European Commission proposes new liability rules for products and AI

On September 28, 2022, the European Commission adopted proposals for two directives adapting non-contractual civil liability rules to artificial intelligence (“AI”). The proposed AI Liability Directive aims at targeted harmonization measures on AI civil liability among EU Member States. The revised Product Liability Directive proposes adaptations to the (strict) liability of the producer for defective products that have caused damage to health or property or loss or corruption of data.

Under the proposed Product Liability Directive, compensation is available when a faulty AI causes damage, without the injured party having to prove the fault of the manufacturer. Not only hardware manufacturers, but also software and digital service providers that affect the function of a product (such as a navigation service in an autonomous vehicle) can be held liable. Additionally, manufacturers can be held liable for changes they make to products they have already released, including when those changes are triggered by software updates or machine learning.

As far as cybersecurity is concerned, the proposal for a directive on product liability confirms that a product can be considered defective because it has cybersecurity vulnerabilities. The proposal also broadens the notion of compensable damage to include loss or corruption of data.

The parallel proposal for an AI Liability Directive aims to ensure that where an injured party has to prove that an AI system has caused harm in order to obtain compensation under national law (e.g. , if someone fails a job interview due to discriminatory AI recruiting software), the burden of proof can be lowered if certain conditions are met.

The proposed liability rules for AI will complement other EU legislative proposals such as the AI ​​Act, the Digital Services Act and the Digital Resilience Act.