4 October 2022
On 28 September 2022, the European Commission proposed updated liability rules on products and new liability rules on artificial intelligence (AI). The updated Product Liability Directive (PLD) and the new AI Liability Directive (AILD) will complement the EU AI Act, which is intended to protect fundamental rights when AI systems are used. These directives will go through the legislative process where the European parliament and the Council will propose amendments to the Commission’s proposal.
Harms from AI systems have been stacking up over the years. Discriminatory facial recognition systems are just one among many. Affected people, however, were unable to hold anyone liable. The PLD and the AILD together are the first steps in the EU to address this shortcoming.
On 7 January 2022, we made four recommendations to strengthen the Product Liability Directive. The drafts of PLD and the AILD include two of these recommendations completely, but fail to address the other two sufficiently. Our four recommendations were:
- To include software in the definition of a 'product'.
- To acknowledge that software is updated after its deployment and that the updates can result in additional defects. The time when the software was put into circulation is not relevant when assessing defects if the provider controls the product.
- For all AI systems, to remove the “development risk defence”, which allows manufacturers to claim no liability because they did not know about defects when they first circulated the product.
- To place the burden of proof on the defendant, and not on the victims, when harm is caused by AI systems. Gathering evidence against operators, especially that of AI systems is disproportionally difficult for the public. Identifying who is responsible for defects is a challenge by itself.
The positives
The old Product Liability Directive from 1985 did not include software as a product. Consequently, natural persons could not hold companies liable for damage caused by software. The Commission has now rectified this in the updated PLD. Companies would now be liable for software, including 3rd-party software, that cause harm.
This draft of the PLD now provides that manufacturers are not exempt from liability as long as they have control over the product. We had earlier argued that software and AI models are updateable. As a result, ‘when the product was put into circulation’ is not relevant for assessing defective products. What is relevant is whether the product is in the manufacturer’s control. The Directive now goes further, making manufacturers liable when they fail to provide ‘software updates or upgrades necessary to maintain safety’.[i]
Further changes needed
Critical parts of the updated PLD and AILD need to be improved.
PLD and AILD place burden of proof on the victim instead of the manufacturer. The AILD recognizes that it is difficult for victims to identify who among the various companies involved in design and deployment of AI systems may be liable for a damage. However, it fails to adequately address issue of the information asymmetry between developers of AI systems and the public. Unlike the case of no—fault liability, as in the transportation sector,[ii] victims still need to demonstrate ‘that the output produced by the AI system or the failure of the AI system to produce an output gave rise to the damage’.[iii]
The courts, at the victim’s request, can now order providers to disclose evidence. This is an improvement over the status-quo. However, there is still a significant burden placed on the victims. The providers, on the other hand, can refuse to disclose evidence without any fear of reprimand.
As mentioned earlier, PLD acknowledges that manufacturers can update the software after being placed on the market. Despite this, PLD does not remove development risk defence.[iv]
Unfortunately, the PLD also does not apply to products already in circulation before this Directive is transposed.[v] This means that software that is already on the market, which can be updated after the directive has been transposed will not be liable.
We will continue to work with the co-legislators to address these and other shortcomings of the draft liability rules on products and AI.
[i] Proposal for a directive of the European Parliament and of the Council on liability for defective products, 28 September 2022. Article 10 (2) (c).
[ii] Member states with national laws that reverse the burden of proof or that have no-fault liability regimes can apply those to AI systems as AILD uses a minimum harmonization approach.
[iii] Proposal for a Directive of the European Parliament and of the Council on adapting non-contractual civil liability rules to artificial intelligence (AI Liability Directive), 28 September 2022. Article 4 (1).
[iv] The impact assessment of PLD, on p. 33, states that “the development risk defence … would be adapted to take account of producer control beyond that moment.” However, this is not reflected in the Commission’s draft proposal.
[v] Proposal for a directive of the European Parliament and of the Council on liability for defective products, 28 September 2022. Recital 46.