skip to main content

What does the EU Product Liability Directive mean for Irish organisations?

Safeguarding your assets, your people and your customers | 4 minute read

The revised Directive expands product liability to software, AI and digital services, broadens who can be liable, and means Irish organisations should prepare before December 2026.

 

The updated EU Product Liability Directive modernises a framework that dates back to 1985, bringing software, AI systems, digital manufacturing files, certain digital services and virtual products more clearly within scope.

Key takeaways

1. The revised EU Product Liability Directive expands the definition of “product” to include software and virtual products.²
2. Liability exposure is broader and organisations beyond traditional manufacturers may be affected.²
3. Irish organisations should prepare before the December 2026 implementation deadline.²


Why it matters now

EU Member States, including Ireland, must transpose the revised Directive into national law and implement the changes by December 2026.


1985

The year the original Product Liability Directive was adopted. The revised Directive updates a regime that was nearly 40 years old.

Source: International Financial Services Centre


25yrs

The revised Directive extends the liability period to 25 years for certain latent health injuries where symptoms are slow to emerge.3

Source: EUR-lex

Crucial changes under the revised EU Product Liability Directive

Expanded definition of ‘product’

The revised EU Product Liability Directive extends the definition of a product to include software, software updates, AI systems, digital manufacturing files and certain digital services necessary for a product to function.²

Broader liability exposure

Liability may extend beyond manufacturers to include importers, authorised representatives, fulfilment service providers and distributors.¹ 

Non-EU manufacturer risk

Where a manufacturer is based outside the EU, liability may transfer to the EU importer or authorised representative. In some circumstances, fulfilment service providers may also be affected.¹

Ongoing digital and cybersecurity obligations

Liability may arise after a product has been placed on the market, particularly where defects relate to software updates, cybersecurity vulnerabilities or machine learning functionality.²

Wider scope of recoverable damage

The revised regime expands the definition of recoverable damage to include medically recognised psychological harm and the destruction or corruption of non-professional data.²

Changes to evidence and burden of proof

While claimants must still prove defect, damage and causation, courts may presume defectiveness or causation in certain circumstances. The Directive also introduces enhanced disclosure rights where claims are considered sufficiently plausible.²

Has the EU Product Liability Directive been implemented in Ireland?

As mentioned, Ireland must implement the revised Directive by December 2026.²

Until implementing legislation is enacted, organisations should continue monitoring the Irish transposition process and related guidance.²

How to prepare for the EU Product Liability Directive

1. Assess whether your organisation is affected

Organisations should determine whether they place products on the EU market or participate in the product supply chain.

The revised EU Product Liability Directive adopts a broader approach to liability and may apply to manufacturers, component suppliers, importers, distributors, authorised representatives, fulfilment providers and certain online platforms.

Businesses should not assume the regime only applies to traditional manufacturers.¹

2. Identify products with digital or connected features

Many modern products rely on software, connectivity or digital services to function. Businesses should evaluate whether their products incorporate software, AI functionality, connected features, digital manufacturing files or related digital services that may fall within the revised framework.

This is particularly relevant for organisations involved in smart devices, automation, mobility, medical technology, platforms and AI-enabled systems.²

3. Map supply chain and contractual responsibilities

The revised EU Product Liability Directive is intended to ensure compensation remains available across complex international supply chains, including where products originate outside the EU.²

Organisations should clearly identify responsibilities across the product lifecycle, including design, manufacture, import, distribution, maintenance, modification and software updates.

Contracts should allocate responsibility for indemnities, insurance obligations, evidence sharing, recalls and ongoing product support.¹

4. Strengthen product safety and documentation processes

Under the revised regime, defectiveness may be assessed against consumer safety expectations and mandatory safety requirements.

Businesses should maintain clear records relating to product design, testing, quality assurance, warnings, compliance assessments, customer complaints and post-market monitoring.

For digital or AI-enabled products, organisations should also maintain documentation relating to software version control, update history, cybersecurity measures and risk management procedures.²

5. Prepare for post-sale technology risks

The revised EU Product Liability Directive recognises that defects may emerge after products enter the market, particularly where software updates, cybersecurity vulnerabilities or machine learning are involved.

Risk management processes should therefore extend beyond the point of sale and include ongoing monitoring, vulnerability management, update procedures, customer communications and escalation processes.

6. Review insurance arrangements

Businesses should evaluate whether existing insurance arrangements adequately reflect their activities and exposures, particularly where products involve software, AI systems, connected functionality or ongoing updates.¹

Relevant cover may include product liability, cyber, technology errors and omissions, professional indemnity, product recall and directors’ and officers’ liability.¹

7. Monitor the Irish implementation process

Although Ireland must implement the EU Product Liability Directive by December 2026, organisations should avoid waiting for final legislation before acting.²

The transition period provides an opportunity to assess exposure, update documentation, review contractual arrangements, engage with suppliers and evaluate insurance protections.¹ ²

Is your organisation ready for the EU Product Liability Directive?

The revised EU Product Liability Directive marks a significant shift in how product liability is approached across the EU.

For Irish organisations, the practical message is to prepare now: understand whether your business is in scope, review products and digital components, map supply chain responsibilities, strengthen documentation, prepare for more complex claims and review insurance arrangements.

Organisations that act early will be better placed to demonstrate that product risk is being governed properly.

Follow our cyber series as we look at further mandates in the cybersecurity sphere including the NIS2 Directive and EU AI Act.

For Irish organisations, the practical message is to prepare now: understand whether your business is in scope, review products and digital components, map supply chain responsibilities, strengthen documentation, prepare for more complex claims and review insurance arrangements.

David Dalton
Senior Account Executive

Want to see how we can help?

No matter the industry you operate in, you will have some sort of reliance on technology for the effective day-to-day running of your business. That’s what makes cyber insurance so important; every company has some level of vulnerability that cyber criminals can exploit.


General disclaimer

This insights article is not intended to address any specific situation or to provide legal, regulatory, financial, or other advice. While care has been taken in the production of this article, NFP does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the article or any part of it and can accept no liability for any loss incurred in any way by any person who may rely on it. Any recipient shall be responsible for the use to which it puts this article. This article has been compiled using information available to us up to its date of publication.

Margin Investments Ltd t/a NFP, RideSure is authorised and regulated by the Central Bank of Ireland. Registered office: ReSure House, Steeple View Court, Church Road, Malahide, Dublin, K36Y673 and its directors are Aidan Brady, Ross Barron, Garry Fitzroy,  Registered in Ireland No: 288386.


NFP contributors

David Dalton
Senior Account Executive



https://www.nfpireland.ie/insights/articles/what-does-the-eu-product-liability-directive-mean-for-irish-organisations/
2026 Copyright | All Right Reserved