On 28 September 2022, the European Commission adopted proposals for two directives adapting non-contractual civil liability rules to artificial intelligence (“AI”). The proposed AI Liability Directive aims at targeted harmonization measures on civil liability for AI among the EU member states. The revised Product Liability Directive proposes adaptations to the producer’s no-fault (strict) liability for defective products that have caused damage to health or property or loss or corruption of data.

Under the proposed Product Liability Directive, compensation is available when defective AI causes damage, without the injured person having to prove the manufacturer’s fault. Not only hardware manufacturers but also providers of software and digital services that affect a product’s function (such as a navigation service in an autonomous vehicle) can be held liable. Further, manufacturers can be held liable for changes they make to products they have already placed on the market, including when these changes are triggered by software updates or machine learning.

In respect of cybersecurity, the proposed Product Liability Directive confirms that a product can be considered defective for having cybersecurity vulnerabilities. The proposal also expands the notion of compensable damage to include the loss or corruption of data.

The parallel proposal for an AI Liability Directive seeks to ensure that, where an injured person has to prove that an AI system caused damage in order to obtain compensation under national law (e.g., if someone failed a job interview because of discriminatory AI recruitment software), the burden of proof can be eased if certain conditions are met.

The proposed liability rules for AI will complement other proposed EU legislation such as the AI Act, the Digital Services Act and the Cyber Resilience Act.