Crucial changes under the revised EU Product Liability Directive
Expanded definition of ‘product’
The revised EU Product Liability Directive extends the definition of a product to include software, software updates, AI systems, digital manufacturing files and certain digital services necessary for a product to function.²
Broader liability exposure
Liability may extend beyond manufacturers to include importers, authorised representatives, fulfilment service providers and distributors.¹
Non-EU manufacturer risk
Where a manufacturer is based outside the EU, liability may transfer to the EU importer or authorised representative. In some circumstances, fulfilment service providers may also be affected.¹
Ongoing digital and cybersecurity obligations
Liability may arise after a product has been placed on the market, particularly where defects relate to software updates, cybersecurity vulnerabilities or machine learning functionality.²
Wider scope of recoverable damage
The revised regime expands the definition of recoverable damage to include medically recognised psychological harm and the destruction or corruption of non-professional data.²
Changes to evidence and burden of proof
While claimants must still prove defect, damage and causation, courts may presume defectiveness or causation in certain circumstances. The Directive also introduces enhanced disclosure rights where claims are considered sufficiently plausible.²
Has the EU Product Liability Directive been implemented in Ireland?
As mentioned, Ireland must implement the revised Directive by December 2026.²
Until implementing legislation is enacted, organisations should continue monitoring the Irish transposition process and related guidance.²
How to prepare for the EU Product Liability Directive
1. Assess whether your organisation is affected
Organisations should determine whether they place products on the EU market or participate in the product supply chain.
The revised EU Product Liability Directive adopts a broader approach to liability and may apply to manufacturers, component suppliers, importers, distributors, authorised representatives, fulfilment providers and certain online platforms.
Businesses should not assume the regime only applies to traditional manufacturers.¹
2. Identify products with digital or connected features
Many modern products rely on software, connectivity or digital services to function. Businesses should evaluate whether their products incorporate software, AI functionality, connected features, digital manufacturing files or related digital services that may fall within the revised framework.
This is particularly relevant for organisations involved in smart devices, automation, mobility, medical technology, platforms and AI-enabled systems.²
3. Map supply chain and contractual responsibilities
The revised EU Product Liability Directive is intended to ensure compensation remains available across complex international supply chains, including where products originate outside the EU.²
Organisations should clearly identify responsibilities across the product lifecycle, including design, manufacture, import, distribution, maintenance, modification and software updates.
Contracts should allocate responsibility for indemnities, insurance obligations, evidence sharing, recalls and ongoing product support.¹
4. Strengthen product safety and documentation processes
Under the revised regime, defectiveness may be assessed against consumer safety expectations and mandatory safety requirements.
Businesses should maintain clear records relating to product design, testing, quality assurance, warnings, compliance assessments, customer complaints and post-market monitoring.
For digital or AI-enabled products, organisations should also maintain documentation relating to software version control, update history, cybersecurity measures and risk management procedures.²
5. Prepare for post-sale technology risks
The revised EU Product Liability Directive recognises that defects may emerge after products enter the market, particularly where software updates, cybersecurity vulnerabilities or machine learning are involved.
Risk management processes should therefore extend beyond the point of sale and include ongoing monitoring, vulnerability management, update procedures, customer communications and escalation processes.
6. Review insurance arrangements
Businesses should evaluate whether existing insurance arrangements adequately reflect their activities and exposures, particularly where products involve software, AI systems, connected functionality or ongoing updates.¹
Relevant cover may include product liability, cyber, technology errors and omissions, professional indemnity, product recall and directors’ and officers’ liability.¹
7. Monitor the Irish implementation process
Although Ireland must implement the EU Product Liability Directive by December 2026, organisations should avoid waiting for final legislation before acting.²
The transition period provides an opportunity to assess exposure, update documentation, review contractual arrangements, engage with suppliers and evaluate insurance protections.¹ ²
Is your organisation ready for the EU Product Liability Directive?
The revised EU Product Liability Directive marks a significant shift in how product liability is approached across the EU.
For Irish organisations, the practical message is to prepare now: understand whether your business is in scope, review products and digital components, map supply chain responsibilities, strengthen documentation, prepare for more complex claims and review insurance arrangements.
Organisations that act early will be better placed to demonstrate that product risk is being governed properly.
Follow our cyber series as we look at further mandates in the cybersecurity sphere including the NIS2 Directive and EU AI Act.