view all news & events
09/19/2025

Product Liability and Artificial Intelligence

The reform of product liability law in light of the government draft of 11 September 2025

On 8 December 2024, Directive (EU) 2024/2853 on liability for defective products (ProdHaftRL) came into force, replacing the almost 40-year-old Directive 85/374/EEC, on which the Product Liability Act (ProdHaftG) is also based. Already on 11 September 2025 – and thus comparatively early – the Federal Ministry of Justice and Consumer Protection presented the draft bill for the implementation of the ProdHaftRL (ProdHaftG-E). The law is to come into force at the end of the implementation period on 9 December 2026.

The background to the comprehensive modernisation of product liability law includes developments in connection with new technologies, including Artificial Intelligence (AI). The application of the previous product liability law had led to inconsistencies and legal uncertainties with regard to the interpretation of the term ‘product’. In addition, it is often difficult for injured parties to assert claims for damages in view of the increasing technical complexity of products. 

The ProdHaftG-E now aims to strike a balance between promoting the development of new technologies on the one hand and ensuring effective legal protection for injured parties on the other. A key element in this regard is the inclusion of software – and thus also AI systems – within the scope of the ProdHaftG. Against this backdrop, companies are faced with the question: Who is responsible for ‘defective’ software – the manufacturer or another player along the value chain? What obligations do market participants have and how can they protect themselves against liability risks?

The following analysis examines the key changes to the ProdHaftG according to the government draft and highlights the consequences, particularly for companies that develop, distribute or use AI systems.

SKW Schwarz has already reported on the new ProdHaftRL.

 

Key changes in product liability law

The proposed Product Liability Act (ProdHaftG-E) introduces a number of changes compared to the previous Product Liability Act (ProdHaftG):

1) Software & AI systems as products

In future, software will be included in product liability regardless of how it is provided or used, i.e. regardless of whether it is embodied in or connected to physical objects and thus also regardless of whether the software is used ‘on-premise’ or accessed via the cloud, for example (Section 2 No. 3 ProdHaftG-E). 

AI systems are also to be covered by the term ‘software’ (cf. Recital 13 of the ProdHaftRL), which is to be understood as technology-neutral and deliberately not legally defined.

Free and open-source software plays a special role: it is generally excluded from the scope of product liability law (Section 2 No. 3 ProdHaftG-E, second half-sentence), but only if it is developed or provided outside of a commercial activity. If, on the other hand, it is provided in return for payment or personal data that is used for purposes other than solely improving the security, compatibility or interoperability of the software, this constitutes a commercial activity and the exemption does not apply. This also means that If open source software that was originally provided outside of a commercial activity is integrated into a product by a manufacturer as a component within the scope of its commercial activity, this manufacturer is liable for damages caused by errors in the software – but not the original manufacturer of the open source software (see recitals 14 and 15 of the ProdHaftRL and Begr. RefE, p. 26).

2) Types of compensable damage

In addition to damage resulting from death, bodily injury, damage to health or property damage, damage resulting from the destruction or damage of data not used for professional purposes will also be compensable in future (Section 1 (1) No. 3 ProdHaftG-E). Conversely, this means that damage to data that is used – at least in part – for professional purposes is not compensable under the ProdHaftG-E (see Recital 22 of the ProdHaftRL).

The claim under Section 1 ProdHaftG-E differs from the claim for damages under data protection law under Article 82 GDPR in that the latter does not require the processing of personal data in violation of data protection law and places the obligation on the manufacturer (and not the data controller).

3) Adjustment of the concept of defect

Section 7 sentence 1 ProdHaftG-E standardises the principle that a product is defective if it does not offer the safety required by law or that may be expected. 

Section 7 (2) nos. 1–8 ProdHaftG-E lists, among other things, the reasonably foreseeable use (no. 2), the effects of the product's learning ability (no. 3), interactions with other products (No. 4) and cybersecurity requirements (No. 5).

4) Expansion of the group of liable parties

The central liable party under the ProdHaftG-E remains the manufacturer, including those acting as manufacturers (so-called quasi-manufacturers). In this respect, the legal definition in Section 3 ProdHaftG-E essentially corresponds to that of the supplier under Article 3(3) of the AI Regulation.

Furthermore, Sections 10–13 of the ProdHaftG-E provide for a cascade of liability which, in addition to the manufacturer (or supplier), also covers importers, agents, fulfilment service providers, suppliers and providers of an online platform within the meaning of Art. 3 lit. i) DSA as liable parties under certain conditions.

In this context, it should be noted that in the event of product defects caused by a faulty component, both the manufacturer of the product and the manufacturer of the component may be liable (Section 4 ProdHaftG-E). Components also include ‘connected services’ such as the temperature monitoring service that monitors and regulates the temperature of a smart refrigerator (see Recital 17 ProdHaftRL).

5) Shift in the burden of proof and disclosure

Section 19 ProdHaftG-E provides for a rule on the disclosure of evidence in court proceedings, modelled on the US ‘disclosure of evidence’ rule. This is intended to ensure that the plaintiff and defendant have comparable knowledge.

Finally, Section 20 ProdHaftG-E contains presumptions and assumptions regarding the existence of a defect and its causality for the infringement of a right or legal interest within the meaning of Section 1 (1) ProdHaftG-E.

 

Implications for companies

For companies that develop or distribute AI systems or other software, the ProdHaftG-E results in a significant increase in liability risks, not least because there is sometimes a considerable gap between the legal requirements and the actual possibility of implementation. If the ProdHaftG-E is based on the ‘state of the art’ (Section 9 (1) No. 3), this presupposes corresponding norms or standards that not only offer practical assistance but also define a lower limit – however, these are simply not available across the board. Manufacturers are thus faced with the challenge of designing products and components without corresponding guidelines in such a way that ‘expectable’, ‘reasonably foreseeable’ or even – in the case of self-learning products – ‘unexpected’ negative effects are avoided (Section 7 (2) No. 3 ProdHaftG-E).

In addition, other parties besides manufacturers may now also be potentially liable. The liability cascade provided for in Sections 10–13 ProdHaftG-E is intended to ensure that injured parties always have a defendant based in the European Union, even if the manufacturer itself is based outside the EU. This means that importers and agents, fulfilment service providers, suppliers and online platform providers may also be liable if the upstream party in the (supply) chain cannot be held accountable because it is not based in the EU.

On the other hand, the scope of protection of the law remains limited due to the link to certain rights and legal interests in Section 1 (1) ProdHaftG-E and, in particular, the exclusion of pure financial losses.

 

Recommendations for internal implementation and best practices

In order to avoid liability cases, it is advisable to implement the following general and 

actor-specific guidelines. In particular, there is a comprehensive need for action on the part of manufacturers as the central liable parties under the ProdHaftG-E.

 

1) Recommendations for all parties involved

  • Product liability insurance: Companies should check whether existing insurance policies cover damage caused by software and AI systems.
  • Review of agreements with third parties: Contracts with suppliers, for example, should be reviewed to ensure that liability risk is distributed. Recourse clauses may need to be introduced.
  • Compliance systems: Providers must ensure that their systems meet legal requirements and that risks are minimised.
  • Documentation, including of supply chains.

 

2) For manufacturers

  • Security by design: When developing a product, relevant safety aspects, such as the risks arising from the use of the product, its learning ability or its interactions with other products, must be taken into account.
  • Furthermore, codified technical knowledge in the form of harmonised norms and standards must be taken into account as far as possible in order to enable an exclusion of liability (Section 9 (1) No. 3 ProdHaftG-E).
  • Documentation: Regardless of the risk classification of the AI system, compliance with the requirements of the AI Act is recommended, or at least complete documentation of the development and ‘AI lifecycle management’ in order to prove its accuracy in liability proceedings or to refute the presumptions and assumptions in section 20 of the draft Product Liability Act; Companies may also be required to disclose how the AI system works.
  • In addition, cybersecurity requirements in particular must be taken into account (SKW Schwarz has already reported on the CRA and the NIS 2 Directive here and here).
  • Update management: Manufacturers should provide products that have been placed on the market/put into service with the necessary security updates (section 9 (2) sentence 2 ProdHaftG-E); appropriate internal processes must be established for this purpose.

 

3) For suppliers and providers of online platforms

  • Information management: Suppliers in particular should document supply chains transparently and set up systems so that they can name a primarily liable party to a creditor within one month of being requested to do so (Section 12 (1) ProdHaftG-E). The same applies to providers of online platforms through which consumers can conclude contracts with businesses. The obligations of suppliers apply to them accordingly.
  • Clear labelling: Providers of online platforms should clearly identify products that are not provided by the provider itself or by a user under the provider's supervision as belonging to the manufacturer or seller in order to avoid liability (cf. Section 13 No. 2 ProdHaftG-E in conjunction with Art. 6 (3) DSA).

 

Conclusion and outlook

The modernisation of product liability law marks a turning point in the handling of AI systems. For the first time, software is comprehensively recognised as a product, meaning that AI applications are also subject to product liability. Although it will be some time before the law is expected to come into force, companies should prepare for the upcoming changes in good time in view of the significant increase in liability risks.

    Share

  • LinkedIn
  • XING

Find out today what the legal world will be talking about tomorrow.

Subscribe to newsletter