What’s proposed?

The European Commission proposed on 28 September 2022 a revision of the Product Liability Directive (PLD), originally adopted in 1985. The main goal of the proposed revision is to modernise the existing Directive to reflect technological advances, changes in consumer behaviour, and evolving business practices. In this regard, the latest revision of the proposal plans to expand the Directive’s scope to cover digital products such as software (including AI systems), digital manufacturing files, and digital services when these are necessary for products to function (e.g. a GPS in an autonomous vehicle). Startups, heavily reliant on software and other technologies, will find this revision particularly relevant as it brings these technologies within the scope of the directive.

Furthermore, with the inclusion of software in the scope, the proposal provides that liability would continue to apply when a defect came into being after a product has been placed on the market. Hence, a manufacturer (or the relevant economic operator, as identified by the Directive’s ‘layered’ liability approach) could remain liable for software updates (provided they are under the manufacturer’s control); failure to address cybersecurity vulnerabilities; and machine learning. Put more simply: software and AI developers would continue to be liable for emerging technologies that learn independently as well as for defects caused by updates or lack thereof.

Where are we in the legislative process?

The two European co-legislators, the European Parliament and the Council of the European Union, are currently reviewing the Commission’s proposal. Members of the European Parliament (MEPs) have submitted their amendments and the Council of the EU is discussing the Swedish Presidency’s fourth compromise text. Considering both institutions’ internal debates, one can expect that the Directive’s scope will be the most discussed issue. For instance, although Member States seem in favour of excluding the content of digital files (e.g. ebooks) from the scope, some of the European Parliament’s political groups advocate for including it.

How will it impact startups?

Contrary to more established companies, startups heavily rely on open source software (OSS) due to its cost-effectiveness and its potential for scalability. The Commission’s proposal contains several relevant provisions for startups as it proposes to cover OSS developed and supplied in the course of commercial activity: a manufacturer could then be held liable for defects due to the commercial use of OSS components, thus potentially limiting the startups’ usage of very important tools for them to thrive and scale. 

For instance, let’s consider an entrepreneur who is building a new mobile application for ride-sharing services. To create a cost-effective and efficient platform, the entrepreneur incorporates various OSS components (e.g. a mapping library, a user authentication system). However, if any defects or issues arise from the use of these OSS components, the manufacturer of the mobile application could be held liable. This increased liability introduces potential legal risks and financial burdens for startups, as they may need to invest additional resources in ensuring the quality and safety of the OSS they use. These implications can thus limit startups’ ability to freely leverage the benefits of open source software and may require them to carefully navigate the legal landscape surrounding OSS in order to mitigate potential risks.

Regarding the definitions, the proposal considers that ‘damage’ should include material losses, such as the loss or corruption of data. In the case of a software failure that caused a loss of data, this might be challenging for a startup to prove what exactly caused the software failure. 

Here’s an example of a startup that develops a cloud-based storage platform for businesses. In the event of a software failure leading to the loss of critical customer data, the startup may face hurdles in demonstrating the specific factors that contributed to the failure. Proving causality between the software failure and the resulting data loss becomes essential for establishing liability, which can be complex due to the intricate nature of software systems. The proposed revision would require startups to grapple with such scenarios and carefully navigate the legal landscape to gather sufficient evidence and documentation to support their claims. 

What’s next?

Now that the relevant MEPs have submitted their amendments, a committee vote in the European Parliament is expected to take place around early July, followed by a vote in plenary. The Council of the EU will keep discussing the file and hopes to reach a general approach as soon as possible in order to start negotiating with the European Parliament and the Commission in trilogues.