On 8 December 2024, the revised EU Product Liability Directive 2024/2853 (“RPLD”) came into force, replacing the existing Liability Directive from 1985. This reform responds to decades of technological development and the increasing complexity of digital products, artificial intelligence and new business models, such as those involving large supply chains. The old Directive is being replaced with a new version that considers the shift to a digital and circular economy as well as the risks associated with new products and technologies.
This article is the first part of our series on the RPLD. To find out more about the RPLD and the other changes it introduces please click here.
Defining Product Defectiveness
Under Art. 7 (1) RPLD, a product is considered defective if it fails to provide the safety that a person is entitled to expect or that is required under Union or national law. This fundamental principle of “defectiveness” remains largely unchanged from the existing 1985 Directive.
As under the old Directive, Art. 7 (3) RPLD clarifies that a product is not considered defective solely because a ”better” product (incl. updates or upgrades) has been or is subsequently placed on the market.
New Criteria for the Assessment of Product Defectiveness
The RPLD nevertheless introduces a number of new, more detailed criteria for the assessment of defectiveness, resulting in significant changes and an extension of liability. Below is an overview of the relevant aspects for determining defectiveness and the key differences compared to the old Directive:
This criterion is broadly in line with the concept of 'presentation' contained in the previous Directive. The RPLD sets out a comprehensive catalogue of specific elements to be taken into account when assessing both the presentation and the characteristics of products.
This requirement essentially mirrors the corresponding criterion under the old Directive.
This criterion specifically addresses AI-driven products, where software or algorithms must be designed to avoid dangerous patterns. It reflects the legitimate expectation that a product’s software and underlying algorithms is designed to prevent hazardous behaviour. Consequently, a manufacturer who designs a product with the ability to learn unexpected behaviour remains liable for behaviour that causes harm.
To reflect the interconnection of products, especially regarding IT products, the RPLD requires consideration of how a given product could be affected by other products when used in combination. Since software-based products typically interact with other products, this may pose significant challenges for developers. The RPLD limits this to considering only reasonably foreseeable effects.
Under the old Directive, the state of scientific and technical knowledge at the time when the manufacturer put the product into circulation was decisive for assessing the defectiveness of a product. Accordingly, any advances in scientific and technical knowledge following the product’s release were, in principle, no longer relevant.
This concept has undergone a substantial change under the RPLD. The manufacturer is now required to keep pace with the advancing state of scientific and technical knowledge for as long as it retains control over the product. Retaining control means that the manufacturer, either directly or through a third party, has the ability to provide software updates or upgrades. Consequently, many digital and AI-integrated products will likely remain under the manufacturer’s control once placed on the market, placing an obligation on manufacturers to closely monitor ongoing developments in science and technology and to respond through software updates or upgrades.
Another significant development is the explicit inclusion of cybersecurity, which resolves the debate over whether this aspect should be considered in the context of the defectiveness of a product Safety, in terms of preventing harm caused by the product, is now explicitly complemented by security, meaning protection of the product from third-party interference
By adding product recalls or other interventions by authorities to the list of factors influencing defectiveness, the RPLD further integrates product liability law with product safety law. However, recital 34 of the RPLD clarifies that such interventions do not automatically imply a presumption of defectiveness.
Finally, while the safety requirements for products are generally based on the expectations of the public at large, the RPLD now allows for the consideration of the needs of specific user groups for whom the product is intended, which is particularly relevant for high-risk products. This does not mean that the expectations of each individual consumer are relevant, but rather that those of a smaller, particularly vulnerable group of users can be taken into account. Related to this, the European legislator codified a ruling by the ECJ from 2015 in the corresponding recital 30, in which the court decided that for products with a high risk of harm (such as life-sustaining medical devices), defectiveness can be established without directly proving the defectiveness of the specific product. This applies if the product is part of the same production series as a product that has already been proven defective ( ECJ C503/13 and C504/13).
This criterion applies to products whose primary function is to prevent damage, e.g. smoke alarms, seat belts, crash helmets.
Conclusion and Outlook
In conclusion, the RPLD sets out a series of detailed criteria that must be considered when assessing a product’s defectiveness. Although the list is not exhaustive, it specifically addresses the interconnection of products, AI-based products and the manufacturer’s control over a product after it has been placed on the market. Member States now have until 9 December 2026 to fully implement the new legislation.
For more information on Product Compliance and Liability please click here