Product Liability - Relevant Articles
Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products and repealing Council Directive 85/374/EEC (Product Liability Directive). The Directive applies to products placed on the market or put into service after 9 December 2026. It expressly makes software a product, names data loss as an independent ground for liability, and removes the cap on total liability.
The articles reproduced below are particularly relevant for manufacturers and integrators of open source software: the definition of product, manufacturer, and component, the extended categories of damage, the tightened burden of proof, and the rules on liability of multiple economic operators. The basis is the official English wording of the Directive.
Anwendungsbereich (Art. 2) #
The Directive applies to all products placed on the market after 9 December 2026. Free and open source software outside the course of a commercial activity is expressly excluded — in parallel with the FOSS carve-out of the CRA. However, once open source components are integrated or distributed in the course of a commercial activity, the Directive applies.
Art. 2 Abs. 1 #
1. This Directive shall apply to products placed on the market or put into service after 9 December 2026.
Art. 2 Abs. 2 #
2. This Directive does not apply to free and open-source software that is developed or supplied outside the course of a commercial activity.
Begriffsbestimmungen (Art. 4) #
Art. 4 defines the central terms of the Directive. The definition of "product" is of particular significance for software: software is expressly included. The terms "component", "manufacturer", and "manufacturer's control" are also directly relevant for open source integrators, as they determine who is liable for which parts of a product.
Art. 4 Nr. 1 - Produkt #
(1) 'product' means all movables, even if integrated into, or inter-connected with, another movable or an immovable; it includes electricity, digital manufacturing files, raw materials and software;
Art. 4 Nr. 3 - Verbundener Dienst #
(3) 'related service' means a digital service that is integrated into, or inter-connected with, a product in such a way that its absence would prevent the product from performing one or more of its functions;
Art. 4 Nr. 4 - Komponente #
(4) 'component' means any item, whether tangible or intangible, raw material or related service, that is integrated into, or inter-connected with, a product;
Art. 4 Nr. 5 - Kontrolle des Herstellers #
(5) 'manufacturer's control' means that: (a) the manufacturer of a product performs or, with regard to actions of a third party, authorises or consents to: (i) the integration, inter-connection or supply of a component, including software updates or upgrades; or (ii) the modification of the product, including substantial modifications; (b) the manufacturer of a product has the ability to supply software updates or upgrades, themselves or via a third party;
Art. 4 Nr. 10 - Hersteller #
(10) 'manufacturer' means any natural or legal person who: (a) develops, manufactures or produces a product; (b) has a product designed or manufactured, or who, by putting their name, trademark or other distinguishing features on that product, presents themselves as its manufacturer; or (c) develops, manufactures or produces a product for their own use;
Recht auf Schadensersatz (Art. 5) #
Art. 5 establishes the right to compensation for any natural person who suffers damage from a defective product. Successors in interest and consumer protection bodies acting on behalf of injured persons are also entitled to claim.
Art. 5 #
1. Member States shall ensure that any natural person who suffers damage caused by a defective product (the 'injured person') is entitled to compensation in accordance with this Directive. 2. Member States shall ensure that claims for compensation pursuant to paragraph 1 may also be brought by: (a) a person that succeeded, or was subrogated, to the right of the injured person by virtue of Union or national law or contract; or (b) a person acting on behalf of one or more injured persons by virtue of Union or national law.
Schaden (Art. 6) #
Art. 6 significantly expands the compensable damage. In addition to death, personal injury, and property damage, destruction or corruption of data is now an independent ground for liability, provided the data is not used exclusively for professional purposes. For software manufacturers, this is the most materially significant expansion compared to the old Directive 85/374/EEC.
Art. 6 #
1. The right to compensation pursuant to Article 5 shall apply in respect of only the following types of damage: (a) death or personal injury, including medically recognised damage to psychological health; (b) damage to, or destruction of, any property, except: (i) the defective product itself; (ii) a product damaged by a defective component that is integrated into, or inter-connected with, that product by the manufacturer of that product or within that manufacturer's control; (iii) property used exclusively for professional purposes; (c) destruction or corruption of data that are not used for professional purposes. 2. The right to compensation pursuant to Article 5 shall cover all material losses resulting from the damage referred to in paragraph 1 of this Article. The right to compensation shall also cover non-material losses resulting from the damage referred to in paragraph 1 of this Article, in so far as they can be compensated for under national law.
Fehlerhaftigkeit (Art. 7) #
Art. 7 defines when a product is to be considered defective. Relevant for software: expressly mentioned are the effects of learning systems, the behaviour in connection with other products, and the safety-relevant cybersecurity requirements (point (f)) — the interface to CRA conformity.
Art. 7 #
1. A product shall be considered defective where it does not provide the safety that a person is entitled to expect or that is required under Union or national law. 2. In assessing the defectiveness of a product, all circumstances shall be taken into account, including: (a) the presentation and the characteristics of the product, including its labelling, design, technical features, composition and packaging and the instructions for its assembly, installation, use and maintenance; (b) reasonably foreseeable use of the product; (c) the effect on the product of any ability to continue to learn or acquire new features after it is placed on the market or put into service; (d) the reasonably foreseeable effect on the product of other products that can be expected to be used together with the product, including by means of inter-connection; (e) the moment in time when the product was placed on the market or put into service or, where the manufacturer retains control over the product after that moment, the moment in time when the product left the control of the manufacturer; (f) relevant product safety requirements, including safety-relevant cybersecurity requirements; (g) any recall of the product or any other relevant intervention relating to product safety by a competent authority or by an economic operator as referred to in Article 8; (h) the specific needs of the group of users for whose use the product is intended; (i) in the case of a product whose very purpose is to prevent damage, any failure of the product to fulfil that purpose. 3. A product shall not be considered to be defective for the sole reason that a better product, including updates or upgrades for a product, has already been or is subsequently placed on the market or put into service.
Haftende Wirtschaftsakteure (Art. 8) #
Art. 8 regulates the concept of manufacturer in the liability chain. Manufacturers include both the manufacturers of the product itself and the manufacturers of defective components where these were integrated within the product manufacturer's control. Paragraph 2 expressly covers anyone who substantially modifies an existing product and subsequently makes it available — they are considered a new manufacturer.
Art. 8 Abs. 1 #
1. Member States shall ensure that the following economic operators are liable for damage in accordance with this Directive: (a) the manufacturer of a defective product; (b) the manufacturer of a defective component, where that component was integrated into, or inter-connected with, a product within the manufacturer's control and caused that product to be defective, and without prejudice to the liability of the manufacturer referred to in point (a); and (c) in the case of a manufacturer of a product or a component established outside the Union, and without prejudice to the liability of that manufacturer: (i) the importer of the defective product or component; (ii) the authorised representative of the manufacturer; and (iii) where there is no importer established within the Union or authorised representative, the fulfilment service provider. The liability of the manufacturer referred to in the first subparagraph, point (a), shall also cover any damage caused by a defective component where it was integrated into, or inter-connected with, a product within that manufacturer's control.
Art. 8 Abs. 2 #
2. Any natural or legal person that substantially modifies a product outside the manufacturer's control and thereafter makes it available on the market or puts it into service shall be considered to be a manufacturer of that product for the purposes of paragraph 1.
Offenlegung von Beweismitteln (Art. 9) #
Art. 9 obliges defendants to disclose relevant evidence where the claimant sufficiently supports the plausibility of their claim. For software manufacturers, this amounts to a de facto documentation obligation: SBOMs, development records, test logs, and vulnerability histories can be demanded in litigation.
Art. 9 Abs. 1 #
1. Member States shall ensure that, at the request of a person who is claiming compensation in proceedings before a national court for damage caused by a defective product (the 'claimant') and who has presented facts and evidence sufficient to support the plausibility of the claim for compensation, the defendant is required to disclose relevant evidence that is at the defendant's disposal, subject to the conditions set out in this Article.
Beweislast (Art. 10) #
Art. 10 significantly tightens the burden of proof for manufacturers. Defectiveness is presumed where the defendant fails to disclose evidence, where the product does not comply with mandatory safety requirements, or where an obvious malfunction is demonstrated. In technically or scientifically complex cases (particularly software), the court may even presume defectiveness without full proof if likelihood is sufficient.
Art. 10 #
1. Member States shall ensure that a claimant is required to prove the defectiveness of the product, the damage suffered and the causal link between that defectiveness and that damage. 2. The defectiveness of the product shall be presumed where any of the following conditions are met: (a) the defendant fails to disclose relevant evidence pursuant to Article 9(1); (b) the claimant demonstrates that the product does not comply with mandatory product safety requirements laid down in Union or national law that are intended to protect against the risk of the damage suffered by the injured person; or (c) the claimant demonstrates that the damage was caused by an obvious malfunction of the product during reasonably foreseeable use or under ordinary circumstances. 3. The causal link between the defectiveness of the product and the damage shall be presumed where it has been established that the product is defective and that the damage caused is of a kind typically consistent with the defect in question. 4. A national court shall presume the defectiveness of the product or the causal link between its defectiveness and the damage, or both, where, despite the disclosure of evidence in accordance with Article 9 and taking into account all the relevant circumstances of the case: (a) the claimant faces excessive difficulties, in particular due to technical or scientific complexity, in proving the defectiveness of the product or the causal link between its defectiveness and the damage, or both; and (b) the claimant demonstrates that it is likely that the product is defective or that there is a causal link between the defectiveness of the product and the damage, or both. 5. The defendant shall have the right to rebut any of the presumptions referred to in paragraphs 2, 3 and 4.
Haftungsausschluss (Art. 11) #
Art. 11 lists the grounds for exemption from liability. Paragraph 2 is decisive for software: the so-called "development risk defence" (para. 1(e)) does not apply where defectiveness is attributable to a related service, to software or software updates, or to the absence of security-relevant updates. Those who fail to provide updates can no longer invoke the state of the art.
Art. 11 Abs. 1 #
1. An economic operator as referred to in Article 8 shall not be liable for damage caused by a defective product if that economic operator proves any of the following: (a) in the case of a manufacturer or importer, that it did not place the product on the market or put it into service; (b) in the case of a distributor, that it did not make the product available on the market; (c) that it is probable that the defectiveness that caused the damage did not exist at the time the product was placed on the market, put into service or, in the case of a distributor, made available on the market, or that that defectiveness came into being after that moment; (d) that the defectiveness that caused the damage is due to compliance of the product with legal requirements; (e) that the objective state of scientific and technical knowledge at the time the product was placed on the market or put into service or during the period in which the product was within the manufacturer's control was not such that the defectiveness could be discovered; (f) in the case of a manufacturer of a defective component, as referred to in Article 8(1), first subparagraph, point (b), that the defectiveness of the product in which that component has been integrated is attributable to the design of that product or to the instructions given by the manufacturer of that product to the manufacturer of that component; (g) in the case of a person that modifies a product as referred to in Article 8(2), that the defectiveness that caused the damage is related to a part of the product not affected by the modification.
Art. 11 Abs. 2 #
2. By way of derogation from paragraph 1, point (c), an economic operator shall not be exempted from liability where the defectiveness of a product is due to any of the following, provided that it is within the manufacturer's control: (a) a related service; (b) software, including software updates or upgrades; (c) a lack of software updates or upgrades necessary to maintain safety; (d) a substantial modification of the product.
Haftung mehrerer Wirtschaftsakteure (Art. 12) #
Art. 12 establishes joint and several liability of multiple economic operators. The former cap on total liability from Directive 85/374/EEC is thereby abolished — there is no longer any ceiling on total liability. Paragraph 2 contains a special rule for microenterprises and small enterprises that supply software as a component: under certain conditions, there is no right of recourse against them.
Art. 12 #
1. Without prejudice to national law concerning rights of contribution or recourse, Member States shall ensure that where two or more economic operators are liable for the same damage pursuant to this Directive, they can be held liable jointly and severally. 2. A manufacturer that integrates software as a component in a product shall not have a right of recourse against the manufacturer of a defective software component that causes damage where: (a) the manufacturer of the defective software component was, at the time of the placing on the market of that software component, a microenterprise or a small enterprise, meaning an enterprise that, when assessed together with all of its partner enterprises as defined in Article 3(2) of the Annex to Commission Recommendation 2003/361/EC and linked enterprises as defined in Article 3(3) of that Annex, if any, is a microenterprise as defined in Article 2(3) of that Annex or a small enterprise as defined in Article 2(2) of that Annex; and (b) the manufacturer that integrated the defective software component in the product contractually agreed with the manufacturer of the defective software component to waive that right.
Verjährung und Ausschlussfristen (Art. 16, 17) #
Art. 16 sets a three-year limitation period from knowledge of the damage, defectiveness, and manufacturer. Art. 17 extends the absolute expiry period to ten years from placing on the market — in the case of substantial modifications, the period starts anew. For personal injuries with long latency, an extended period of 25 years applies.
Art. 16 - Verjährungsfrist #
1. Member States shall ensure that a limitation period of three years applies to the initiation of proceedings to claim compensation for damage falling within the scope of this Directive. The limitation period shall run from the day on which the injured person became aware, or should reasonably have become aware, of all of the following: (a) the damage; (b) the defectiveness; (c) the identity of the relevant economic operator that can be held liable for that damage under Article 8.
Art. 17 - Ausschlussfrist #
1. Member States shall ensure that an injured person is no longer entitled to compensation pursuant to this Directive upon the expiry of a period of 10 years, unless that injured person has, in the meantime, initiated proceedings against an economic operator that can be held liable pursuant to Article 8. That period shall run from: (a) the date on which the defective product which caused the damage was placed on the market or put into service; or (b) in the case of a substantially modified product, the date on which that product was made available on the market or put into service following its substantial modification. 2. By way of exception from paragraph 1, where an injured person has not been able to initiate proceedings within 10 years of the dates referred to in paragraph 1 due to the latency of a personal injury, the injured person shall no longer be entitled to compensation pursuant to this Directive upon the expiry of a period of 25 years, unless that injured person has, in the meantime, initiated proceedings against an economic operator that can be held liable pursuant to Article 8.
Vollständiger Gesetzestext #
The full text of Directive (EU) 2024/2853 is available as a PDF in the download area: Download Product Liability Directive.