when the product is repaired or upgraded outside the original vendor’s control, the company or individual that modified the product will also be held liable.
The liability rules will not apply to the content of digital files, such as media files, e-books, or the mere source code of software. They will also not apply to free and open-source software “in order not to hamper innovation or research.”
The covered damages include compensation for physical injuries, property damages, and the destruction or corruption of data, such as lost digital files, if recovery incurs a cost. Destruction or corruption of data does not automatically result in material loss and compensation if the data can be restored for free, from a backup, or by the provider.
The directive will not cover data leaks or breaches, which are regulated by other directives.
However, vendors will be held legally responsible for the defects such as “cybersecurity vulnerability, for example where the product does not fulfill safety-relevant cybersecurity requirements.”
“A product shall be considered defective where it does not provide the safety that a person
is entitled to expect or that is required under Union or national law,” the directive reads.
Bence Tuzson, the Hungarian Minister of Justice, said the new law is good news for consumers and producers.
“It will become easier for an injured person to claim damages in court. Manufacturers on the other hand will benefit from clear rules related to digital products and circular economy business models,” Tuzson said.
The directive already is in force and EU member states have two years to transpose it into national law.
On October 10th, 2024, the EC also adopted a Cyber Resilience Act, which introduced tighter security requirements for many products, including IoT ones, such as connected home cameras, fridges, TVs, and toys.
Your email address will not be published. Required fields are markedmarked