Last reviewed: April 9, 2026
Jurisdictions covered: EU (primary), US and UK (comparison)
Reading time: 18 minutes
Product Liability Directive for AI: The December 2026 Deadline You Are Probably Ignoring
Every AI compliance team in Europe is focused on August 2, 2026. That is when the EU AI Act’s high-risk obligations take effect. Conformity assessments, risk management systems, technical documentation, post-market monitoring — the preparation lists are long, the deadlines are tight, and the industry attention is justified.
Four months later, on December 9, 2026, a second deadline hits. Directive (EU) 2024/2853 — the revised Product Liability Directive — takes effect across all Member States. It explicitly defines software, including AI systems, as “products.” It creates strict liability for defective AI. It reverses the burden of proof when technical complexity makes claims difficult to prove. And it does all of this through a separate legal regime that the AI Act does not replace, modify, or override.
Most AI compliance programs have not registered this deadline. They should. Here is why.
Key Takeaways
- The revised PLD explicitly includes AI systems and software as “products” (Art. 4(1)), making AI providers “manufacturers” subject to strict liability for defective products. No fault required.
- Complying with the EU AI Act does not shield you from PLD claims. The AI Act governs regulatory compliance. The PLD governs civil liability. They run in parallel.
- Courts can presume your AI system is defective if the technical complexity of your system makes it excessively difficult for the claimant to prove the defect (Art. 10(4)). Machine learning is explicitly listed as a trigger for this presumption.
- Data destruction and corruption are now compensable (Art. 6(1)(c)) — a significant expansion from the 1985 Directive, which covered only death, personal injury, and property damage.
- Hungary has already transposed the Directive (December 2025). Germany and the Netherlands have bills in parliament. Most Member States have not started.
Why Should AI Teams Care About Product Liability?
The EU AI Act is a regulatory framework. Violations result in fines paid to market surveillance authorities — up to EUR 35 million or 7% of global turnover for prohibited practices (EU-06: Penalties explained). The regulator enforces it. The company pays the fine. The harmed individual gets nothing.
The Product Liability Directive is a civil liability framework. When a defective product causes harm, the injured person sues the manufacturer for compensation — covering death, personal injury, property damage, psychological health damage, and now data destruction. The manufacturer pays the injured person directly. No regulatory authority is involved.
These are separate legal regimes. A company can be fully compliant with the AI Act and still face PLD claims if its AI system causes harm. A company can violate the AI Act and face no PLD liability if its product is not defective. The two frameworks ask different questions: the AI Act asks “Did you follow the rules?” The PLD asks “Did your product hurt someone?”
For AI compliance teams, the practical consequence is this: your AI Act conformity assessment and your product liability risk assessment are different exercises. You need both.
What Changed in the 2024 Product Liability Directive?
The original Product Liability Directive (85/374/EEC) was written in 1985. Personal computers were barely mainstream. The internet was a research project. Software was not considered a “product” under the Directive — it was intangible, and product liability law dealt with tangible goods.
Directive (EU) 2024/2853, adopted on October 23, 2024 and published in the Official Journal on November 18, 2024, changes this. The revisions that matter for AI:
Software is now explicitly a product. Article 4(1) defines “product” as “all movables, even if integrated into, or inter-connected with, another movable or an immovable; it includes electricity, digital manufacturing files, raw materials and software.” Recital 13 goes further: “A developer or producer of software, including AI system providers within the meaning of Regulation (EU) 2024/1689, should be treated as a manufacturer.” That regulation is the EU AI Act.
Data destruction is compensable. Article 6(1)(c) adds “destruction or corruption of data that are not used for professional purposes” as a compensable damage type. Under the old Directive, only death, personal injury, and property damage above a EUR 500 threshold were covered. Both the threshold and the data exclusion are gone.
The EUR 500 deductible is removed. The old Directive’s minimum damage threshold no longer applies. All damage is compensable from the first euro.
Online platforms face liability. Article 8(4) extends distributor-equivalent liability to online platforms when they present products in a way that leads consumers to believe the platform is the supplier (aligned with the Digital Services Act, Art. 6(3) of Regulation 2022/2065).
Liability cannot be excluded by contract. Article 15 states that liability “is not, in relation to the injured person, limited or excluded by a contractual provision or by national law.” Supply chain contracts that attempt to shift PLD liability to downstream parties have no effect on the injured person’s rights.
Source: Directive (EU) 2024/2853, OJ L, 18 November 2024.
How Does the PLD Define AI Systems as Products?
The definition is technology-neutral but explicitly inclusive. Article 4(1) says “software.” Recital 13 says “software, such as operating systems, firmware, computer programs, applications or AI systems.” Recital 13 also specifies that software qualifies “irrespective of the mode of its supply or usage, and therefore irrespective of whether the software is stored on a device, accessed through a communication network or cloud technologies, or supplied through a software-as-a-service model.”
This means standalone AI applications, AI embedded in physical products, AI accessed via cloud APIs, and AI delivered as SaaS all qualify as products under the PLD. If your AI system is placed on the EU market, it is a product for liability purposes.
One exemption: Article 2(2) excludes “free and open-source software that is developed or supplied outside the course of a commercial activity.” Recital 14 clarifies that software supplied “in exchange for a price, or for personal data used other than exclusively for improving the security, compatibility or interoperability” counts as commercial and is covered. The open-source exemption mirrors the approach in the EU AI Act (Art. 2(12)) but applies specifically to liability, not regulatory obligations.
When Is an AI System “Defective” Under the PLD?
Article 7(1) sets the test: a product is defective “where it does not provide the safety that a person is entitled to expect or that is required under Union or national law.”
Article 7(2) lists the factors courts must consider. For AI, three matter most:
(c) “the effect on the product of any ability to continue to learn or acquire new features after it is placed on the market or put into service.” This is the machine learning provision. If your AI system learns after deployment and that learning makes it less safe, the system can be found defective. Recital 32 is explicit: “a manufacturer that designs a product with the ability to develop unexpected behaviour should remain liable for behaviour that causes harm.”
(f) “relevant product safety requirements, including safety-relevant cybersecurity requirements.” Non-compliance with the AI Act’s safety requirements (Art. 9 risk management, Art. 15 accuracy and cybersecurity) could be evidence of defectiveness under the PLD.
(e) “the moment in time when the product was placed on the market.” For AI systems that learn continuously, Recital 40 states that “where a substantial modification is made […] due to the continuous learning of an AI system, the substantially modified product should be considered to be made available on the market […] at the time that modification is actually made.” This resets the liability clock for continuously learning systems.
The practical challenge: traditional products are defective at manufacture or not at all. AI systems can become defective through learning, through software updates, or through failure to update. Article 11(2) specifically removes the “development risk” defence for defects caused by software updates, lack of necessary updates, or related services within the manufacturer’s control.
How Does the Burden of Proof Work for AI Claims?
This is where the PLD gets its teeth for AI-related harm.
The standard rule (Art. 10(1)) requires the claimant to prove three things: the product was defective, the claimant suffered damage, and the defect caused the damage.
But Article 10 creates three presumptions that shift the burden to the manufacturer:
Presumption of defectiveness (Art. 10(2)): The product is presumed defective if (a) the manufacturer fails to disclose evidence ordered by the court, (b) the product does not comply with mandatory safety requirements, or (c) the damage was caused by “an obvious malfunction.”
Presumption of causation (Art. 10(3)): If defectiveness is established, the causal link is presumed if the damage is “of a kind typically consistent with the defect.”
Complexity presumption (Art. 10(4)): The court presumes defectiveness and/or causation where the claimant faces “excessive difficulties, in particular due to technical or scientific complexity” — and the claimant demonstrates it is “likely” that the product is defective or that there is a causal link.
Recital 48 makes the AI application of this provision unmistakable: “Those factors should include […] the complex nature of the technology used, such as machine learning […] For example, in a claim concerning an AI system, the claimant should, for the court to decide that excessive difficulties exist, neither be required to explain the AI system’s specific characteristics nor how those characteristics make it harder to establish the causal link.”
In plain language: if your AI system hurts someone and they cannot explain exactly how the AI caused the harm — because AI systems are inherently opaque — the court can presume your system was defective. You then have to prove it was not.
Article 9 reinforces this with disclosure of evidence provisions. Courts can order manufacturers to hand over technical documentation, subject to proportionality and trade secret protections. For AI companies, this means the technical documentation required under the AI Act (Art. 11) could be ordered disclosed in PLD proceedings.
What Happened to the AI Liability Directive?
The European Commission proposed the AI Liability Directive (AILD, COM/2022/496) in September 2022. It would have created a complementary fault-based liability regime for AI harm — including a right of access to evidence from AI providers and a rebuttable presumption of causality.
The AILD was withdrawn. The Commission announced the withdrawal in its 2025 Work Programme (February 11, 2025), citing “no foreseeable agreement” among co-legislators. The formal withdrawal was published in the Official Journal on October 6, 2025.
The European Parliament’s JURI Committee considered suing the Commission to force the proposal forward but voted against it in December 2025. A separate JURI study776426_EN.pdf) by Professor Andrea Bertolini (July 2025) recommended strict liability for high-risk AI systems via an EU regulation — but the Commission’s 2026 Work Programme contains no mention of AI liability.
The withdrawal leaves a structural gap. The PLD covers strict liability for defective products — but only for personal injury, property damage, and data loss. It does not cover reputational harm, pure economic loss, or violations of personality rights caused by AI systems. A March 2026 Hamburg court ruling illustrating this gap found Grok’s chatbot operator liable for AI-generated false claims under German personality rights law — a type of harm the PLD does not reach.
As Cristina Frattone argues in Verfassungsblog: the AILD’s main value was procedural (disclosure orders, presumption of causality), and some of those procedural benefits are now in the revised PLD. But the substantive gap in non-product AI liability remains open.
How Do the PLD and the AI Act Work Together?
This is the question most compliance teams have not asked yet — and it is the one that matters most.
The AI Act (Regulation (EU) 2024/1689) is a regulatory compliance framework. It creates obligations for providers, deployers, importers, and distributors of AI systems (see our supply chain guide). Violations result in administrative fines. It is enforced by market surveillance authorities.
The PLD is a civil liability framework. It creates rights for individuals harmed by defective products. It is enforced through private litigation in national courts.
They interact in three ways:
1. AI Act non-compliance can trigger PLD presumptions. Article 10(2)(b) presumes defectiveness where a product “does not comply with mandatory product safety requirements laid down in Union or national law.” The AI Act’s requirements for high-risk AI systems — risk management (Art. 9), data governance (Art. 10), technical documentation (Art. 11), accuracy and cybersecurity (Art. 15) — likely qualify as “mandatory product safety requirements.” A provider that fails its conformity assessment is handing PLD claimants a presumption of defect.
2. AI Act compliance does not create a PLD defence. Passing a conformity assessment means you met the AI Act’s regulatory requirements. It does not mean your product is safe. A high-risk AI system can be fully compliant under the AI Act and still cause harm that makes it “defective” under Art. 7. The two tests are different: the AI Act asks about process compliance; the PLD asks about safety outcomes.
3. Documentation overlaps. The AI Act requires technical documentation (Art. 11), risk management records (Art. 9), and post-market monitoring reports (Art. 72). The PLD’s disclosure provisions (Art. 9) allow courts to order this same documentation disclosed in liability proceedings. This creates both an opportunity and a risk: well-maintained AI Act documentation strengthens your PLD defence. Poorly maintained documentation — or documentation showing known risks that were not mitigated — becomes evidence against you.
Our view: The likely interpretation is that AI Act non-compliance will become the primary evidentiary lever in PLD claims. Claimants will point to failed conformity assessments, missing documentation, or unresolved FRIA findings as evidence of defectiveness under Art. 10(2)(b). This makes AI Act compliance preparation directly relevant to product liability exposure.
What Is the December 2026 Transposition Status?
Member States must transpose Directive 2024/2853 into national law by December 9, 2026. The Directive takes effect for products placed on the market or put into service after that date. The old Directive (85/374/EEC) continues to apply to products placed on the market before then.
The August 2026 AI Act deadline and the December 2026 PLD transposition deadline fall four months apart. Companies preparing for one should prepare for both.
Current transposition status:
| Country | Status | Key Date |
|---|---|---|
| Hungary | Fully transposed (first in EU) | OJ 16 December 2025 |
| Germany | Cabinet-approved bill, in Bundesrat/Parliament | Cabinet 17 December 2025 |
| Netherlands | Bill before House of Representatives | Formal proposal 27 February 2026 |
| Slovak Republic | Draft published, consultation completed | Draft 17 December 2025 |
| Ireland | Government expects to meet deadline | Parliamentary response June 2025 |
| Sweden, Denmark, Finland | Under analysis, no draft bills | ECIPE report March 2026 |
| Belgium | Pending, timeliness concerns raised | OECCBB March 2026 |
| France, Italy, Spain, Poland | No public draft found | — |
Sources: CMS Transposition Time series (January 2026); ECIPE (March 2026); Rijksoverheid (March 2026).
National approaches vary. Germany is creating a standalone new law replacing the Product Liability Act, removing the EUR 85 million liability cap. The Netherlands is doing a “pure one-to-one” transposition integrated into the Civil Code with no gold-plating. Hungary has added limits on the development risk defence for medicinal products. These variations mean that PLD liability exposure will differ across Member States even under the same Directive.
How Does EU Product Liability Compare to the US and UK?
| Dimension | EU (PLD 2024/2853) | US | UK |
|---|---|---|---|
| Framework | Harmonized Directive (strict liability) | State-by-state (mostly strict liability for products, varies for software) | Consumer Protection Act 1987 (strict liability, pre-Brexit EU alignment) |
| Software as product | Explicitly included (Art. 4(1)) | Unsettled — courts split on whether software is a “product” or “service” | Under review (Law Commission considering reform) |
| Burden of proof | Complexity presumption for AI (Art. 10(4)) | Claimant bears full burden; res ipsa loquitur may apply | Claimant bears full burden; no AI-specific provision |
| AI learning | Defect assessment considers post-deployment learning (Art. 7(2)(c)) | No specific provision; common law foreseeability test | No specific provision |
| Data loss | Compensable (Art. 6(1)(c)) | Varies by state; generally not covered under product liability | Not specifically covered |
| Disclosure | Court-ordered (Art. 9) | Broad discovery rules (more extensive than EU) | Standard disclosure rules |
| Open-source exemption | Non-commercial only (Art. 2(2)) | No statutory exemption; common law unclear | No specific provision |
For multinational companies, the EU’s revised PLD is the most AI-specific product liability framework in the world. The complexity presumption (Art. 10(4)), the AI learning provision (Art. 7(2)(c)), and the data loss compensation (Art. 6(1)(c)) have no direct equivalents in US or UK law. Companies operating across jurisdictions face the EU standard as their highest compliance bar.
What Should You Do Before December 2026?
1. Audit your AI products for PLD exposure. Identify every AI system your organization places on the EU market. For each, assess: can it cause personal injury, property damage, or data destruction? Does it learn or update after deployment? If yes to either, you have PLD exposure.
2. Align AI Act and PLD compliance processes. The AI Act’s technical documentation (Art. 11) will be the first thing a court orders disclosed in a PLD claim (Art. 9). Make sure your documentation is complete, accurate, and maintained — because it will serve both regimes.
3. Review your insurance coverage. Does your product liability insurance cover AI software defects? Does it cover data destruction claims? Does it cover the complexity presumption (where defectiveness is presumed and you must prove otherwise)? Most pre-2024 product liability policies were written for physical goods. Update them.
4. Map your supply chain liability. Under the PLD, manufacturers, importers, and distributors all face potential liability. If you use third-party AI components, Article 4(4) defines “component” to include “any item, whether tangible or intangible.” Your supplier’s AI model is a component of your product. Contractual allocation between supply chain partners does not affect the injured person’s rights (Art. 15), but it determines who ultimately bears the cost.
5. Prepare for disclosure orders. Article 9 allows courts to order you to disclose technical evidence “in an easily accessible and easily understandable manner.” For AI systems, this means you should be able to explain your system’s design, training data choices, risk assessment, and monitoring results to a non-technical judge. If you cannot do this today, start building that capability.
6. Monitor national transposition. The Directive sets minimum requirements, but Member States can add provisions. Germany is removing the liability cap. Hungary is adjusting the development risk defence. Track the transposition in every Member State where you sell AI products.
What Happens Next?
The December 9, 2026 transposition deadline is 244 days away. After that date, every AI system placed on the EU market is a “product” under the PLD. Individuals harmed by defective AI can sue manufacturers for compensation under a strict liability regime — no need to prove fault, and in complex cases, no need to prove exactly how the AI caused the harm.
The first PLD claims involving AI systems will likely appear in 2027 or 2028, once the Directive is transposed and applied to products placed on the market after December 2026. The interaction between AI Act compliance evidence and PLD defectiveness claims will be tested in national courts. The Hamburg Grok case (March 2026) shows that courts are already willing to hold AI operators liable for AI-generated harm — even without the PLD.
Compliance teams preparing for August 2026 should extend their planning to December 2026. The two deadlines are separated by four months. The preparation overlaps significantly. And the liability exposure under the PLD — where injured individuals can claim direct compensation, including for data loss — may ultimately prove more consequential than the regulatory fines under the AI Act.
Disclaimer: This content is for informational purposes only and does not constitute legal advice. The Product Liability Directive is a Directive, meaning its final form depends on national transposition by each Member State. Organizations should consult jurisdiction-specific legal counsel for compliance planning. Reg Intel is not a law firm and does not provide legal services.
Last verified: April 9, 2026
Sources
Official Sources
- Directive (EU) 2024/2853 — Product Liability Directive, OJ L, 18 November 2024
- AILD Withdrawal — EAPIL Confirmation, 9 October 2025
- EP JURI Study — AI and Civil Liability776426_EN.pdf) (PE 776.426, Prof. Andrea Bertolini, July 2025)
- Commission Work Programme 2026, 21 October 2025
Analysis and Commentary
- Cristina Frattone, “Anatomy of a Fall: AIACT-AILD-PLD”, Verfassungsblog, 6 May 2025
- Deimante Rimkute, “AI Liability After the AILD Withdrawal”, Oxford Law Blog, 1 April 2025
- Bird & Bird, “AI Liability in light of the new 2024 PLD,” Lexology, 17 February 2026
- Reed Smith, “EU’s new PLD: compliance failures now drive product liability risk,” 29 December 2025
- Gibson Dunn, “EU PLD: Responding to Software, AI and Complex Supply Chains,” 23 March 2026
- Euractiv, “Parliament won’t take Commission to court for ditching AI liability law”, 3 December 2025
- OECD AI Incidents Monitor, Hamburg Grok chatbot case, 11 March 2026
- CMS Transposition Time series, January 2026
- ECIPE — Transposing the PLD in Nordic Countries, March 2026
- Greenberg Traurig, “New German Product Liability Regime”, 16 January 2026
Compare: EU vs China
For the global keystone comparison across twelve dimensions — algorithm filing vs conformity assessment, content moderation conflicts, asymmetric extraterritoriality, enforcement philosophy, and a five-step dual-market compliance baseline — see EU vs China AI Regulation: Two Systems, Two Philosophies (2026).
Compare: EU vs South Korea
For the global keystone comparison across twelve dimensions — high-impact vs high-risk classification, mandatory vs voluntary conformity, KRW 30M vs €35M penalties, Korea’s innovation chapter, and a five-step dual-market compliance baseline — see EU vs South Korea AI Act: High-Impact vs High-Risk Compared (2026).