In Practice Series - How to get ready for the new product liability laws in Europe
This article was originally published on Compliance & Risks 'In Practice Series' blog, November 2022.
On 28 September 2022, the European Commission (EC) published its much-awaited proposals to significantly reform the EU Product Liability Directive (85/374/EEC) (PLD).
The existing PLD came into force in July 1985 and has been the mainstay law governing redress for defective products across the EU. The legislation imposes a strict liability for defective products which have caused a loss to consumers.
It has been 37 years since the existing PLD came into force, during which time the concept of a ‘product’ has evolved considerably. As a consequence, after a lengthy consultation period and toing and froing on the need for ‘soft’ vs ‘hard’ law, the EC has indicated that a revision of the PLD is needed. The need for reform is, in part, due to the apparent lack of clear applicability of the existing PLD to complex emerging digital technologies such as Artificial Intelligence (AI) and Internet of Things connected devices; to the concept of a circular repair-based economy, which is a key priority for the EC under its Green Deal; and a perceived challenging burden of proof for claimants in complex cases under the existing PLD regime.
Alongside a product recall and regulator intervention, facing a civil claim or multiple claims, arising from an allegedly defective product can be amongst the most stressful and costly processes that a business can face. Understanding the risks imposed by the legal framework governing product liability can help businesses put in place appropriate systems and processes that will help them to minimise their exposure to costly product liability litigation. Given the ever-growing convergence between safety and liability regimes in the products space, such developments should also be considered in the broader context of legislative developments in product regulatory/safety and digital/technology realms.
The proposed new legal framework and consequences
Scope and core definitions under the proposed PLD
There has been an overall increase in the applicability of the proposed PLD, to extend to more products and more entities, as follows.
- The definition of a product: this has been expanded to include component products and intangible products such as software, AI systems and AI-enabled goods. However, the source code of software does not qualify as a ‘product’.
- The definition of a component: this includes any item, whether tangible, intangible or a related service, that is integrated into, or inter-connected with, a product by a manufacturer or within the manufacturer’s control. The intention behind including a ‘related service’ is to extend no-fault liability to digital services as they determine the safety of a product just as much as a physical or digital component.
- The definition of a manufacturer: the focus is now on the concept of a ‘manufacturer’, which has expanded in scope to include developers, providers of software and digital services.
- The definition of in-scope economic operators: encompasses manufacturers of a product or component, the providers of related services, authorised representatives, importers, fulfilment service providers and distributors (to include online e-commerce platforms).
- The definition of defect: this broadly remains the same but the circumstances to be taken into account when assessing a defect has been widened considerably, in particular, to include ‘product safety requirements, including safety-relevant cybersecurity requirements’ and ‘any intervention by a regulatory authority or by an economic operator...relating to product safety’. It should be noted that a product will not be considered defective for the sole reason that a better product is subsequently placed on the market.
Burden of proof and evidence
Several mechanisms have been introduced to place more burden on defendants, or reduce burden on claimants, in an attempt to better share the burden of proof between parties in more complex cases, such as those involving pharmaceuticals or AI-enabled products.
- Rebuttable presumption: the proposed PLD also introduces a new rebuttable presumption of defect where a manufacturer fails to comply with an obligation to disclose relevant evidence and the product does not comply with safety requirements OR the claimant establishes that the damage was caused by an obvious malfunction of the product during normal use or under ordinary circumstances. In instances where a product is alleged to be defective, and there is scientific uncertainty, it is possible that claimants will now be able to shift the burden of proof to the manufacturer.
- Disclosure of evidence: in certain circumstances, national courts are to be empowered to order manufacturers to disclose ‘relevant evidence that is at its disposal’. An Order to disclose evidence must be “necessary and proportionate” to support the claim. The proposed PLD also requires that adequate protections are put in place for trade secrets.
There has been an erosion of certain exemptions and/or statutory defences available to defendants within the proposed PLD as follows.
- ‘State of the art defence’: the proposed PLD has kept the defence for manufacturers that the state of scientific and technical knowledge at the time that the product was placed on the market did not allow a defect to be discovered (the ‘state of the art defence’). However, the wording has been slightly amended with the effect that a manufacturer, which for example produces software updates for a product after it has been placed on the market, cannot be exempt from liability on the basis that the product was not defective at the time of marketing.
- Software updates or upgrades: liability does not apply where the supply or installation of software is beyond the manufacturer’s control, for example, the consumer has not installed an update or upgrade to ensure or maintain the safety level of the product.
Quantum of damages
The definition of damage has not been significantly altered, although the scope has been widened to the following ‘intangible’ harms that have been more prevalent in the modern day:
- Compensation for loss or corruption of data. This does not include data used for exclusively professional purposes.
- Damage to property. This does not include property used for professional use only.
- Medically recognised harm to psychological health as a form of personal injury.
- Removes the de minimis threshold of EUR500 on the amount of compensation that can be claimed.
The overall consequences of these changes are vast and significant, including:
- A greater burden on defendants: The introduction of a rebuttable presumption of defect, additional powers for national courts to compel disclosure and the erosion of certain existing defences will make defending civil liability claims more challenging for manufacturers. It will likely require manufacturers and lawyers alike to revisit existing approaches to defending civil claims.
- Expansion of potential defendants: the regime has been expanded to include in-scope economic operators so that claims can now be brought against software providers, businesses that make substantial modifications to products, authorised representatives and fulfilment service providers.
- Liability relating to software or related services: as noted above in relation to the definition of a component, manufacturers may be liable for damage caused as a result of software or related services within their control, including upgrades and/or updates to algorithms.
- Liability arising after a product is placed on the market: under the proposed PLD, manufacturers can remain liable for defects that arise after being placed on the market as a result of hardware malfunction, software or related services within their control. Manufacturers can also be held liable where there has been a failure to update a product within their control.
- Secondary liability for retailers and online platforms: in the event that a product’s manufacturer or another EU-based economic operator cannot be identified, the proposed PLD allows (in certain circumstances) for claims to be brought against the distributor and any provider of an online platform that allows consumers to conclude distance contracts with traders.
- Liability for third parties: a person or company that undertakes a substantial modification of a product that has already been placed on the market, and is undertaken outside of the original manufacturers control, will fall within the proposed PLD and is potentially liable.
- Representative/Group Action: there is an explicit requirement for Member States to ensure that claims under the proposed PLD may be brought by “a person acting on behalf of one or more injured persons”. This will further facilitate the proliferation of large group action claims heightening the risk to manufacturers from a defective product.
The regulatory trend
Interplay with other regimes
The interplay between product safety/regulatory regimes and product liability regimes has grown ever-closer with these proposals, meaning that what is done when placing products on the market is even more crucial to the resultant product liability profile of the products. Many of the concepts newly introduced in the proposals are also long-term concepts within the product regulatory regimes.
The EC is in the process of overhauling the EU’s product safety legislation, in parallel to its reform of the product liability regime.
On 28 September 2022, the EC adopted a proposal for a Directive on adapting non-contractual civil liability rules to AI (the AI Liability Directive).
The proposed PLD covers no-fault liability of a producer for defective products which cause certain types of damage. However, the proposed AI Liability Directive covers national liability claims based mainly on the fault of any person with a view to compensating any type of damage and any type of victim.
Interestingly, the AI Liability Directive also includes similar terms empowering national courts to order manufacturers to disclose relevant evidence that is at its disposal. It appears there is an increasing focus within the EC on addressing what it perceives as an evidential imbalance between consumer and manufacturer.
On 15 September 2022, the EC adopted a legislative proposal on cybersecurity requirements for products with digital elements (the Cyber Resilience Act). This will build upon existing rules to encourage manufacturers and software developers to mitigate cybersecurity risks. However, it does not address liability. The requirements contained within any Cyber Resilience Act will be persuasive when assessing liability under the proposed PLD.
Checklist to limit risk
- Implementing a specific quality and safety review of the final product with regulatory compliance and litigation risk mitigation in mind.
- Risk assess products at the design and manufacture stage with reuse and reparability in mind, including allowing for third-party specialist repairers but also consumers opting to repair.
- Implement systems and design features to identify inadequate repairs undertaken by third parties or inexperienced consumers leading to product failures. Think for example features such as the Liquid Contact Indicator used in most mobile phones.
- Incorporate into the design process features that mitigate the use of incompatible or faulty third-party spare parts.
- Robust data protection and cyber-security features should be an indelible part of the product design process, particularly on Internet of Things connected devices. This will help mitigate the dual risk of liability under the PLD and General Data Protection Regulation (GDPR).
- Product development should consider a product’s full lifespan and the associated liability. A reasonable starting point is the longstop period under the PLD, which is 10 years, or 15 years with latent injury. Companies should also consider how their products can be reused, repaired, re-manufactured in this context.
- Robust post-market surveillance following the release of a product to ensure any material change in product safety is monitored, escalated and addressed as appropriate, including through software or hardware mechanisms.
- For state of the art products, careful monitoring of the current state of scientific knowledge and implementing periodic reviews of historic products to ensure safety standards are maintained.
- Comprehensive record-keeping internally, and by third-party suppliers, of periodic hardware and software updates following launch.
- Identifying reliable partners in each jurisdiction for managing corrective actions and civil liability matters.
- Review documents produced as part of product development, regulatory compliance and after-market surveillance, in particular commercially sensitive documents, having in mind the greater power of the courts to compel disclosure.
- Online marketplaces should carefully risk assess all products sourced from outside of the EU, including ensuring that appropriate liability cover is available or terms of indemnity are built into contracts.
- Companies should check their existing insurance policies to ensure that they provide suitable coverage to reflect the broadening risks introduced by the proposed PLD, such as for software, third-party producers and e-commerce platforms.